A review of how well boards and management committees understand and manage the cyber risks their firms face has revealed that many should take more proactive steps to foster a security-centric culture which transforms cyber from an IT issue to an organisation-wide priority.