World Economic Forum, National Association of Corporate Directors, and Internet Security Alliance to Collaborate on Global Cyber Principles for Boards of Directors

November 19, 2020

WASHINGTON, Nov. 19, 2020 — The World Economic Forum (the Forum), the National Association of Corporate Directors (NACD), and the Internet Security Alliance (ISA) today announced a collaborative effort to provide new guidance for directors to effectively oversee cyber risk for their organizations.

The collaborative effort is inspired in part by the World Economic Forum’s 2020 Global Risk Report, which found that cyberattacks are one of the top risks any organization faces and flagged that by 2021, $6 trillion will be lost to cybercrime, according to Cybersecurity Ventures. Compounding the risks and losses is the acceleration of digitalization due to the coronavirus pandemic.

The three organizations will begin the collaboration by developing a set of principles that boards of directors can use to assess the cyber-risk management processes their organizations need to follow. The new principles will be an update on the efforts that the Forum, NACD, and ISA have undertaken over the past several years, designed to meet rapid changes in the cybersecurity landscape. Once the new global principles are established, the collaborators will embark on determining how best to measure security outcomes to address the ever-evolving cyber threat.

Speaking for the Forum, Daniel Dobrygowski, head of Corporate Governance and Trust, said, “We need effective collaboration and strategic vision to ensure cyber resilience and protect trust between all stakeholders. By joining the long-running initiatives at NACD and ISA together with the Forum’s groundbreaking cyber resilience programs, we will empower leaders with the knowledge necessary to improve cyber resilience and cyber-risk governance globally.”

“It is essential to equip directors with the latest and most effective strategies to oversee and protect their organizations from cyber threats,” said Peter R. Gleason, CEO of NACD. “The World Economic Forum will be an important ally as we seek to build on the foundational work NACD and ISA have done over the last six years.”

ISA President Larry Clinton added, “With WEF, NACD, and ISA coming together and identifying a unified set of principles, we take an important step in addressing the growing cyber risks organizations face. The second initiative—developing outcome security metrics based on the principles—is potentially even more important, as we will enable organizations to empirically measure the effectiveness of following these principles based on actual security outcomes and not just compliance requirements. That will be an important step toward forwarding overall cybersecurity.”

About the World Economic Forum
The World Economic Forum is the International Organization for Public-Private Cooperation. The Forum engages the foremost political, business, and other leaders of society to shape global, regional, and industry agendas. It was established in 1971 as a not-for-profit foundation and is headquartered in Geneva, Switzerland. It is independent, impartial, and not tied to any special interests. To learn more, visit

About NACD
The National Association of Corporate Directors (NACD) empowers more than 21,000 directors to lead with confidence in the boardroom. As the recognized authority on leading boardroom practices, NACD helps boards strengthen investor trust and public confidence by ensuring that today’s directors are well prepared for tomorrow’s challenges. World-class boards join NACD to elevate performance, gain foresight, and instill confidence. Fostering collaboration among directors, investors, and corporate governance stakeholders, NACD has been setting the standard for responsible board leadership for 40 years. To learn more about NACD, visit

About the Internet Security Alliance (ISA)
The mission of the ISA is to integrate advanced technology with economics and public policy to create a sustainably secure cyber system. The ISA board consists of senior corporate executives representing each of the designated critical industry sectors. ISA has three major goals: thought leadership, advocating for market-based public policy, and promoting the use of effective cybersecurity standards and practices. ISA’s “Cyber Social Contract” describes an incentive based, as opposed to regulatory, approach to public policy. ISA has also partnered with NACD and other director organizations and governments around the world to develop handbooks on cyber-risk oversight that are now available on four continents in five languages. To learn more about ISA, visit