Cybersecurity And The Board’s Responsibilities — ‘What’s Reasonable Has Changed’

Stated at a high level of generality, the board must ensure that the company has cyber risk management policies and procedures consistent with its strategy and risk appetite, and the board must ensure that these policies and procedures are functioning.