4 April 2025

NACD Director's Handbook on Cyber-Risk Oversigh


Introduction

Since the release of the third edition of this handbook in early 2020, companies have been embattled by the challenges of working from home to protect workforces from COVID-19, systemic cyberattacks such as the SolarWinds incident, and the economic ramifications of Colonial Pipeline’s struggle with a ransomware actor, to name only a few headwinds. Despite these significant events in the cyber-threat landscape and challenges facing organizations, some board-level oversight practices stand the test of time. Boards of directors, with their attending fiduciary duties, continue to be responsible for overseeing management’s strategy and their approach to enterprise-wide risk, and cybersecurity matters inherently span the enterprise.

As cybersecurity challenges grow, the board’s duties may also expand, as regulators and rule makers in state and federal governments scrutinize the role of the board in oversight of information security risks—and boards are rising to the challenge to provide sound oversight in this realm. According to the 2022 NACD Public Company Board Practices and Oversight Survey, 83 percent of boards have significantly improved their understanding of cyber risk compared with two years ago.

No comments: