Business models are changing in response to the COVID-19 pandemic, and that has driven changes in cybersecurity needs. With many employees working from home and the rise in phishing, ransomware, and business email compromise schemes, companies have had to address increased security vulnerabilities. At the same time, they may be expanding their digital footprint with the adoption of new technologies further increasing cyber risks. Boards will want to understand their company’s cyber strategy and how underlying programs have adapted to address the company’s changing activities and business risks. We provide five areas on which to focus.