The rapid pace of cyberattacks and extensive media coverage they receive can create confusion for corporate directors on their role with regards to cybersecurity. This article is a good refresher as to the role of the board. It proposes 5 key aspects of the board role: accept the responsibility, set expectations for management, understand your cyber-risks, assess current cyber-security practices and plan and rehearse. I would add to that, based on recent findings, discuss the adoption of a cybersecurity framework like NIST. To assist in the evaluation of current practices, I refer you to a list of questions on the state of cybersecurity I have published http://www.joseemorin.ca/en-tools/

https://www.spencerstuart.com/research-and-insight/cybersecurity