Skip to content
Archived content. You are viewing v1 of SME Digital Advisor — the original multi-section site (risks, scenarios, policies, OWASP, flashcards). Go to current site →

Report template

Quarterly Board Cyber Report

A one-page board template.

Boards need a regular, structured view of cyber so it's tracked like any other operational risk.

How to use this: The bracketed items like [Company Name] are placeholders — replace them with your own details. Edit the wording to suit your business. This is a starter, not legal advice.

Where we are

Status, in one sentence: [e.g. Cyber Essentials renewed. Two open risks. No incidents this quarter.]

Top three active risks:

  1. [risk] — owner: [name]
  2. [risk] — owner: [name]
  3. [risk] — owner: [name]

Key metrics

MetricThis QLast Q
MFA coverage[X%][Y%]
Phishing-test click rate[X%][Y%]
Critical patches > 14 days[N][M]
Backup restores tested[Y/N][Y/N]
Open admin-rights count[N][M]

What happened

  • Incidents: [none / detail]
  • Near-misses: [summary]
  • Changes to IT supplier: [none / detail]
  • New customer questionnaires: [N]

What's next

  • Investments: [item, cost]
  • Risks accepted: [item]
  • Decision asked: [one-liner]
  • Next milestone: [e.g. ISO 27001 stage 1 in May]

Regulatory / insurance

  • Insurance renewal: [date]
  • Cyber Essentials renewal: [date]
  • ICO interactions: [none / detail]

Sign-off

Prepared by [name] on [date].

Tips for adoption

  • Same shape every quarter.
  • Numbers > adjectives.
  • If the same risk appears three quarters running, the board hasn't actioned it.