Cyber Governance for Boards

This resource was created to help boards govern cyber risks with confidence. It has three key components: the Cyber Governance Code of Practice, Cyber Governance Training, and the Cyber Security Toolkit.

The Cyber Governance Code of Practice outlines the key actions needed to govern cyber security risks effectively. It sets out the most critical governance actions that boards need to take ownership of and outlines the responsibilities and accountability required at the board level. The Code is built around five key governance principles: risk management; strategy; people; incident planning, response, and recovery; and assurance oversight. Next, the Cyber Governance Training helps boards and directors deepen their understanding of these actions, providing practical insights into why they matter and how to implement them. It features five interactive training modules aligned with the aforementioned principles. Each module includes an overview of the principle, a short video covering a use-case or scenario, multiple-choice questions, printable documents that summarise key points, and more. Finally, the Cyber Security Toolkit offers in-depth resources that correspond to the principles outlined in the Code, ensuring boards have the tools they need to manage cyber risks comprehensively.

Although created by the UK government for boards and directors of both public and private organisations across the UK, the lessons herein are applicable for boards and companies in any country or region.