Image 1 of 1
Image 1 of 1
Image 1 of 1
Image 1 of 1
Cybersecurity failures, data privacy breaches, and AI governance failures share a common feature: boards are increasingly held accountable for them, and the consequences — regulatory fines, civil liability, reputational damage, and personal director liability — are material.
Yet most boards lack the working knowledge to exercise genuine oversight across all three domains. This course treats them as the integrated governance challenge they are, rather than separate technical functions. On cybersecurity, the course covers the board's role in overseeing information security risk — what ISO 27001 and the NIST Cybersecurity Framework require of governance, how to evaluate management's cybersecurity posture without technical expertise, what incident response governance looks like, the regulatory disclosure obligations triggered by material breaches (SEC cyber disclosure rules, NIS2 Directive, PDPA and equivalent national frameworks), and how cybersecurity risk connects to ESG and sustainability governance. On data privacy, the course covers GDPR and its global equivalents as governance obligations — what boards should be asking about data inventories, privacy by design, data processing agreements, breach notification, and cross-border transfer compliance — along with the personal liability exposure for directors under data protection law. On AI governance, the course covers the EU AI Act's risk framework, AI liability, algorithmic discrimination, automated decision-making obligations, and the board's oversight role in AI deployment decisions. The final component integrates all three: how cybersecurity, privacy, and AI risks interact in practice, how audit committees should be structured to oversee all three, and what a board-level technology governance framework looks like.
The course uses enforcement case studies, regulatory findings, and board-level incidents across all three domains.
Participants leave with a coherent governance framework spanning all three areas and a practical agenda for strengthening board oversight. Suitable for non-executive directors, board members, audit committee members, and senior executives with board reporting responsibilities across technology, legal, risk, or compliance functions.
Cybersecurity failures, data privacy breaches, and AI governance failures share a common feature: boards are increasingly held accountable for them, and the consequences — regulatory fines, civil liability, reputational damage, and personal director liability — are material.
Yet most boards lack the working knowledge to exercise genuine oversight across all three domains. This course treats them as the integrated governance challenge they are, rather than separate technical functions. On cybersecurity, the course covers the board's role in overseeing information security risk — what ISO 27001 and the NIST Cybersecurity Framework require of governance, how to evaluate management's cybersecurity posture without technical expertise, what incident response governance looks like, the regulatory disclosure obligations triggered by material breaches (SEC cyber disclosure rules, NIS2 Directive, PDPA and equivalent national frameworks), and how cybersecurity risk connects to ESG and sustainability governance. On data privacy, the course covers GDPR and its global equivalents as governance obligations — what boards should be asking about data inventories, privacy by design, data processing agreements, breach notification, and cross-border transfer compliance — along with the personal liability exposure for directors under data protection law. On AI governance, the course covers the EU AI Act's risk framework, AI liability, algorithmic discrimination, automated decision-making obligations, and the board's oversight role in AI deployment decisions. The final component integrates all three: how cybersecurity, privacy, and AI risks interact in practice, how audit committees should be structured to oversee all three, and what a board-level technology governance framework looks like.
The course uses enforcement case studies, regulatory findings, and board-level incidents across all three domains.
Participants leave with a coherent governance framework spanning all three areas and a practical agenda for strengthening board oversight. Suitable for non-executive directors, board members, audit committee members, and senior executives with board reporting responsibilities across technology, legal, risk, or compliance functions.