CSO: Whether a specific requirement or not, companies must either educate their board of directors in cybersecurity and risk management or look to recruit directors with specific cybersecurity experience to improve organizations response and decision-making.