Ten Questions Every Board Should Ask in Overseeing Cyber Risks
The consequences of a data breach could be significant. Recognizing that directors can protect themselves from liability in the case of a breach by taking an active oversight role in their company’s cybersecurity preparedness, this article sets out to provide boards with some practical advice regarding how to approach cybersecurity oversight. While there is no “one size fits all” approach to questions a board should ask in its oversight of cybersecurity (particularly as different industries exhibit different risk profiles), we suggest ten categories of questions that boards of all companies should be asking members of management responsible for cybersecurity.