Reframing the 2025 NACD + EY Board Priorities Through a Cyber Lens
Each year, NACD surveys corporate directors on where they believe the board should focus its time. And in 2025, the data—published in collaboration with EY—showed the usual suspects at the top:
- Innovation and evolving technologies: 45% of directors want more time spent here.
- Cybersecurity and data privacy: Close behind at 42%.
But raw rankings only tell part of the story.
This year, the more revealing insight isn’t what boards want more time on—it’s whether they think they have the information and resources to govern these issues effectively.
The Insight Gap—Fully Exposed
Below is the side-by-side breakdown of board priorities by:
- % of directors who want to spend more time on a topic
- % who believe they need more information and resources
- And the gap between those numbers
So, What Does This Tell Us?
✅ Cyber & Tech = High Awareness, High Demand
Cyber and innovation are not only ranked highest in boardroom focus, but also show tight alignment between directors’ desire for time and their acknowledgment of resource gaps. That’s healthy.
Boards are saying: “We know it’s important, and we know we need help.”
⚠️ Talent, Supply Chain & Third Parties = Confidence or Blind Spots?
- Talent: 42% of directors want more time on talent, but only 31% believe they need more information. That 11% gap suggests overconfidence. Boards may assume talent is a familiar domain—when in reality, workforce transformation, remote culture, and retention challenges have evolved faster than traditional oversight frameworks.
- Supply Chain Matters: Similarly, 33% of directors want to spend more time here, but only 27% say they need more resources. That 6% gap may underestimate the complexity of today’s interconnected supplier ecosystems, especially when third-party cyber risk, geopolitical instability, and logistics disruptions are rising in frequency and impact.
In both cases, boards seem to be signaling: “We want to talk about it more—but we already understand it.”
🛑 Regulatory and Economic Topics = Flat or Overloaded
Some topics like Regulatory Developments actually show a negative gap—meaning more directors feel informed than want to spend time on it. That’s either a win for reporting structures or a signal that boards are fatigued from compliance briefings.
🟡 Political Risk is the Only Perfect Match
31% of directors want more time here, and 31% say they need more info. That might be because it’s newer in the boardroom spotlight and directors recognize they need help understanding it.
Insight Gaps Reveal More Than Priorities—They Reveal Maturity
This year’s NACD + EY data does more than list what boards care about—it quietly reveals how mature and self-aware boards are across each issue.
- Small gaps (like in cybersecurity and innovation) indicate boards know these issues are complex and fast-moving—and are actively seeking more oversight tools.
- Large gaps (like in talent and supply chain) might point to false confidence—where directors assume experience equals expertise.
- Zero or negative gaps (like in regulatory or economic conditions) suggest familiarity, but possibly stagnation—where routine updates substitute for real strategic engagement.
And that’s the real takeaway:
It’s not just about where boards spend more time—it’s about how honestly they evaluate what they don’t yet know.
Cybersecurity stands out not just because it’s ranked highly, but because the gap is tight. That signals increasing board maturity—but also a warning: if you’re not in the 39% asking for more cyber resources, you may be the 61% who mistakenly think you have it covered.
