Questions Directors Can Ask to Assess the Board’s “Cyber Literacy”

In brief: Cybersecurity should be considered an enterprise-wide, cross-departmental issue that is integrated into full-board discussions. As directors’ responsibilities around cybersecurity increase, boards should ensure they are providing adequate cyber-risk oversight. Produced in the NACD Director’s Handbook on Cyber-Risk Oversight, these questions provide boards with a template for assessing their cyber literacy.

This resource can help your board

• Determine the company’s most valuable assets and how to protect them.

• Consider investments in cybersecurity and cyber insurance.

• Create lines of accountability/responsibility for cybersecurity.

Most relevant audiences: the full board, general counsel, risk committee members, and audit committee members

1. What do we consider our most valuable assets? How does our IT system interact with those assets? Do we believe we can ever fully protect those assets?

2. Do we think there is adequate protection in place if someone wanted to get at or damage our corporate “crown jewels”? What would it take to feel confident that those assets were protected?

3. Are we investing enough so that our corporate operating and network systems are not easy targets for a determined hacker?

The focus on the board’s compensation committee has never been sharper. The components of compensation plans and the link between compensation and company performance are under intense scrutiny from shareholders, employees, policymakers, the media, and other stakeholders. The Report of the NACD Blue Ribbon Commission on the Compensation Committee revisits NACD’s 2003 Report of the NACD Blue Ribbon Commission on Executive Compensation to highlight the new environment in which compensation committees—and, more broadly, boards—are now operating. It recommends that the compensation committee and board work together to establish an executive compensation philosophy that supports the company in creating long-term, sustainable value.

The report includes ten specific recommendations for compensation committees to consider when evaluating their compensation philosophies. It also provides practical tools, such as sample compensation committee charters, a compensation committee assessment, and guidance on executive employment contracts.