Board Toolkit: Questions for the board to ask about cyber security

This document briefly summarises each module of the toolkit. It then provides a series of questions (with possible answers) that boards can use to help evaluate your organisations performance.

Embedding cyber security into your organisation Cyber security is not just ‘good IT’. It should be integrated into organisational risk management and decision making, and all the business units in your organisation should be clear about their cyber security obligations and responsibilities. Done well, cyber security will enable your organisation’s digital activity to flourish, adding value to your business. It’s also a team sport, and as Board Member, it’s vital that you empower everyone.

Visit ncsc.gov.uk/board-toolkit to view and download the complete Board Toolkit.

Note: These questions are designed to encourage productive cyber security discussions between boards and key stakeholders in your organisation (such as your legal, procurement, HR as well as technical teams). They are designed as a ‘starting point’, rather than a checklist that’s simply to be worked though.