This article centered around the insurance company industry describes 7 steps to be followed to improve cybersecurity programs: enhance management oversight of cybersecurity, identify critical business processes and assets, provide oversight for third party relationships, improve incident response processes, integrate and align enterprise risk management (“ERM”), evaluate the second line of defense (i.e., compliance department), establish cybersecurity training and awareness program. These guidelines apply to all types of companies and can be used by directors to make certain they ask questions on all key activities related to cybersecurity.

http://corpgov.law.harvard.edu/2015/09/26/cybersecurity-enter-insurance-regulators/