Cyber Resilience is every leader’s responsibility

Cyber risk for the Board is as important as financial risk and health and safety. The responsibility for data security can no longer be solely managed by the IT department. Leaders must actively review and approve data security policies.

Leaders don’t need to be technical experts, but they need to know enough about the threats and risks and be able to have a conversation with their experts about these, and understand the right questions to ask. 

Protecting information assets is of critical importance to the sustainability and competitiveness of businesses. All organisations, regardless of size or sector, need to be on the front-foot in terms of their cyber preparedness. Cyber resilience is all too often thought of as an IT issue, rather than the strategic risk management issue it is. 


Good cyber security is all about managing risks. The process for governing cyber security in your organisation will be similar to the process you use for other organisational risks.

It is a continuous, iterative process and comprises three overlapping components, summarised below:

  1. Understand the risks you and your organisation face.
  2. Use this information to understand and prioritise your risks.
  3. Take steps to manage those risks.

NCSC’s Board Toolkit will provide you with the tools you need to have the necessary conversations with your IT team/supplier.

If you’re not sure where to start, NCSC suggests you start with the Introduction to Cyber Security for Board members and Embedding cyber security into your structure and objectives.

Go to Board Toolkit
Section Briefing Pack

Briefing Pack

NCSC have developed briefing packs to introduce the topic of cyber security to your organisations. The packs are available as PowerPoint files complete with speaker notes to help you present to your staff. You can also watch the narrated video versions on the NCSC website.

Briefing Pack 1: What is cyber security?
This pack is an introduction to cyber security, and explains why it needs to be on your board’s agenda. Download Briefing Pack 1.

Briefing Pack 2: Introducing the Cyber Security Toolkit for boards
This pack introduces the Toolkit guidance, explaining how it’s constructed, how it can help you, and how organisations might want to use it. Download Briefing Pack 2.

Briefing Pack 3: Questions for boards to ask about cyber security
This pack covers all the modules in Toolkit and is designed to help those running in-depth sessions for their organisation. It includes questions and answers and NCSC recommended covering no more than 2 modules at a time. Download Briefing Pack 3.


Executive Education Training: Cyber Security

This programme provides CEOs, Directors and Non-Executive Directors with frameworks and best practice for managing cyber security-related risk, separate from the specialised IT infrastructure typically associated with this topic. Course content includes lectures and highly interactive discussions, as well as […]

Read more Executive Education Training: Cyber Security in modal dialog
Back to top of the page