Cyber-Risk Guide Provides Advice To Boards Grappling with Oversight Role

Bloomberg BNA’s Corporate Law & Accountability Report is available on the Corporate Law Resource Center. This news service keeps corporate practitioners informed of legal developments of...

June 11 — Corporate boards may be better able to assess their understanding of cybersecurity risks using tools released this week by the National Association of Corporate Directors (NACD), according to the group's president and CEO, Ken Daly.

NACD, the American International Group and the Internet Security Alliance put together the latest issue in the NACD's Directors' Handbook Series—“Cyber-Risk Oversight”—which provides boards with “practical tools,” including “self-assessment questions” and “guidelines for conversations with management,” Daly said in a June 11 news release announcing the issue.

“Ninety percent of directors participating in our latest governance survey indicated they would like to improve their understanding of cybersecurity risk,” he said.

The publication is organized around five key principles and covers a wide spectrum of board-level considerations related to oversight of cybersecurity, including board composition, liability implications, disclosure issues, access to expertise and risk-appetite calibration, the release said.

Boards should adapt the handbook's recommendations based on their company's unique characteristics, including size, life-cycle stage, business strategy, industry sector, geographic footprint and culture, the release said.

The news release, along with a link to NACD's Director's Handbook Series, Cyber-Risk Oversight, is available at