All CEOs and board members today must understand their company’s security risks. Without this knowledge funneling down from the top, risk analyses and resulting decisions may be flawed, leading organizations to take on greater risk than intended.