Questions for the Board to Ask Management about Cybersecurity

By NACD Staff


Cybersecurity Questionnaire

In brief: Produced with the NACD Director’s Handbook on Cyber-Risk Oversight, these questions are designed to guide directors as they work to strengthen oversight of their company’s cybersecurity. Questions are focused on the following areas of cybersecurity oversight: situational awareness, strategy and operations, insider threats, supply-chain and third-party risks, incident response, and post-cybersecurity incident review.

This resource can help your board

  • Improve cybersecurity-related communications from management.

  • Assess the company’s vulnerabilities and strengthen its cybersecurity posture according to leading practices.

  • Respond appropriately in the case of a cyber incident.

Most relevant audiences: risk committee members, audit committee members, and chief information security officers

Member-Only Content

For full access, please log in, or explore membership options.