The Conference Board uses cookies to improve our website, enhance your experience, and deliver relevant messages and offers about our products. Detailed information on the use of cookies on this site is provided in our cookie policy. For more information on how The Conference Board collects and uses personal data, please visit our privacy policy. By continuing to use this Site or by clicking "OK", you consent to the use of cookies. 
Issues: Cybersecurity Risk Oversight


In an increasingly connected world, cybersecurity becomes a critical issue for corporations and the boards that lead them. From securing corporate secrets and intellectual property to safe guarding customer, partner, and employee information, how a company structures its cybersecurity strategy and infrastructure can have a significant impact on whether and how much the company is able take advantage of the opportunities that technology presents while managing for legal, financial, and reputational risk. This perhaps begins and ends with the board of directors.

The Governance Center, in collaboration with other practices of The Conference Board and key external partners, is exploring the role of the board in cybersecurity and our increasingly digital world. Below are key resources for directors and business leaders.

Research and related resources from The Conference Board

On Governance: Government Relations Expanding Role in Cybersecurity Risk
September 2018 | Bob Zukis, Senior Fellow, Corporate Governance, The Conference Board
Cybersecurity governance and the broader issues around digital governance are emergent competencies in the corporate boardroom. Being proactive and building a coordinated enterprise approach to these issues is a good starting point and GR has a key role to play.

Cybersecurity: Crucial Collaborations: Highlights from The Conference Board 2018 Cybersecurity Conference
August 2018 | Webcast
This webcast provides insights from the Cybersecurity Conference: Crucial Collaborations, New York City, January 18-19, 2018.

23 Truths about Cybersecurity: Insights from the Cybersecurity Conference: Crucial Collaborations
February 2018 | Conference KeyNotes
Cyberattacks are inevitable, thanks to the internet’s intrinsic vulnerabilities and the rapid advance of technology: attackers everywhere seem to be two steps ahead of defense capabilities. But companies can mitigate damage. Enterprise-wide risk management starts with a holistic plan, a board that includes cyber-savvy members, and a leadership team that knows how much risk the company can tolerate.

The recent ransomware attacks are a call to action for boards
August 07, 2017 | Steven Grossman, Vice President of Strategy, Bay Dynamics
It has been a busy few months. The WannaCry ransomware attack made big news in May, raising a lot of antennas. Everybody waited for more shoes to drop from the leaked NSA hacking tools and indeed more attacks came. The Petya ransomware variant (AKA “NotPetya”) caused significant damage to global companies.

Governance Outlook for Directors: Highlights of the 2017 The Conference Board /CED Spring Policy Conference
July 2017 | Conference KeyNotes
The Conference Board Governance Center and the Committee for Economic Development (CED) on April 20, 2017 co-hosted more than 100 corporate governance practitioners to discuss the state of corporate governance, corporate political contributions, the job description of a corporate director, and cybersecurity oversight.

30 Truths about Cybersecurity
April 2017 | Conference KeyNotes
There are two kinds of companies: those that have been hacked and those that don’t know it yet. Cyber risk is not just an IT concern, but a crucial business issue.

A Strategic Cyber-Roadmap for the Board
November 2016 | Director Notes
This Director Notes reviews five director case studies of cyberrisk governance.

NY State Cyber Regulation for Banks: A Model?
September 28, 2016 | Marcel Bucsescu, Program Director, Council of Chief Legal Officers, The Conference Board; Matthew Waxman, Law Professor, Columbia Law School
On September 13, 2016, New York Gov. Andrew Cuomo announced a set of proposed cybersecurity regulations for financial services companies that fall under the jurisdiction of the New York State Department of Financial Services (NYSDFS): Cybersecurity Requirements for Financial Services Companies.

Are Cyber Experts on Boards Inevitable?
June 16, 2016 | Bob Zukis, Senior Fellow, Corporate Governance, The Conference Board
Fifteen years ago the legislation known as Sarbanes-Oxley (SOX) forced American corporate boards to diversify their skills by adding financial expertise to their director ranks.  Are we now at a similar point for IT and cybersecurity governance skills?

Emerging Practices in Cyber Risk Governance
October 27, 2015 | Research Report
This report explores the lessons of the massive cyber hacks of Target, JP Morgan Chase, Anthem, and Sony and outlines best practices for proactive cyber risk governance.

A Cybersecurity Guide for Directors
July 27, 2015 | R. William Ide, III, Chairman, Governance Center Advisory Board
Every director should have a general understanding of cybersecurity risk and what it means for oversight responsibilities of directors. While cybersecurity may appear to be a daunting new risk to many board members, the long-established “tried and true” board governance approach to risk oversight described herein works well and should be applied to cybersecurity risk.

Duties and Liabilities of the Board Regarding Information Security
February 05, 2015 | Governance Center Blog
Recent high profile cyber breaches at Anthem, Home Depot, and Sony remind us just how dynamic, complex, and rapidly evolving cyber security and the management  and response to those risks is. But managing risk is not a new challenge for management and boards. And while there are many unknowns with cyber risks, the role of the board is still rooted in the basic duties of care, loyalty and good faith to the corporation.

Did ISS get it right in recommending a vote against Target's Directors?
June 04, 2014 | Governance Center Blog
Several news sources recently reported that ISS is recommending a vote against seven of Target’s ten directors because they served on the Audit Committee or the Corporate Responsibility Committee at the time of the well-publicized data breach at Target last year. The quality of director oversight–is front and center of the ISS recommendation to vote against seven of Target’s ten directors.

The Board's Role in Cybersecurity
March 25, 2014 | Director Notes
The costs of a cyber attack can be significant. To protect finances, liability, reputation, and future growth, corporate boards must ensure that their companies have appropriate processes in place to manage cyber risk in the context of their business.

Reframing the Issue: New Ways to Think about Cyber Risk and Security
December 03, 2013 | Council Perspectives
Cyber risk is just one of many operational risks, and, from a business viewpoint, mitigation of cyber risk should focus on fundamental risk management, corporate resilience, and managing human behavior.

Brave New World: Recruiting Talent in the Digital Age
October 18, 2013 | Research Report
To be effective, online talent acquisition needs to be aligned with and integrated into your company's overall brand and social marketing objectives and practices.

Get Connected: How Social Collaboration Can Help Companies Navigate a Complex Business Landscape
June 26, 2013 | Executive Action Report
To remain competitive, companies should embrace social collaboration— employees and business partners contributing and connecting via an enterprise-wide virtual environment.

Use of board portals and social media
April 15, 2013 | Chart of the Week
Tablets and electronic portals designed specifically for directors have rapidly made their way into the boardroom. While directors also have become more accustomed to the use of social media, the vast majority of companies do not have a formal policy to regulate it.

Webcasts from The Conference Board

Governance Watch Webcast: Cybersecurity and the Board
January 28, 2019 | Governance Watch
What kinds of cybersecurity risks do executives and directors need to look out for in the new year?  What steps should the board take to prepare for cyberattacks? Watch this webcast to find out.

Cybersecurity: The Leadership Imperative Conference Keynote Webcast
June 15, 2017 | Special Webcast
This webcast is about best practices and forward-looking approaches to governance and risk mitigation, and it will help you discover why these technological challenges do not only require technological solutions, but leadership teamwork and communication.

Cyber Security, Industrial Espionage, and The Internet of Things 
March 05, 2014 | Special Webcast
This webcast will reveal some of the risks related to revolutionary developments online and suggest some approaches to gaining commercial advantage without risking the enterprise in the process.

Governance Watch: Cyber Security
August 07, 2013 | Governance Watch
This webcast will review the latest that the board and management need to be thinking about with respect to cyber security and related risks that confront public companies.

The Corporate Technology Leadership Gap
July 25, 2013 | Special Webcast
Management and boards in the United States and Europe have taken different approaches to address the technology revolution in business and the role of leaders in technology strategy.

Cybersecurity: Do you know if you’ve been hacked?
May 03, 2013 | Special Webcast
There are 2 types of companies: those that have been hacked and those that do not know they have been hacked. In this webcast we will address two major questions: What are the risks? and how do you protect your organization?

Governance Watch: Social Technology in the Boardroom
December 05, 2012 | Governance Watch
Join our guests for their insights and advice on how to engage in and leverage social technology for competitive advantage at the board level.

Subscribe to Director Notes

Stay on top of current issues and best practices in corporate governance, risk oversight, and sustainability.