Engaging the board is an ongoing challenge in cyber security for a variety of reasons: what seems like a uniquely technical issue is actually a complex business risk present across different business functions. Board members don’t necessarily have the technical knowledge to feel at ease making decisions about cyber risk, and a lack of regulatory clarity and metrics around cyber threat makes it challenging to track ROI. This session asks how we can prepare a board for a crisis, using planning processes to help shape decisions, identify areas in need of investment and gain cyber security sponsorship at the highest levels of the business.