The board should encourage steps towards a proactive and mature Information Technology (IT) culture to oversee cyber risks. It is important that cyber risk oversight is integrated with the strategy and risk management of the company, particularly with regard to identifying a company’s critical data and informational assets. Oversight of cyber risks should not be seen in isolation from the technology and business strategy and objectives to which they are related. On the contrary cyber risks should be addressed in an integrated approach across all risks to achieving business objectives. Board members are encouraged to obtain sufficient knowledge in technology and risk – considering a company’s unique business and structure – to distinguish an appropriate from an inappropriate process, to questions suggested below. As with any business knowledge, investors expect boards to select and train individual board members in cyber risk awareness. This will help board members to provide adequate cyber risk oversight, ask the right questions and understand the answers.