Reporting cybersecurity to boards

Most organisational activity has technology implications. The risk of damage from a cyberattack or data breach can be high.

Boards need comprehensive reporting from management about cyber risks and incidents, and actions taken to address them.

This guide gives boards guiding principles for management reporting on cybersecurity, questions to ask in developing cybersecurity metrics, and examples of cybersecurity dashboards.