Enabling board directors with the knowledge, insights, and practical guidance in governing cyber risk and building resilience

Cybersecurity governance expectations are rising

Across the world, regulatory expectations on cyber risk oversight are rising. For instance, the Securities and Exchange Commission (SEC) in the US now requires companies to describe the processes by which the board is informed of cyber risks. 

But technology and cybersecurity are often gaps in the skills matrix of boards, and 98.2% of S&P board directors do not have expertise with cybersecurity, according to research from The Wall Street Journal.

ISTARI and Oxford University’s Saïd Business School have collaborated to create Lighthouse, a bespoke cybersecurity governance enablement programme for boards of directors.


Demystifying cyber risk

Drawing insights from our work with CEOs and Chairs, Lighthouse aims to equip board directors with the knowledge, insights, and practical guidance to become stewards in governing cyber risk and creating cyber resilience.

Lighthouse demystifies cyber risk by putting it in the context of business risk and risk appetite. It also provides an independent evaluation of the board’s cybersecurity governance processes and offers bespoke recommendations and best practices for boards to improve their cyber risk governance.

A core component of Lighthouse is a senior business executive who will share their experience with a serious cyberattack, including mistakes, lessons learned and insights for others.

We are proud to partner with Oxford University’s Said Business School, a world-renowned institution that has been at the forefront of business education for decades.

A custom enablement programme


60-minute, structured interviews with each member of the board, the CEO and CISO, focussing on the board’s experience with cybersecurity, the cybersecurity charter and programme from a governance perspective and cyber risk governance and committee structures



At the back of a quarterly board meeting or during an extraordinary board meeting, the senior business executive will tell the story of a serious cyberattack, followed by a discussion of the key findings from the interviews. We will also share board best practices and the principles of good cyber risk oversight.



The board will receive a key findings report based on the interview findings and discussion during the board meeting. We offer debrief conversations with each board member and a follow-up check-in after 6 months. The board continues to have access to a cyber advisor from ISTARI’s network of 3500+ professionals. To satisfy any regulatory requirements, we provide an optional certificate of completion from Oxford University's Saïd Business School.


Icon 3
Icon 2
Icon 1

Interested in a custom programme for your Board?