Cyber-Risk Oversight Resource Center

Cyber-Risk Oversight Resource Center

This resource center is a repository for all NACD content, services, and events related to the fast-moving and complex issue of cybersecurity oversight. Here you will find practical guidance, tools, and analyses tailored to the full board, relevant committees, and individual directors.

Videos and Webinars

Cybersecurity and Digital Transformation: The Audit Committee Perspective Post-SolarWinds, What’s Next for Cybersecurity? The Year Ahead in Cybersecurity: Key Issues for Directors ESG & Cybersecurity: How Boards Can Respond to Investor Concerns How to Lock Up a Cloud: Challenges in Changing Technology and Cyber Risk

Understand the Changing Cyber Threat Landscape

An Update on the State of the U.S. Securities and Exchange Commission’s Approach to Cyber Risk (NACD, Cyber Threat Alliance, and SecurityScorecard) Cyber-Risk Oversight Amid Russia-Ukraine Tensions Cyber-Risk Oversight Is Evolving: Are Directors Ready? Four Lessons on the Cybersecurity Landscape from Summit Experts The Growing Imbalance in Worldwide Cyber Warfare Principles for Board Governance of Cyber Risk (NACD, ISA, and the World Economic Forum) NACD Director’s Handbook on Cyber-Risk Oversight (2020 Edition) 2021 Cyber Threat Intelligence Report (Accenture) Ransomware Response and Recovery (Accenture) Colonial Pipeline Attack Fuels Questions, Comments, and Concerns Cyber Resilience 2.0: Experts Talk Ransomware, Supply-Chain Risk, and Cloud Security Financial Exposure and Cyber Risk Conversations 10 Questions for a Board Member to Ask About Cybersecurity SolarWinds Supply-Chain Attack Besets Boards with Implications Managing Insider Risk in the Era of Remote Work NSA Cybersecurity Alert Prompts the Question: Is Your Organization at Risk? Considerations for Emerging Technology Innovating at Speed and Scale With Implicit Security (Accenture) Communication is the Answer to Cyber Threats in a Crisis (Accenture) Consider Data Use Before an Incident Occurs

Develop the Appropriate Board Oversight Structure and Practices

Why the CEO and Board Need to Prioritize Security Crisis Management Eight Questions to Frame Data Privacy Discussions in the Boardroom 2021 Turbulence Connects Credit Ratings With Cyber Ratings and Insurance How Transparent Is Your Audit Committee? Three Reasons to Increase Disclosures How to Make Your Organization a 'Cyber Champion' Four Steps to Analyze Ransomware Risk and Protect Critical Assets One Year In: Crises Continue to Call for Cyber Resilience Sample Cybersecurity Performance Dashboard The State of Cyber-Risk Disclosures of Public Companies Investors Are Worried About Cybersecurity: What Boards Should Do Preparing the Board to Go Beyond the Digital Frontier Cyber-Risk Oversight Handbook: Principles and Practices for Corporate Boards Board Oversight of Data Privacy Oversight of Cyber Risks in a Complex Regulatory Environment

Assess the Effectiveness of the Cybersecurity Program

The Cyber-Risk Data Gap Threatens Insurance Offerings What Boards Should Know About Zero Trust The Corporate Director’s Guide to Managed Cybersecurity Services (Accenture) Personal Cybersecurity for Board Members Enhancing Cybersecurity Oversight Disclosures—10 Questions for Boards Building a Relationship with the CISO Board-Level Cybersecurity Metrics Cybersecurity Considerations During M&A Phases—Mergers and Acquisitions Incident Response Tool The Cyber-Insider Threat—a Real and Ever-Present Danger Assessing the Board’s Cyber-Risk Oversight Effectiveness Cyber-Risk Oversight Handbook: Principles and Practices for Corporate Boards Understanding the Post-Breach Process Making the Right Investments for Cyber Resilience (Accenture)

Ensure Effective Management Reporting

Improve Cyber-Risk Measurement Through Scenario-Scoping Board-Level Cybersecurity Metrics Sample Cyber-Risk Dashboards What Directors Should Look for In Their Cybersecurity Briefing Getting the Right Metrics and Reports for Your Board Questions Directors Should Ask Management During a Breach

Cyber Risk Oversight Certificate

Earn the CERT Certificate in Cybersecurity Oversight, issued by NACD and Carnegie Mellon University

Understand Relevant Legal and Compliance Implications

Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (SEC Comment Letter) America’s Path to Cyber Resilience (Accenture) Still Burning: The Battle to Fight Cybersecurity Fire US 2021 Cyber Agenda May Affect Liability, Disclosure, and Enforcement Regulatory and Cybersecurity Responsibilities Intersect for Boards California Consumer Privacy Act (CCPA) Factsheet Keep Up with Expectations About Data Privacy What Boards Should Know About the GDPR The Board’s Role in Data Privacy Oversight


Cyber-Risk Oversight Certificate Master Class NACD Summit

Understand Public-Private Partnership

Heads Up, Boards: The Executive Order on Cybersecurity Needs Your Attention Report an Incident to Cybersecurity and Infrastructure Security Agency (CISA) Learn About CISA’s Joint Cyber Defense Collaborative U.S. Secret Service’s Cyber Fraud Task Forces: Defending American Financial Infrastructure Understand the FBI’s Cyber Investigations Strategy