An important read for directors that want to understand the current legal landscape on board cybersecurity oversight, to evaluate how current their cybersecurity approach is and how exposed they are personally. Boards have to be able to defend that they meet reasonable standards in security. And just being compliant is not enough, cybersecurity policies must meet the industry norm. This is even more important for boards of unregulated industries, for example mobile services and apps, and of small and medium companies that feel wrongly they could not be the target of cyberattacks.

http://www.csoonline.com/article/3147628/leadership-management/why-security-leaders-need-to-embrace-the-concept-of-reasonable-security-now.html