On 25 April 2018, TheCityUK published a report Governing cyber risk: a guide for company boards. The report is intended to inform boards as to how to advance their governance of cyber risk and to provide practical guidance on what boards can do to ensure the security of their customers, their people and their companies.

The report notes that there has been a lot of commentary on the technical aspects of cyber security, but less has been said about how boards can ensure that the right things are being done and in the right way. The report is designed to provide board members with a guide to the governance of cyber risk and deliberately avoids jargon that surrounds the threat.