Cyber governance practices are maturing – and reshaping leadership expectations

How technology leaders can help organisations shape their cyber governance practices and strengthen their collaboration across the executive team

Susanne  Alfs

By

Published: 30 Jul 2025

The UK Cyber Governance Code of Practice (CGCP), published in April by the Department for Science, Innovation and Technology, is the outcome of a collaborative effort with industry and governance institutions. It brings the UK in line with global trends, where governments are increasingly setting clearer expectations around board-level responsibility for cyber risk.

The CGCP defines cyber governance through five principles: risk management, strategy, people, incident response, and oversight. Its purpose is to ensure that boards understand their responsibilities and embed cyber risk into the organisation’s overall risk management framework. Crucially, the CGCP uses non-technical language, reinforcing the message that effective cyber oversight does not require a background in technology.

Although the CGCP is aimed at board directors, it has clear implications for technology leaders. Boards committing to the CGCP will depend on input from their CIO, CTO or CISO to evaluate how well the organisation aligns with its principles. For technology executives, this presents an opportunity to lead by helping to shape governance practices and strengthening collaboration across the executive team.

Technology leaders are often well positioned to introduce the CGCP to their board, highlight existing strengths, and identify areas for improvement. Cyber governance is still frequently associated with compliance or certification frameworks. However, its scope has evolved to encompass strategic alignment, organisational culture, expected behaviours and informed oversight. This broader framing helps board members connect cyber risk with familiar governance responsibilities and gives technology executives a platform to engage more meaningfully across the leadership team.

According to The Cyber Leadership Playbook, 41% of board members report difficulty in overseeing cyber risk effectively. Addressing this challenge, technology leaders must move from technical stewardship to strategic partnership. Anticipating the conversations that the CGCP will trigger allows CISOs and CIOs to build credibility and help the board make better-informed decisions.

Five practical steps for technology leaders:

  1. Be proactive: Collaborate across the business on strategy, workforce engagement and incident response planning — before the board requests it.
  2. Use a shared language: Leverage the CGCP’s terminology as a guide for engaging with board directors and aligning cyber with the broader risk management agenda. 
  3. Seek board support: Use the CGCP as a basis to request backing – for example, for better policy enforcement, aligning budgets, or business-wide engagement.
  4. Build trust through realism: Don’t promise “security” where you realistically cannot. Commit to preparedness, responsiveness and continuous improvement. 
  5. Share insights, not just indicators: Help the board assess risks, trade-offs and options. Offer alternatives and criteria that should guide the board’s decision-making. 

Importantly, responsibility doesn’t rest with technology leaders alone. The CGCP calls on board members to improve their own cyber literacy and to establish a strong dialogue with the executive team on cyber risk. Many technology leaders have long argued that improving cyber knowledge in the boardroom is essential – and the CGCP explicitly creates space for that shift. As cyber governance matures, board expectations are changing too. Technology leaders have a powerful opportunity to guide the conversation.

Read more on CW500 and IT leadership skills

Read More
Erasmo Pepper

Latest

Tiny Triassic Reptile Sheds Light on Early Lizard Evolution

Science & Nature Today, lepidosaurs -- the reptile group...

Ediacaran Sea Creature May Hold Earliest Evidence of Right-Handedness

Science & Nature Spriggina floundersi, a marine species that...

Astronomers Uncover Hidden Structures Surrounding Orion Nebula

Science & Nature Using the Karl G. Jansky Very...

The space industry is weighing ambitious hiring against heritage

Science & Nature Space is hard, as the decades-old...

Newsletter

Don't miss

Tiny Triassic Reptile Sheds Light on Early Lizard Evolution

Science & Nature Today, lepidosaurs -- the reptile group...

Ediacaran Sea Creature May Hold Earliest Evidence of Right-Handedness

Science & Nature Spriggina floundersi, a marine species that...

Astronomers Uncover Hidden Structures Surrounding Orion Nebula

Science & Nature Using the Karl G. Jansky Very...

The space industry is weighing ambitious hiring against heritage

Science & Nature Space is hard, as the decades-old...

2026 eclipse: 5 citizen science projects you can contribute to

Science & Nature During the August 2026 solar eclipse,...

Breitbart Business Digest: Stacking Those $250 Trump Bills

Weekly Wrap: Making It Rain with Trump Bills Welcome back to Friday! This is the Breitbart Business Digest weekly wrap, our septidialogic sweep through the economic and financial news. This week the economy failed to get indigestion from the high price of gas, Treasury Secretary Scott Bessent told us about getting fed at the Fed, Trump

Business seminar in Munich highlights Hong Kong’s strategic roles amidst global shifts (with photos)

Business seminar in Munich highlights Hong Kong's strategic roles amidst global shifts (with photos) ******************************************************************************************      The Hong Kong Economic and Trade Office, Berlin (HKETO Berlin), promoted Hong Kong's unique advantages and strategic roles at the seminar "Hong Kong's strategic role amidst geopolitical tensions" on June 18 (Munich time) in Munich, Germany.             Senior executives, investors

AI for business services: From job fears to productivity

AI for business services: From job fears to productivity