Contact Us

CISO board-reporting responsibilities

Hiring Guide

What Should a CISO Report to the Board? The Complete Guide

Boards are now accountable for cyber risk. A CISO’s board reporting must translate technical risk into business language. Here’s exactly how.

Book a Conversation

Where Businesses Get Stuck

The challenges we most commonly see when organisations come to us:

  • Your board receives a CISO report they don’t understand or a technical slide deck they can’t act on.
  • Cyber risk isn’t being governed properly.

Our Methodology

The CISO Board Report Template: a quarterly board pack structure with five sections boards can actually use.

What Starkhorn Brings

Daniel Jacobs: 20+ years in technology and security, 15+ of them in leadership roles. VetPartners (BC Partners, GBP1.2bn), Jardine Motors Group (GBP2bn). Published author. PRINCE2, ITIL, IIM Full Member. Combined CIO+CISO practice: board reporting is a core deliverable.

Starkhorn does not subcontract or use associate networks. You work directly with Daniel Jacobs from the first conversation through to delivery.

Who This Is For

This service is designed for:

  • CISOs and CEOs structuring governance. Non-executives wanting to understand what to expect

This is not the right fit for: Junior security professionals.

Frequently Asked Questions

What is a board cyber governance assessment and why does my organisation need one?

It is the standard for board-level cyber governance published by the Department for Science, Innovation and Technology with the National Cyber Security Centre in April 2025. It sets out 22 actions across five principles (risk management, strategy, people, incident planning, and assurance and oversight) that directors are expected to own.

Is the Cyber Governance Code mandatory?

The Code itself is voluntary, but it is the benchmark regulators, insurers and acquirers increasingly hold boards to, and the Cyber Security and Resilience Bill — introduced to Parliament in November 2025 and now in committee — raises the cost of ignoring it materially. Treating it as optional is a board decision with consequences.

How does this relate to the NCSC Board Toolkit?

The NCSC Cyber Security Board Toolkit is the National Cyber Security Centre’s guidance for boards on governing cyber risk. The Code of Practice turns that guidance into 22 specific actions a board is expected to own. This assessment scores you against those 22 actions, so it works as a practical companion to the Board Toolkit: the Toolkit tells you what good governance looks like, this tells you where yours actually stands and what to fix first.

What is cyber security governance?

Cyber security governance is how the board directs and oversees cyber risk: who is accountable, how risk decisions are made, what the board sees and challenges, and how it gains assurance that controls work. It is distinct from the technical controls themselves. This assessment measures the governance, not the firewall, which is why it needs no technical knowledge to complete.

What does a typical Starkhorn engagement cost?

Engagements are structured as monthly retainers or fixed-term day-rate assignments. The cost depends on scope and time commitment. We are transparent about pricing from the first conversation and will give you a clear indication on the call.

What experience does Starkhorn bring?

Starkhorn is led by Daniel Jacobs, with 20+ years in technology and security, 15+ of them in leadership roles. He has served as Interim Group Technology Director at VetPartners (BC Partners-backed, GBP1.2bn), accountable for both technology and security, and as CIO and CISO at Jardine Motors Group (GBP2bn turnover). He holds PRINCE2, ITIL Foundation, and is a Full Member of the Institute of Interim Management.

Does Starkhorn work with businesses outside London?

Yes. We work with clients nationally and, for some engagements, internationally. Much of our advisory work is delivered remotely, with on-site presence when needed. Location has not been a barrier for any of our clients.

What is the first step to working with Starkhorn?

Book a no-obligation conversation using the link on this page. In 30 minutes we will understand your situation, tell you honestly whether we are the right fit, and outline what a first engagement would look like. There is no sales process and no pressure.

Next step

Ready to Talk?

Starkhorn works with MDs, CEOs, and boards of growing businesses. If you have a technology leadership gap, a security concern, or a transformation that is not delivering, we can help. Book a 30-minute conversation with no obligation.

Book a Conversation

Related at Starkhorn