Published: 23 March 2021

Principles for Board Governance of Cyber Risk

Cyber risk is among the top risks facing businesses today, and it has become clear that boards, especially, need stronger foundations to govern cyber risks effectively. Companies that effectively manage the entire portfolio of risks, including cyber, do better in the marketplace. This paper is designed as a reference for corporate directors as they set their organization’s cybersecurity strategy and engage with stakeholders on the issue of cyber risk. Building on existing guidance and developed in cooperation with the National Association of Corporate Directors, the Internet Security Association, and Forum partners, it offers six consensus principles for cybersecurity board governance. It provides advice and suggests critical actions that directors may find useful as they seek to understand their organization’s current position, exercise their oversight function and set future goals.

License and Republishing

World Economic Forum reports may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

About Us



Partners & Members

Language Editions

Privacy Policy & Terms of Service

© 2022 World Economic Forum

Join the Forum