As others have noted, there is no "one size fits all" approach when it comes to cybersecurity given that different sectors present different cyber risk profiles. Drawing on the governing standards, case law, and regulatory guidance, however, set forth below are 10 universal questions that directors might ask as part of their oversight of a company's cybersecurity program. (Credit: Rawpixel.com/Shutterstock)
As companies of all sizes continue to face growing cyber risks, more corporate directors than ever appear to appreciate that their role as fiduciaries requires them to maintain a sustained focus on data privacy and cybersecurity just as much as they oversee more traditional elements of enterprise risk management.
But even as boards increasingly expand their oversight of cybersecurity programs, there is a growing likelihood that their oversight will be challenged in the courts and second-guessed by regulators. The continued growth in the scope and number of cyber incidents will lead to more scrutiny of a board's oversight of a company's preparedness, mitigation, response and resiliency programs.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
