Investors need accurate and timely cybersecurity risk governance and management disclosures to make informed decisions. Companies struggle to disclose enough information for investors to understand whether the business is responding to and recovering from a material cyber incident without providing a roadmap to attackers or undermining law enforcement efforts.

Emerging technologies and cybersecurity risk management often present competing challenges for management and the board’s attention. In a time of turbulence, boards have a critical role in strengthening risk management. Board effectiveness in overseeing cyber risk management starts with its tone at the top, access to the correct data, and consistently engaging chief risk officers (CROs), chief information security officers (CISOs), business leaders, and third parties.