Cyber-Risk Oversight Resource Center

This resource center is a repository for all NACD content, services, and events related to the fast-moving and complex issue of cybersecurity oversight. Here you will find practical guidance, tools, and analyses tailored to the full board, relevant committees, and individual directors.

Videos and Webinars

Discussing Cybersecurity with Jen Easterly, Director, CISA Cybersecurity and Digital Transformation: The Audit Committee Perspective Post-SolarWinds, What’s Next for Cybersecurity? The Year Ahead in Cybersecurity: Key Issues for Directors ESG & Cybersecurity: How Boards Can Respond to Investor Concerns How to Lock Up a Cloud: Challenges in Changing Technology and Cyber Risk

Cyber-Threat Landscape: What’s New and Response Readiness

2023 Director's Handbook on Cyber-Risk Oversight Principles for Board Governance of Cyber Risk (NACD, ISA, and the World Economic Forum) How Cybersecurity Experts Are Tackling Proposed SEC Rules, Working From Home, and More Get Into the Quantum Game: Use Cases Are Emerging CEOs and Boards: Prioritizing a Security Crisis Increasing Trust With Investors on Cybersecurity Requires Communication Cyber-Risk Oversight Amid Russia-Ukraine Tensions 2021 Cyber Threat Intelligence Report: Volume 1 (Accenture) 2021 Cyber Threat Intelligence Report: Volume 2 (Accenture) Ransomware Response and Recovery (Accenture) Colonial Pipeline Attack Fuels Questions, Comments, and Concerns Cyber Resilience 2.0: Experts Talk Ransomware, Supply-Chain Risk, and Cloud Security Financial Exposure and Cyber Risk Conversations SolarWinds Supply-Chain Attack Besets Boards with Implications Managing Insider Risk in the Era of Remote Work NSA Cybersecurity Alert Prompts the Question: Is Your Organization at Risk?

Develop the Appropriate Board Oversight Structure and Practices

New Benchmark Cyber-risk Report Unveils the Top Industry Threats Nine Takeaways from the Newly Announced National Cybersecurity Strategy Survey Results Part One: Board Directors Have Work To Do On Cybersecurity Survey Results Part Two: Directors Must Drive Cybersecurity Improvements Protect Your Company From Digital Assassination Disclosing the Business, Operational, and Financial Impacts of Cyber Risk Three Action Items to Get Started with Better Cybersecurity Oversight How to Rationalize Cybersecurity Tools in Turbulent Times Contextualizing Cyber Risk: Mapping Business as a System New SEC Cybersecurity Rules Focus on Board Accountability Clarifying Committee Oversight Responsibilities For Evolving Enterprise Risks Eight Questions to Frame Data Privacy Discussions in the Boardroom How Transparent Is Your Audit Committee? Three Reasons to Increase Disclosures How to Make Your Organization a 'Cyber Champion' Four Steps to Analyze Ransomware Risk and Protect Critical Assets One Year In: Crises Continue to Call for Cyber Resilience Sample Cybersecurity Performance Dashboard Investors Are Worried About Cybersecurity: What Boards Should Do Preparing the Board to Go Beyond the Digital Frontier

Assess the Effectiveness of the Cybersecurity Program

A Crossroads for Cyber Insurance: Are You Really Covered? Beyond the Buzz: Building Cyber Resilience The Cyber-Risk Data Gap Threatens Insurance Offerings What Boards Should Know About Zero Trust Personal Cybersecurity for Board Members Enhancing Cybersecurity Oversight Disclosures—10 Questions for Boards 10 Questions for a Board Member to Ask About Cybersecurity Building a Relationship with the CISO Board-Level Cybersecurity Metrics Cybersecurity Considerations During M&A Phases—Mergers and Acquisitions Incident Response Tool The Cyber-Insider Threat—a Real and Ever-Present Danger Assessing the Board’s Cyber-Risk Oversight Effectiveness Understanding the Post-Breach Process Making the Right Investments for Cyber Resilience (Accenture)

Ensure Effective Management Reporting

Improve Cyber-Risk Measurement Through Scenario-Scoping Board-Level Cybersecurity Metrics Sample Cyber-Risk Dashboards What Directors Should Look for In Their Cybersecurity Briefing Getting the Right Metrics and Reports for Your Board Questions Directors Should Ask Management During a Breach

Cyber Risk Oversight Certificate

Earn the CERT Certificate in Cybersecurity Oversight, issued by NACD and Carnegie Mellon University

Understand Relevant Legal and Compliance Implications

SEC Cyber-Risk Governance and Its Boardroom Business Resilience Implications Boardrooms Are the Best Way to Regulate Cyber Risk (Accenture) An Update on the State of the U.S. Securities and Exchange Commission’s Approach to Cyber Risk (NACD, Cyber Threat Alliance, and SecurityScorecard) Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (SEC Comment Letter) America’s Path to Cyber Resilience (Accenture) Still Burning: The Battle to Fight Cybersecurity Fire US 2021 Cyber Agenda May Affect Liability, Disclosure, and Enforcement Regulatory and Cybersecurity Responsibilities Intersect for Boards California Consumer Privacy Act (CCPA) Factsheet What Boards Should Know About the GDPR The Board’s Role in Data Privacy Oversight

Events

Master Class NACD Summit The Cybersecurity Odyssey: What's Next on the Evolving Frontier (NACD Atlanta Chapter Event) Technology as a Strategy (NACD Chicago Chapter Event) Conflict, Climate, Cyber: What’s Next? (NACD Pacific Southwest Chapter Event) Tech for the Intimidated (NACD Research Triangle Chapter Event)

Understand Public-Private Partnership

Heads Up, Boards: The Executive Order on Cybersecurity Needs Your Attention (Accenture) Report an Incident to Cybersecurity and Infrastructure Security Agency (CISA) Learn About CISA’s Joint Cyber Defense Collaborative U.S. Secret Service’s Cyber Fraud Task Forces: Defending American Financial Infrastructure Understand the FBI’s Cyber Investigations Strategy Keep Up With U.S. Cyber Diplomacy at U.S. Department of State Bureau of Cyberspace and Digital Policy