NACD Director's Handbook on Cyber-Risk Oversight

In brief:  Cybersecurity is now a major strategic and enterprise risk matter that affects how companies operate, innovate and create value. Several characteristics combine to make the nature of the threat especially formidable: its complexity and speed of evolution; the potential for significant financial, competitive, and reputational damage; and the fact that total protection is an unrealistic objective. 

The NACD Director’s Handbook on Cyber-Risk Oversight is built around five core principles that are applicable to boards of public companies, private companies, and nonprofit organizations of all sizes and in every industry sector. The Handbook was the first non-government resource to be featured on the U.S. Department of Homeland Security’s US-CERT C3 Voluntary Program website.

How directors can use this resource:

  • Learn foundational principles for board-level cyber-risk oversight that have been vetted and praised by cybersecurity leaders in the public and private sectors.
  • Gain insight into issues including how to allocate cyber-risk oversight responsibilities at the board level; legal implications and considerations related to cybersecurity; how to set expectations with management about the organization’s cybersecurity processes; and ways to improve management reporting on cyber issues.
  • Apply and customize a large collection of tools to improve and enhance boardroom practices. Tools focus on specific elements of cyber-risk, such as insider threats, third-party exposure, M&A due diligence, and effective risk disclosure 

Most relevant audiences: Board members of public companies, private companies, and nonprofit organizations, as well as executives who interact with the board on cybersecurity-related matters.

For more information on our online Cyber-Risk Oversight Course, click here.