Cyber risk is rapidly emerging as a critical test of boardroom leadership, yet many directors are still working to keep pace with an increasingly complex threat landscape. As cyberattacks grow in both scale and sophistication, organizations are facing mounting pressure to strengthen oversight and resilience. In response, National Association of Corporate Directors (NACD) and Internet Security Alliance (ISA) have released the fifth edition of the Director’s Handbook on Cyber-Risk Oversight, offering updated guidance for corporate boards.
According to the research cited in the report, more than 600 million cyberattacks are tracked globally each day. Furthermore, cybercrime losses are expected to approach $20 trillion annually in the coming years. Consequently, regulators, investors, and stakeholders are placing greater expectations on boards to actively oversee cybersecurity strategy, disclosures, and organizational resilience.
To address these challenges, the updated Handbook introduces six core principles designed to guide board-level oversight of cyber risk. In addition, it provides practical tools that enable directors to engage more effectively with management, evaluate organizational preparedness, and oversee incident response strategies. As a result, boards can take a more structured and proactive approach to cybersecurity governance.
“Cyber risk has become a central governance issue for boards,” said Peter Gleason, NACD president and CEO. “Directors today must oversee cybersecurity in the same disciplined way they oversee financial, operational, and strategic risks. Our Handbook provides boards with practical frameworks to strengthen oversight and help organizations navigate a rapidly evolving threat environment.”
Moreover, the Handbook builds on more than a decade of collaboration between NACD and ISA to strengthen cyber governance at the board level. Over time, it has become a widely recognized resource for directors seeking to align cybersecurity oversight with broader enterprise risk management practices.
“The Journal of Cybersecurity has called the Director’s Handbook on Cyber-Risk Oversight the de facto international standard for cyber-risk oversight,” said Larry Clinton, ISA president and CEO. “It is the only set of best practices that has been independently assessed and found to produce substantial security outcomes.”
In addition to its foundational principles, the latest edition includes expanded guidance on emerging risks and technologies. For example, it addresses supply chain vulnerabilities, incident response coordination, and the growing impact of advanced technologies on cybersecurity. Furthermore, the Handbook features a foreword from the Cybersecurity and Infrastructure Security Agency (CISA), underscoring its relevance in today’s regulatory environment.
Equally important, the resource introduces a practical toolkit for directors. This toolkit covers key areas such as ransomware preparedness, quantum computing risks, cybersecurity performance metrics, and third-party risk oversight. Therefore, directors are better equipped to make informed decisions and guide their organizations through complex threat scenarios.
Overall, the release of the updated Handbook highlights the growing importance of cybersecurity at the highest levels of corporate governance. By providing actionable frameworks and insights, NACD and ISA are helping boards strengthen their ability to manage cyber risk in an increasingly digital and interconnected world.
Recommended Cyber Technology News:
- Northeast Spine Data Breach Exposes 7K N.J. Patients
- Cloudflare Unveils Mesh for AI Agent Infrastructure Security
- WatchGuard and HaloPSA Partner to Streamline MSP Security
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
