This report is designed to be of use to reporting teams and risk teams who are involved in reporting, and for audit committees who review the resultant disclosures. It focuses on disclosure relating to digital security (and strategy) risk that can be optimised to provide users with useful information. It does not cover what controls a company should have or what general requirements around risk disclosure should be. However, it does refer to government guidance on actions that companies should take.