Reporting cybersecurity to boards

coloured digital leaves

This guide helps management improve reporting to the board on cybersecurity.

author
Institute of Directors & Aura

Most organisational activity has technology implications. The risk of damage from a cyberattack or data breach can be high.

Boards need comprehensive reporting from management about cyber risks and incidents, and actions taken to address them.

This guide gives boards guiding principles for management reporting on cybersecurity, questions to ask in developing cybersecurity metrics, and examples of cybersecurity dashboards.