Boards don't know enough about cybersecurity, and corporate directors often don't know what to ask chief information security officers—even when they invite them to speak at board meetings. Directors should ask for cybersecurity metrics and routinely review those metrics in order to both stay informed and show that they've actively addressed security issues should problems arise. Read the original story from The Wall Street Journal.