Cyber security and the responsibilities of boards

The NCSC-FI at Traficom has published a guide for companies’ board of directors in cyber security issues. Cyber security and the responsibilities of boards will provide the tools that a company’s board of directors needs as well as the necessary support for improving the cyber security in the organisation.


Companies have become increasingly dependent on digital services and systems. Simultaneously, they face an increasing swarm of cyber threats. Information security is no longer only a technical problem; instead, it should be put on the owners' agenda as part of the company’s risk management.

A well-designed cyber security solution can help shield company’s operations and ensure that it will be able to utilise the benefits provided by digital technology in every domain of its business. This is why members of any corporate board must also possess an adequate level of understanding of the nature of cyber security and the associated risks to the company’s business. We help the members of board to ask the right key questions to find out whether the organisation’s information security issues are taken into account. The guide presents the key questions that a board can review.

The guide is meant specifically for the board members of large and medium-sized organisations, but the people responsible for cyber security can use it as an everyday cyber security tool too. In practice, the guide can be useful to companies of all sizes and in every area of business.

The guide is available in Finnish, Swedish and English and you can download a pdf version of it on the NCSC-FI:s website.

To order a printed copy, please contact cert [at]