Boards of directors are deeply concerned with how cybersecurity protects the enterprise and its customers. They must appreciate how the threat landscape is changing, the limitations of conventional defenses, and how to shape advanced protection based on the clearly articulated risk appetite of the enterprise. Security policies and practices should enable the progress of the business while preventing the progress of its adversaries in cyberspace.