Which of the following is an inaccurate statement of NACD principles about cyber-risk oversight for directors?

The chosen answer highlights a fundamental flaw in the attitude that directors should take towards cyber-risk oversight. The statement correctly emphasizes that not putting cyber-risk management proactively on the agenda is a misguided approach. Cyber threats are constantly evolving and can significantly impact an organization, making it crucial for board directors to actively engage with and prioritize these discussions.

In the context of NACD principles, the proactive engagement with management is essential as it not only fosters a culture of awareness but also equips directors to make informed decisions based on the latest threat landscapes. Cyber-risk should not be viewed as a secondary concern that will resolve itself; rather, it requires consistent attention and strategic oversight. By neglecting to address this issue actively, boards may expose their organizations to unnecessary risks, potentially leading to severe consequences.

The remaining options promote the importance of continuous engagement and adaptation to cyber-risk management, which are key components of effective governance in today’s digital landscape.