The NACD's "Current and Emerging Practices in Cyber-Risk Oversight" demonstrates how - notwithstanding directors' increasing understanding of cyber risks generally and in relation to providing effective oversight - associated board practices (including the cadence and content of management's reports to the board) vary widely by company depending on company-specific circumstances that evolve over time.
The report, which summarizes the input from a March 2019 meeting of NACD Risk Oversight Advisory Council participants (inclusive of representatives from numerous companies, the FBI, and the DHS), provides insight into the different approaches companies and boards pursue to understand and manage these risks.
See also this Mutual Fund Directors Forum release, and additional information & resources on our Cybersecurity/Data Privacy page. This post first appeared in the weekly Society Alert!