Nearly every large public company board has made significant investments in cybersecurity, enhancing human capabilities in both management teams and boards and allocating major capital to secure their IT infrastructures. But we regularly hear from directors that these are no more than steps on a long journey. Even in a company where internal management of cyber risk appears strong, the board of directors can worry that its oversight may not be adequate—or that it has no reliable way to assess its adequacy or to compare its capabilities with those of boards of other firms.

COED seeks to address this gap. It is predicated on the belief that cyber risk often requires fundamentally different treatment than other risks, such as health and safety or fraud. Directors, executives, company secretaries, and others who care deeply about effective governance are the intended audience for this report and for the COED approach.

Review the publication on Tapestry Networks' website.