Reporting cybersecurity to boards

This guide on reporting cybersecurity to boards, developed by the IoD and Aura Information Security, sets out principles on reporting to boards, key questions to help identify and develop cybersecurity metrics, and sample dashboards

Reporting cybersecurity to boardsIn the modern world, virtually all levels of organisational activity have technology implications, and the potential damage from a cyberattack or data breach can be significant. It is important that boards receive comprehensive reporting from management about cyber risks and incidents, and actions taken to address them.

To help improve reporting on cybersecurity, our guide sets out:

  • guiding principles on reporting to boards
  • questions to ask in developing cybersecurity metrics
  • sample dashboards.