Yahoo Inc. recently told the SEC that its senior executives failed to \u201cproperly comprehend or investigate\u201d the 2013 and 2014 security breaches that affected more than 500 million accounts, according to a review by an independent board committee.\n\nThe review found fault at several levels of the organization. There were problems with internal reporting, management, communication around the breach, the company said.\n\nThe fallout from these breaches has been severe. In addition to several class action lawsuits, the breaches also put Verizon\u2019s $4.83 billion pending acquisition of Yahoo! in jeopardy. Now, in addition to all of these problems, the findings of the board committee were accompanied by financial fallout for the company\u2019s CEO, Marissa Mayer. The board decided not to award Mayer her 2016 cash bonus and Mayer offered to forgo her equity award in 2017 and the board accepted.\n\nWhen it comes to cybersecurity, the onus is on boards and C-suite executives to establish clear business processes and accountability and as well as clear lines of communication. If that wasn\u2019t clear before, it should be crystal clear now.\n\nIt\u2019s tempting to sit back and point fingers at Yahoo! but the reality is that this breach is hardly an isolated incident. One of the biggest challenges facing the C-suite and boards is the failure to comprehend the universality of cyber security threats and the negative impact of a major cyber security breach. This failure to comprehend the scope of the problem means the necessary reporting and processes needed to effectively manage this risk are neglected and de-prioritized. \n\nHarvard Business Review published a new study that sheds light on exactly how serious this problem is. The study evaluated responses from over 5,000 board members from over 60 countries and while cyber security ranked as one of the top political issues and directors see it as an urgent global issue, most failed to make the connection between the immediacy of these risks and the processes in place to manage them. \n\nIn fact, when asked about reviews of data breach contingency plans directors gave their boards extremely low marks. Even worse, of the 23 business processes directors were asked to rank the ones related to cyber security ranked dead last.\n\nThese failures to comprehend and effectively manage cyber security issues at the board level are a serious problem. An IBM study found that the average cost of a data breach is $4 million. A recent Cisco study found that 50 percent of companies faces public scrutiny after a breach, 22 percent of them lost customers, and 23 percent lost business opportunities.\n\nCyber security can be a complex and challenging topic for non-technical executives but there are many concrete things boards can do to prioritize these issues. Here\u2019s a list of five things every board should do today:\n\nNone of these recommendations is surprising -- there is a lot of information available to boards that want practical advice on how to address cyber security issues. The real cyber security questions for most organizations are connected with leadership and prioritization. I\u2019ve been sitting on boards (and executive teams) advocating for over 17 years and I\u2019ve found that the answer to these question determine how effectively an organizations adapts to the evolution of cyber security threats.