Directors need to understand and approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue. Directors should understand the legal implications of cyber risks as they relate to their company’s specific circumstances. Boards should have adequate access to cybersecurity expertise, and discussions about cyber-risk management should be given regular time on board […]