Board-Level Cybersecurity Metrics

In brief: Produced in the NACD Director’s Handbook on Cyber-Risk Oversight, this tool provides guiding principles for board-level metrics and recommendations for the types of cybersecurity metrics the board should request from management.

This resource can help your board

  • Define for management which cybersecurity information is most relevant to the board.
  • Obtain from management concise, reader-friendly board-level cybersecurity metrics that promote dialogue.
  • Gain strategic insight into the company’s cybersecurity program. 

Most relevant audiences: the full board, risk committee members, audit committee members, and the chief information security officer