Director’s Handbook on Cyber-Risk Oversight 

Structure oversight of ransomware preparedness and response, by focusing on risk governance, scenario planning, and decision-making under pressure.

Learn a strategic path for overseeing and strengthening an organization’s incident response (IR) capabilities over four core pillars.

Gather cybersecurity-related questions the director should consider in discussions within the board, with management, and with other interlocutors regarding emerging technologies and their impact on the organization’s strategy.

Explore an overview of anticipated impacts and applications of quantum technologies, and collect suggested cybersecurity-related questions for board members to discuss with management as the technology matures and transitions into the marketplace.

Review information to help successfully understand rapidly evolving AI capabilities, the risks and opportunities of AI investments, and provide the leadership, governance, and oversight that will enable the business to thrive in the age of AI.

Obtain a structured approach to governance of cloud use, focusing on oversight of vendor selection, shared responsibility, and measurable risk management.

Understand the definition of insider threat, the categories of insider incidents, types of insider threat actors and the board’s responsibilities with specific actions they can perform to ensure executive management is adequately addressing insider threats.

Collect questions to ask to ensure that key components of third-party and supply chain risk management are being managed effectively.

Assess cybersecurity risks at key stages of a merger or acquisition transaction and compile suggested questions for board members to discuss with management at each stage.

Discover how boards can strengthen relationships with cyber-risk leaders to promote strategic integration, resiliency, transparency, accountability, and trust.

Analyze how directors can leverage key cybersecurity metrics to evaluate organizational performance, benchmark against industry practices, and fulfill their fiduciary duties.

Examine examples of foundational practices and metrics boards may leverage to determine the soundness of cyber-risk oversight during regularly scheduled cybersecurity briefings.

Consider these questions in preparing a proxy statement or other disclosures related to the board’s oversight of cybersecurity.

This boardroom tool provides practical, actionable steps to minimize directors’ personal risk exposure, reduce corporate risk exposure, and strengthen resilience against sophisticated cyber threats. 

This tool covers actions the Federal Bureau of Investigation (FBI) and US Department of Justice (DOJ) can take against cyber actors, and when and how to report a cyber incident.