An article in the WSJ suggests that boards are getting more interested in cybersecurity. Actually the line just below probably says it all:
Facing threat of regulation
I doubt most boards are remotely able to carry on a meaningful conversation in this area. They don’t know what questions to ask and in general, they aren’t really interested. Likely, the reports they receive are just done to show that they’ve reviewed the matter.
Cybersecurity is hard.