Companies today fall into two groups — those that have been breached and know it, and those that have been breached but don’t know it. The realities of managing cybersecurity risks are that they are impossible to eliminate, resources for managing them are finite, risk profiles are ever-changing and getting close to secure is elusive. Furthermore, organizations need IT resources to innovate so they can remain competitive.

Every board today faces the challenge of overseeing the investment of finite protection resources in an ever-changing cyber threat landscape. Our recent discussion with a group of active directors identified some interesting cyber-related topics germane to board oversight.