The handshake between Board and Management on cybersecurity
At the heart of effective cybersecurity governance lies the quality of interaction between the Board and executive management. The ‘handshake’- when cybersecurity is formally presented to the Board - is a pivotal moment. It not only shapes the Board’s understanding of cyber risk but also influences how management prioritizes and allocates resources in response.
All research and publications on this website are grounded in independent, privately funded work. Our fellows—senior professionals with deep experience in both cybersecurity and Board governance—volunteer their time to advance the quality of Board‑level oversight. Their expertise, combined with insights gathered through direct engagement with Board members and executives, enables us to develop perspectives and frameworks that strengthen cybersecurity governance across organizations.
The intended audience includes Board members, executives, and security leaders—stakeholders united by the need to align governance, risk, and operational understanding in the evolving cybersecurity landscape.
Boards are increasingly accountable for the oversight of cybersecurity risk, yet the handshake between Boards and management on cyberrisk is often weak or poorly defined.
Cybersecurity reporting frequently remains technical, operational, or compliance-driven, making it difficult for Boards to form a clear view of material risk, resilience, and strategic exposure. As a result, Boards can improve their understanding of what better practice looks like, while executives lack a shared reference point for how cyber risk should be framed for Board-level decision-making.
This breakdown in the handshake limits effective governance and places pressure on directors seeking to fulfil their duty of care in a rapidly evolving threat landscape.
Our reports provide a practical basis for understanding what good looks like, evaluating current reporting practices, and shaping a fit-for-purpose approach going forward. If your Board is seeking clearer, more consistent cyber insight and stronger Board-level dialogue, our current report provides a robust and relevant foundation, with the 2026 research building on this work further.
Bridging the gap between executive management and the board
Ensuring alignment and empowering decisive action on critical risks
Our reports are aimed at any Director who wants confidence in their oversight. The reports have and will also continue to be designed as a great source for Executives and Cybersecurity leaders who provide information to Boards. They are a practical tool to help you evaluate your current reporting practices, and they provide guidance against good practice, and help you shape a fit-for-purpose approach going forward. If your Board wants clearer, more consistent cyber insights —and to be more informed to fulfil its responsibilities —the report 2025 report is what you’ve been waiting for and the 2026 research will build on that.
The Project Partners
We acknowledge the valuable collaboration with the International Centre for Corporate Governance (St. Gallen, Switzerland) and the National Centre for Cybersecurity Belgium (CCB). Their support and expertise contributed significantly to the success of this international, practice-led initiative.
We also extend our sincere thanks to all Directors and Executives who generously share their time and insights, making our reports possible.
