Boards and audit committees have developed a heightened interest in cybersecurity governance over the last three years and even more so in the past year as high-profile cyber issues have dominated the news.

Phishing—fraudulent emails that bait employees so hackers can access the network—is a critical board-level cybersecurity concern. Organizations can also lose sensitive information when employees exhibit malicious insider activity by accessing and abusing data.