An in-depth article arguing the case for adopting an approach to board oversight of cyber risks similar to financial risks: a cybersecurity committee, an independent cybersecurity auditor and cybersecurity expertise and knowledge on the board. It also contains a good summary of various cybersecurity legislation in the US, relevant for Canadian businesses that work across the border.

http://www.cybersecuritydocket.com/2016/01/12/boards-of-directors-and-cybersecurity-applying-lessons-learned-from-70-years-of-financial-reporting-oversight/