In January 2016, Michael Vatis, director of the FBI's National Infrastructure Protection Center, said: “Companies should be thinking about the legal and managerial decisions that the CEO, the COO and the board will need to make in the event of a cyber-incident.” Every board member, no matter where they operate in the world, should be aware of the catastrophic impact a cyber-attack could have to their company. The Business Continuity Institute’s Cyber Resilience Report 2016 states that “…cyber-attacks offer the most significant business risk to organisations”. The report highlights the top-five causes of digital disruptions as being social engineering, malware, spear-phishing attacks, denial of service and out-of-date softw