Governance Surveys
Directorship Magazine
2025 Private Company Board Practices Oversight Survey
Data Pack: Cybersecurity
Which of the following practices have you or your board conducted over the past 12 months to gain a better understanding of cyber-risks facing the organization?
|
Cyber-Risk Oversight Practices |
Value |
|
Participated in individual-director educational activities (attending webinars, classes, conferences, etc.) to learn more about how cyber-related issues could affect the business |
67.44% |
|
Communicated with management about the types of cyber-risk information the board requires |
65.12% |
|
Leveraged external advisors (e.g., consultants, law enforcement, or other government agencies) to understand the risk environment |
52.33% |
|
Leveraged internal advisors, such as internal audit or the general counsel, for in-depth briefings |
44.19% |
|
Attended full-board education events on cyber risk |
27.91% |
|
|
n=86 |
This table comes from the Cybersecurity section of the 2025 NACD Private Company Board Practices and Oversight Survey.