|
The NACD and Internet Security Alliance released the fifth edition of their “Director’s Handbook on Cyber-Risk Oversight.” Relevant for organizations across types and sizes, the handbook presents six core principles for effective board oversight of cyber risk and is intended to help directors navigate an increasingly complex and evolving threat environment. The updated edition includes expanded guidance reflecting rising cyber-risk stakes, including developments related to emerging technologies, supply chain risk, and incident response coordination, as well as a foreword from the Cybersecurity and Infrastructure Security Agency (CISA).
As in prior editions, the handbook is accompanied by a practical toolkit designed to support board oversight. The toolkit includes resources such as guidance on ransomware preparedness and incident response, discussion guides on topics including AI and quantum computing, oversight of third-party and supply chain risks, cybersecurity metrics and reporting, and considerations for M&A activity, among other areas.
The handbook reiterates that cybersecurity is a central governance issue for boards and emphasizes the role of directors in overseeing cyber risk as part of broader enterprise risk oversight.
|