New cybersecurity regulations, along with an uptick in post-breach regulatory enforcement actions and civil litigation, continue to push corporate boards toward more active oversight of their organizations’ cybersecurity risks and programs. This increasing pressure leaves some boards questioning how and to what extent they should be involved in responding to significant cybersecurity incidents. In this guest article, Alston & Bird partners Kim Peretti and Cara Peterman, and senior associate Lance Taubin, address the evolving regulatory and litigation landscape impacting the board’s cyber-risk governance and the role of boards in overseeing breach response and related disclosures. They also offer five steps for effective board oversight of cybersecurity incident response. See “Twelve Steps for Engaging the Board of Directors and Implementing a Long-Term Cybersecurity Plan” (Sep. 16, 2020).