It is important for the board of directors and leadership to “set the tone at the top” and define how their organizations must form cybersecurity. The World Economic Forum and its cooperated teams developed consensus principles for cybersecurity board governance. This report has six principles to support board oversight of a cyber-resilient organization while driving strategic goals. The first principle is to understand that cybersecurity is a strategic business enabler and create a security culture that recognizes threats are organizational risks and more than just an IT issue. Secondly, understand the economic drivers and impact of cyber risk through accurate risk analysis. The third principle is to align cyber-risk management with business needs by integrating cyber-risk analysis and security measures into significant business decisions. Fourthly, ensure organizational design supports cybersecurity to form a long-running cyber-business collaboration. Fifthly, incorporate cybersecurity expertise into board governance to keep the board directors aware of the cyber trends and incorporate necessary measures in every operation. The final principle is to encourage systemic resilience and collaboration across industry and with public and private stakeholders because cyber resilience should be formed interconnectedly.
