Board Toolkit

The Board toolkit developed by the National Cyber Security Centre (NCSC) is designed to encourage essential cyber security discussions between the Board of a business (that could be a Board of Directors, a Board of Governors or a Board of Trustees) and their technical experts. It is relevant for anyone who is accountable for an organisation in any sector and wishes to improve their cyber resilience.

The toolkit addresses three questions:

  1. What should the Board do?
    This provides specific actions for the Board.

  2. What should your organisation do?
    This provides information on aspects that Boards should have oversight of but are unlikely to be actively taking action on (although this is dependent on your organisational structure).

  3. What does good cybersecurity look like?
    This provides questions (and potential answers) designed to generate discussions with your experts that can help the Board identify what constitutes 'good' cybersecurity within your organisation. 

What can this toolkit do for you?

Board members don't need to be technical experts, but they need to know enough about cybersecurity to be able to have a fluent conversation with their experts and understand the right questions to ask.

The Board Toolkit therefore provides:

1. A general introduction to cyber security.

2. Separate sections, each dealing with an important aspect of cyber security. For each aspect, we will:

  • explain what it is, and why it's important
  • recommend what individual Board members should be doing
  • recommend what the Board should be ensuring your organisation is doing
  • provide questions and answers which you can use to start crucial discussions with your cyber security experts

3. An appendix summarising the legal and regulatory aspects of cyber security.