In this module, learners will dive into strategies for evaluating an organization’s readiness to manage and respond to cyber incidents. You’ll discover key indicators that help measure preparedness, explore essential questions board members can ask to assess cyber resilience, and learn how to leverage training programs and tabletop exercises to improve incident response capabilities. By the end of this module, you’ll understand how proactive preparation and strategic oversight can strengthen an organization’s ability to respond to cyber threats effectively.

This module provides board members and senior leaders with the knowledge and tools needed to navigate the evolving regulatory landscape of cybersecurity reporting. With a focus on the U.S. Securities and Exchange Commission (SEC) requirements, the module equips learners to fulfill their oversight responsibilities by understanding key compliance obligations. Participants will explore the SEC's 4-day materiality reporting rule, critical considerations for timely disclosure of cyber incidents, and the annual (10-K) cybersecurity disclosure requirements. Through practical examples and guidance, learners will gain the insights necessary to support organizational compliance while maintaining transparency and protecting shareholder value.

In this module, board directors will learn the critical steps involved in responding to a cyber incident, from the initial detection to recovery and post-incident analysis. Understanding the right protocols and how to communicate across different levels of the organization—especially between technical and non-technical board leaders—is vital for effective incident management. Additionally, this module will cover the legal and regulatory requirements that board members need to be aware of during a cyber incident, ensuring compliance and minimizing organizational risk. By the end of this module, directors will be equipped with the knowledge to oversee and guide their organization’s response to a cyber crisis.

This module introduces the Factor Analysis of Information Risk (FAIR™) framework, providing board directors with foundational knowledge to understand and oversee cyber risk management. FAIR™ is the only international standard for quantifying cyber risk, enabling organizations to translate technical threats into financial terms. This approach helps boards align cybersecurity priorities with business objectives and regulatory requirements.

In this module, board directors will explore the critical operational and legal consequences organizations may face if they are unprepared for cyber incidents. The module delves into real-world examples of business disruptions and lawsuits resulting from inadequate cyber risk management, emphasizing the importance of proactive preparation. Directors will gain insights into the far-reaching impact that insufficient cybersecurity measures can have on an organization’s financial stability, reputation, and legal standing.

Mergers and acquisitions (M&A) are high-stakes processes that require careful attention to various risks, including cyber risks. Board members play a crucial role in ensuring that cyber risks are adequately assessed and managed throughout the M&A lifecycle. This module focuses on the importance of collaboration between board members to identify, evaluate, and mitigate potential cyber risks during these complex transactions. By integrating the FAIR framework for cyber risk quantification, board members can gain valuable insights that influence deal valuations, guide post-merger integration, and ensure long-term organizational success.

In today's rapidly evolving cybersecurity landscape, it's crucial for organizations to assess their preparedness for potential cyber incidents. Testing cyber readiness through simulated exercises, such as tabletop drills, is an essential step in ensuring an organization's ability to respond effectively to cyber threats. This module focuses on the importance of tabletop exercises in evaluating incident response capabilities, highlighting how these exercises help identify gaps in processes, communication, and decision-making. It also explores the benefits of analyzing the results to enhance future responses and strengthen overall cyber resilience.