Search Results

Personal Cybersecurity Protection Guide for Corporate Directors

A cybersecurity guide for board directors and executives highlighting risks associated with their high-profile status, common threats, and protective measures for personal security.

Virtual I Cyber Risk Protection

NACD Cyber Products & Services

Learn about NACD Cyber products and services for boards and corporate directors, including cyber eduction, AI, and risk assessments

CERT Certificate in Cyber-Risk Oversight Program

Gain crucial skills in governance cybersecurity with CERT Certificate in Cyber Risk consisting of seven modules, a cyber-crisis simulation exercise and exams.

Fall 2021 Risk Oversight Advisory Council Meeting Brief

In the fall of 2021, NACD, with PwC, Sidley Austin, and the Center for Audit Quality, brought together risk and audit committee chairs from Fortune 500 companies to discuss and understand recent key Delaware Chancery Court decisions and the implications for board oversight of mission-critical risks. They also discussed the board’s role in cybersecurity, the ways in which boards structure their cyber-risk oversight, and the reporting they receive from management about risk.

Principles for Board Governance of Cyber Risk

These organizations came together to build a set of consensus principles that recognized up-to-date techniques for cyber-risk governance. Building off existing cyber-risk oversight guidance that is captured in the NACD-ISA Handbook for US company directors, and through an iterative development process, this group developed six consensus principles for cybersecurity board governance.

Survey Results Part One: Board Directors Have Work To Do on Cybersecurity

Explore how corporate boards are increasing cyber-risk expertise to address knowledge gaps, based on insights from 472 directors.

The State of Cyber-Risk Disclosures of Public Companies

This paper, produced by SecurityScorecard, National Association of Corporate Directors (NACD), Cyber Threat Alliance, IHS Markit, and Diligent, offers companies, their management teams, and boards specific examples of both ineffective and effective disclosures of cyber-risks.

Questions for the Board to Ask Management about Cybersecurity

Learn how the board can strengthen oversight of cyber-security by asking good questions of management.

Sample Cybersecurity Performance Dashboard

This tool provides various dashboards for boards to use when considering the organization’s cyber-risk management plan.

Survey Results Part Two: Directors Must Drive Cybersecurity Improvements

NACD and WSJ Pro collaborated to survey board directors on how directors and management oversee cybersecurity and preparedness for cyberattacks.

The SEC and Boards’ Search for Cybersecurity Expertise

Cybersecurity is in the spotlight among boards of directors, with long-anticipated US Securities and Exchange Commission rules expected to make a significant impact if passed. Security incidents typically trigger full-board involvement in cyber-risk oversight, but if new stringent SEC rules pass, cybersecurity may figure more prominently on board agendas.

How Board Members Can Help Align Security and the Business

When the SolarWinds Corp. cyberattack was discovered at the end of 2020, it sent a shock wave through security teams across the world. Organizations should elevate the cybersecurity discussion so that the board and its leaders are more involved in helping secure the business.

Cyber-Risk Oversight Amid Russia-Ukraine Tensions

Katie Swafford discusses the cybersecurity implications of potential Russian agression towards Ukraine while outlining steps boards can take to check their organization's cybersecurity readiness amid geopolitical tensions.

Five Key Analytics Categories to Assess Cyber Exposure

These categories of data and analytics are vital to tracking exposure and resilience and to informing the board's cyber-risk dashboard.

The Growing Imbalance in Worldwide Cyber Warfare

Nora Denzel reveals what she learned from her interview with New York Times journalist Nicole Perlroth during NACD's first Cybersecurity Continuous Learning Cohort in June.

The Cyber-Risk Data Gap Threatens Insurance Offerings

Cyber insurance can be a great a way to guard companies from financial loss as a result of cyberattacks, but it has become more expensive and the breadth of coverage reduced in recent months. One of the culprits? A lack of data.

Navigating the New Cyber-Threat Landscape: Zero Trust Risk Measurement and Mitigation Best Practices

To avoid cyber-risk oversight missteps, boards can focus on their organizations' threat exposure, risk measurement, risk mitigation, and attack prevention with zero trust best practices in mind.

Challenge Everything, Trust Nothing: What Boards Should Know About Zero Trust

Traditional enterprise security models rely on trust, but zero trust is a more effective solution for preserving enterprise cybersecurity. Here's what boards should know.

Colonial Pipeline Cyberattack Fuels Questions, Comments, and Concerns

NACD offers four questions boards can ask in light of the cyberattack on Colonial Pipeline Co., as well as insight from Nora M. Denzel, board member at AMD, Ericsson, NortonLifeLock, and more.

One Year In: Crises Continue to Call for Cyber Resilience

When cybersecurity programs and the controls they implement are rigid, centralized, and hierarchical, they become fragile. One year into the pandemic, these are several ways companies can add agility into their programs.

Improve Cyber-Risk Measurement Through Scenario-Scoping

What is cyber-risk quantification and how can measuring cyber risk help your organization? Here are some considerations and approaches for boards.

To Tame Risk, Strengthen the Board-CISO Relationship

Technology, cybersecurity threats, and the role of the CISO are ever-changing—which is why NACD and Accenture Security met with a group of directors at a recent roundtable event to discuss the related implications for boards.