Boards of Directors are increasingly being held accountable for the organization’s cybersecurity shortcomings. Some Board members have been able to hide behind the “business judgment rule” in the past to avoid having to take ownership of cybersecurity. But that is changing, and it is no longer reasonable for the board to be hands-off when it comes to cybersecurity.