NACD Director's Handbook on Cyber-Risk Oversight

In brief:  Cybersecurity is a significant enterprise-wide strategy and risk issue that affects virtually all levels of an organization’s operating activities. Several characteristics combine to make the nature of the threat especially formidable: its complexity and speed of evolution; the potential for significant financial, competitive, and reputational damage; and the fact that total protection is an unrealistic objective.

The NACD Director’s Handbook on Cyber-Risk Oversight is built around five core principles that are applicable to board members of public companies, private companies, and nonprofit organizations of all sizes and in every industry sector.  The Handbook was the first non-government resource to be featured on the U.S. Department of Homeland Security’s US-CERT C3 Voluntary Program website.

How directors can use this resource:

  • Learn foundational principles for board-level cyber-risk oversight that have been vetted and praised by cybersecurity leaders in the public and private sectors.
  • Gain insight into issues including how to allocate cyber-risk oversight responsibilities at the board level; legal implications and considerations related to cybersecurity; how to set expectations with management about the organization’s cybersecurity processes; and ways to improve the dialogue between directors and management on cyber issues.
  • Use the tools in the 9 appendices to improve and enhance boardroom practices.

Most relevant audiences:  Board members of public companies, private companies, and nonprofit organizations, as well as executives who interact with the board on cybersecurity-related matters.

For more information on our online Cyber-Risk Oversight Course, click here.