At the board level, cyber presents a dilemma. It’s both critical enough to demand the attention of the board as a whole and specialised enough to require expertise that generalists don’t have. This problem isn’t unique to cyber: delegating specific types of risk to subcommittees could lead to mirroring silos at the board level, countering the board’s need to keep its focus on risks that affect the entire enterprise.

At the board level, cyber presents a dilemma. It’s both critical enough to demand the attention of the board as a whole and specialised enough to require expertise that generalists don’t have. This problem isn’t unique to cyber: delegating specific types of risk to subcommittees could lead to mirroring silos at the board level, countering the board’s need to keep its focus on risks that affect the entire enterprise.