AIG, NACD, and ISA Issue Cyber-Risk Oversight Guidance for Corporate Directors

WASHINGTON, June 11, 2014 (GLOBE NEWSWIRE) -- Designed to provide corporate directors with expert guidelines to improve their cybersecurity oversight, American International Group (AIG), the National Association of Corporate Directors (NACD), and the Internet Security Alliance (ISA) today announced the release of the latest issue in NACD's Director's Handbook Series, Cyber-Risk Oversight.

Access this new resource at

"Ninety percent of directors participating in our latest governance survey indicated they would like to improve their understanding of cybersecurity risk," said Ken Daly, NACD president and CEO. "This handbook provides boards with practical tools to do just that, including self-assessment questions for directors, sample board report dashboards, and guidelines for conversations with management."

This unique publication is organized around five key principles and covers a wide spectrum of board-level considerations related to oversight of cybersecurity, including board composition, liability implications, disclosure issues, access to expertise, and risk appetite calibration.

"Recent breaches in both the public and private sectors have put the issue of cybersecurity on every board's agenda," said Larry Clinton, president and CEO of ISA. "This handbook is a natural extension of ISA's mission to create private sector standards and practices that integrate both the technological and economic aspects of cybersecurity."

Boards should adapt the recommendations set forth in the handbook based on their company's unique characteristics, including size, life-cycle stage, business strategy, industry sector, geographic footprint, and culture.

"The complexity of cyber threats has grown dramatically over the past decade. As the intricacy of attacks increases, so does the risk they pose to corporations," said Mark Camillo, head of cyber products for the Americas Region for AIG. "Conscientious and comprehensive oversight at the board level is essential."

NACD's new Cyber-Risk Oversight guide is available at

About AIG

American International Group Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange. Additional information about AIG can be found at | YouTube: | Twitter: @AIG_LatestNews | LinkedIn:

About NACD

The National Association of Corporate Directors (NACD) is the recognized authority focused on advancing exemplary board leadership and establishing leading boardroom practices. Informed by more than 35 years of experience, NACD delivers insights and resources that more than 14,000 corporate director members rely upon to make sound strategic decisions and confidently confront complex business challenges. NACD provides world-class director education programs, national peer-exchange forums, and proprietary research to promote director professionalism, ultimately enhancing the economic sustainability of the enterprise and bolstering stakeholder confidence. Fostering collaboration among directors, investors, and governance stakeholders, NACD is shaping the future of board leadership. To learn more about NACD, visit To become an NACD member, contact Kelly Dodd at or 202-380-1891.

About ISA

The Internet Security Alliance (ISA) is a multi-sector trade association that sees cybersecurity not as an IT issue, but as an enterprise-wide risk management issue. ISA's mission is to combine technology with economics and public policy to create a sustainable system of cybersecurity. ISA is focused on three main goals, thought leadership, public advocacy, and creating standards and practices that effectively promote cybersecurity. In 2008, ISA published its cybersecurity social contract which argued that traditional government regulation would be ineffective and counter-productive against the growing cyber threat. Instead, ISA proposed that government work with industry to identify effective standards and practices and motivate voluntary adoption of these standards and practices by deploying market incentives. In 2011, the ISA "social contract" was embraced by the House GOP task force on cybersecurity and in 2013 the ISA approach was adopted in President Obama's executive order on cybersecurity.

CONTACT: Media Contact: Henry Stoever, Chief Marketing Officer, NACD 202-572-2102 Matt Gallagher, AIG Media Relations 212-458-3247 matthew.gallagher2@aig.comSource:National Association of Corporate Directors