Cybersecurity is not the top priority of any business; however, ineffective security practices have an impact on 100% of the key risks faced by modern businesses. Risk governance, when implemented correctly, provides a framework for ensuring the requirements for cybersecurity and data privacy are addressed in a way that equips any type of organization achieve desirable business outcomes. The rules of risk governance explain how the board and senior executives can move their organizations away from tactical and compliance-driven risk management toward effective governance of enterprise risk.