The pressure on today’s executives is relentless. Mounting risks, shifting regulations and emerging technologies mean the stakes have never been higher. That’s why thousands of directors, senior decision-makers, and governance, risk and compliance (GRC) professionals are turning to the 

These high-impact, fully digital events deliver expert insights, practical tools and a global peer network, which helps leaders stay agile and get more from the technology and systems they rely on every day.

Registration is now open for our next event: 

The Diligent Risk & Resilience Virtual Summit

6 reasons to join the Diligent Virtual Summit Series

Every summit in the series brings together a curated lineup of global experts, boardroom veterans, technology innovators and top practitioners. These are the people solving the very challenges you're facing. And now, they're sharing what they've learned along the way.

Sessions go beyond surface-level trends to deliver real-world insights, case studies and practical advice. Whether it’s navigating cyber risk, implementing responsible AI or strengthening compliance oversight, you’ll hear directly from those at the forefront.

2. Stay current on the issues that matter most

From regulatory changes and digital disruption to evolving stakeholder expectations, each summit is designed around timely, high-impact topics. Your agenda will reflect the conversations happening in boardrooms and among leadership teams right now.

No matter the theme, each event offers sessions that are immediately relevant and widely applicable, helping you make smarter decisions and anticipate what’s next.

3. Actionable takeaways you can use right away

The Diligent Virtual Summit Series delivers practical value 

inspiration. Expect to leave each session with:

Frameworks and best practices you can bring back to your organization

Insights to inform board reporting, audits, risk assessments and more

Tools to improve governance workflows and decision-making

This is content designed to spark ideas and empower action.

Did we mention that our virtual summits are completely free? No travel, no cost and no hassle — just high-impact discussions you can access from wherever you are.

Plus, all of our sessions are recorded and available on-demand, making it easy to fit professional development into the busiest schedules.

Designed to take full advantage of the virtual format, the Diligent Summit Series delivers expert insights and instant access to learning. Attendees benefit from interactive Q&A sessions, downloadable resources and follow-up content that deepens engagement. You’ll also connect with a global community of leaders navigating similar challenges.

Professional development isn’t just a nice-to-have, it’s a requirement for many professionals. That’s why most Diligent Virtual Summits qualify for Continuing Professional Education (CPE) credits, with some events offering eligibility for CLE, CEU or other region-specific certifications.

Whether you're earning credits for GRC-related certifications, or simply building a stronger resume, these summits offer a convenient, no-cost way to meet your learning goals.

Ready to see what's next and join the conversation?

takes place on September 16, 2025, with sessions available in North American, EMEA and APAC time zones.

This virtual event explores how to fortify your organization’s resilience against an evolving risk landscape. From navigating new challenges to leveraging resilience as a strategic advantage, this summit offers unparalleled guidance to help your organization thrive.​

Want to explore sessions and content from previous virtual summits?

Inside the Diligent Virtual Summit Series: Why top leaders keep coming back

Cybersecurity increasingly forms the bedrock on which municipal governments and school districts build digital infrastructure and deliver critical services. With online connectivity more ubiquitous every year, elected leaders must shoulder greater responsibility to ensure the organizations they govern and oversee protect personal data and sensitive information.

School boards and local government officials not only need to craft resilient, up-to-date cybersecurity policies — and make sure they’re followed — they also must stay abreast of fast-changing national, state and local regulations. And they bear responsibility for the crisis plans that guide response to any potential breach.

Those responsibilities have never weighed more heavily. Cyber threats are more common, damaging and sophisticated than at any point in the past, with ransomware and other assaults on K-12 educational institutions 

. The attack surface grows broader and more complex every year, in hardware — thanks to Internet of Things technologies — and in software, thanks to chatbots and AI tools. Incident disclosure timelines have shrunk, and both acknowledging breaches and mitigating their effects demand a well-prepared, well-equipped board.

Why cybersecurity matters now more than ever

Public sector organizations, from school boards to community colleges and city councils, operate under strict requirements for disclosing data breaches, protecting sensitive information, storing personal data securely and much more.

Compliance with cybersecurity regulations validates the use of public funds for organizational goals, demonstrates accountability in public service and has the added benefit of protecting against reputational (and legal) damage.

But the benefits extend far, far beyond box-ticking. Knowledge of requirements, guidelines and regulatory demands also empowers board members and helps them effectively fulfill their duty of care and to advocate for cybersecurity measures within the organization and to ask the right questions when talking to leaders and IT personnel. In the event of a breach, ransomware can inflict staggering financial costs, followed swiftly by the secondary costs associated with losing public confidence. Finally, and essentially, cybersecurity is a grave ethical responsibility for any modern organization. Protecting citizens’ or students’ data earns public trust.

Read on for an overview covering the most essential points on cybersecurity regulation for board secretaries and administrators, including:

The operational, financial and reputational benefits of strong cybersecurity

The regulatory landscape: Cybersecurity for local government and public education

Regulations governing cybersecurity in local government and public education cover a wide range of areas: digital safety, data management, informed consent, user authorizations and other aspects of cybersecurity.

They continue to change frequently as both security measures and cyber threats evolve — in 2024, 

258 cybersecurity bills were proposed in 42 US statehouses, and 29 of them passed

. The general trend is toward more stringent requirements for reporting, encryption, user protections and AI safety.

Similar trends appeared at the national level. School boards face an especially impactful, and growing, list of federal cybersecurity and data protection requirements. The most significant of these are:

The Family Educational Rights and Privacy Act (FERPA)

 gives parents the right to see their children’s school records, have those records amended when necessary and exert a degree of control over whether personal information is disclosed through school-related channels.

The Protection of Pupil Rights Amendment (PPRA)

 limits when, whether and how schools receiving federal funds can ask students (or their parents) to provide information on certain protected topics, such as political affiliation or self-incriminating behavior.

The Children’s Online Privacy Protection Act (COPPA)

 sets a series of strict requirements for any organization that collects information online from children under 13—they must, 

, get parental consent, post clear privacy policies, maintain information security and provide suitable opt-out opportunities.

The Children’s Internet Protection Act (CIPA)

 is now a 25-year-old law that seeks to protect children from harmful online content, and requires schools and libraries to implement internet safety policies and educate students about safe online behavior.

Importantly, although FERPA does not require districts to alert the public of data breaches, state laws typically do (as we’ll explain momentarily). Recognizing this, the federal 

Privacy Technical Assistance Center (PTAC)

 for schools, and the National School Boards Association offers a 

 — to affected individuals, state Attorneys General (where applicable) and more.

) make it easier for schools to comply with these requirements. In November 2024, the Federal Communications Commission (FCC) initiated a 

$200 million pilot program to support cybersecurity infrastructure

, equipment and training for K-12 schools — although 

demand far exceeds the program’s current capacity

The Readiness and Emergency Management for Schools (REMS) office of the U.S. Department of Education offers 

When it comes to local government, the regulatory landscape is similarly well-populated and complex. Key recent cybersecurity measures include:

The Federal Information Security Modernization Act (FISMA)

, requires federal, state and local governments (and organizations doing business with them) to develop adequate protections for their information systems. The updated law creates more stringent cybersecurity requirements.

 sets standards for the protection of sensitive data by any organization that collects or stored financial information—potentially including schools, local governments and other public institutions. 

The National Institute for Standards and Technology (NIST)

All personal health information is protected by the 

Health Insurance Portability and Accountability Act (HIPAA)

 which implements strict requirements for healthcare workers at government-run facilities such as prisons.

 have plans and contingencies in place for responding to data breaches. The laws governing those responses vary from one jurisdiction to the next, with some states requiring notification within 30 days and others allowing indefinite time windows. In addition to the resources listed elsewhere, we suggest consulting 

 for an overview of public and private laws in your state.

Cybersecurity regulations at the state level

In most states, local governments and school boards must comply with law governing information systems security and consumer privacy, incident disclosures after data breaches and other cybersecurity requirements set by state Departments of Education.

To illustrate these interacting requirements in detail, consider the contrasts between Florida — 

 — and Connecticut, where public schools serve 

Florida public sector cybersecurity regulations

Floridian’s personal data benefit from four major regulations covering cybersecurity. These are:

) which covers the general safeguarding of personal information accessible via the internet. This law, following federal examples and in a pattern echoed by many states, 

 “reasonable measures to protect and secure data in electronic form containing personal information.”

 as the Local Government Cybersecurity Act, passed in 2022—defines how public institutions must respond to cybersecurity breaches. The requirements include incident notifications with different levels of urgency, training for staff and new cybersecurity standards.

Florida Educational Technology Security Act

 creates new requirements for how schools must restrict students’ access to online content, including prohibiting access to TikTok on school-owned devices.

 strengthened cybersecurity infrastructure by authorizing the 

 to augment efforts already undertaken by school districts themselves.

Connecticut public sector cybersecurity regulations

 to support school boards, local governments and other bodies in protecting sensitive information. Those 

2022 announcement of cybersecurity as a top state priority

, help local leaders comply with key laws, including:

The Connecticut Data Breach Notification Law (

 to use a wider definition of “personal information” and a shorter window for reporting breaches, among other changes.

Connecticut’s student data privacy law (

Conn. Gen. Stat. §§ 10-234aa up through 10-234dd

 to the collection, storage and handling of students’ personal information.

, which sets guidelines and goals for local governments and municipalities.

Almost every state in the union legislates cybersecurity in two basic ways: they require elected public officials to faithfully and promptly report any breaches in publicly held data, and they establish a set of baseline information privacy measures—sometimes presented as guidelines, in other cases as strict regulatory requirements with associated penalties for noncompliance.

For representative examples, consider the 

Hawaii Breach of Personal Information Law

 has a law on the books that shares a general structure with these examples. Typically, such laws protect vital identifying information (Social Security Numbers, driver’s license numbers, etc.) as well as contact information and medical/biometric information. The laws vary in specifics, such as the timing of the disclosure, how citizens must be notified and when exceptions apply, but most share basic characteristics.

Information privacy guidelines are less uniform. For example, California’s sprawling 

 share considerable overlap — alongside many nuanced differences — with 

Illinois Department of Innovation and Technology’s cybersecurity best practices

 include a “self-funded” program to help cover the costs of certain types of data breaches. Many states use policies like 

 creating a cybersecurity council or center to plan 

 for state agencies and municipal bodies (including school boards).

Due to the complexity of these statutes and the variance state-to-state, local officials, school board representatives and other elected leaders in the public sector should consult the most recent guidance from their state’s Department of Education (DoE), consumer protections agency (if applicable) and similar bodies. Almost all states issue guidelines — some of them with requirements for implementation — through their DoE, so be sure to check with your state’s governing body or department.

Helpful sources for recent updates include:

, an ideal starting point, will point you toward the relevant authorities and sources of additional information

National Conference of State Legislatures,

 which publishes annual lists of new cybersecurity regulations (their 

comprehensive cybersecurity policy report every year

The Parent Coalition for Student Privacy, an advocacy group, also maintains 

 focused specifically on privacy protections

Explore more useful cybersecurity resources

 for municipal governments and city councils. An essential resource for board clerks and secretaries, the review gets into pressing threats, the role of the board in mitigating them and how a well-prepared secretary can make the difference.

Equipped with a plan, you can then turn to 

our tips for communicating with local government leaders about cybersecurity protection

, and how to pitch the upgrades you need.

Given the specificity of data privacy laws for schools, and the wide range of penalties that can accrue to districts that flout them, it’s worth starting with 

an overview of the cyber threat landscape

 — knowing your enemy is half the battle.

Then you can begin your response. First stop: 

 that your board can sink their teeth into.

When you’re ready to start thinking big-picture about solutions, we recommend 

, talking best practices and top recommendations. Dive into concrete courses of action for addressing the problem with 

 focused on the specific duties of the board.

How Diligent Community can support your cybersecurity efforts

You’ve seen the stats — and you understand the importance of cybersecurity as a base layer of solid communications and secure technology that allow the rest of the organization to function as it must.

It can be tempting to look toward short-term, ad hoc solutions that mix and match off-the-shelf recommendations with an IT staffer’s whipped-up code, or to use free file-sharing solutions — 

Those solutions are not going to cut it. Bad actors in the cybersecurity space are using powerful new technologies to crack public systems. An effective, well-designed cybersecurity stack — or cutting-edge security measures within trusted software — safeguards against data breaches and helps fulfill the board’s duty to the public.

They have other benefits, too — modern security is the best way to allow organizations to integrate new technologies safely, opening doors to improved efficiency and even whole new capabilities.

Diligent Community excels across the board on digital and data privacy. As a custom platform built from the ground up to support public boards — and keep their data safe while doing it — Diligent Community is loaded with secure features and market-leading security measures. They include:

 With all your files in a unique database on Amazon Web Services (AWS) servers, you benefit from FIPS 140-2-compliant 256-bit AES encryption — plus a centralized data repository that narrows the attack surface.

Replace personal email and text messaging with 

secure on-platform communication protected by Transport Security Layer (TPS) 1.3

, in-app role-based security and mandated, regular trainings for both developers and non-technical staff ensure expert handling of sensitive data.

 follow industry-leading protocols and NIST requirements.

Don’t leave vital services exposed to growing risks.

Cybersecurity regulations: What public facing boards need to know

The NextGen Board Leaders program, sponsored by Wilson Sonsini and Meridian Compensation Partners, brings together experts and new public company board members under Chatham House Rule to discuss critical topics in corporate governance.

At a recent Summit, held at the New York Stock Exchange (NYSE), leading experts shared timely insights on the rapidly evolving landscape of executive compensation. Several critical themes emerged that are shaping boardroom conversations and governance practices today.

Boards are sharpening their focus on the structure and competitiveness of executive compensation, especially CEO pay. The goal: ensuring that compensation both attracts and retains top talent while maintaining a clear alignment with the company’s long-term strategy.

Executive transitions have also gained renewed importance, with robust succession planning and carefully structured separation packages rising to the top of committee agendas. These priorities reflect a growing expectation—from investors and other stakeholders alike—for transparent links between pay and performance.

The executive compensation environment is more complicated than ever—particularly for companies outside the S&P 500, including those in the Russell 3000 or recently public companies still maturing their governance frameworks.

The U.S. Securities and Exchange Commission’s (SEC) pay versus performance disclosure rules require companies to explain in detail how executive compensation ties to both financial and non-financial results. This has increased the demand for greater rigor in plan design and heightened pressure to clearly articulate the rationale behind every element of pay.

The widening gap between U.S. and international compensation practices shows little sign of narrowing. Meanwhile, periods of economic uncertainty caused by market volatility, global events like COVID, or shifting trade conditions, continue to complicate the selection and calibration of performance metrics and targets for leadership.

Boards must strike a balance: maintaining credibility with executives while guarding against potential corporate waste claims. Practical strategies include:

Maintaining consistency in financial metrics: Avoid shifting targets unless clearly warranted by changes in business conditions.

Scoping discretion tightly: Where discretion is needed, plan documents should include specific language for “extraordinary events” (e.g., leadership effectiveness during crises), paired with clear documentation of rationale.

Using relative performance metrics where appropriate: Comparing performance to peers, rather than absolute targets, can help isolate executive performance from broader market disruption.

While 'say-on-pay' voting outcomes remain largely steady, with low failure rates, scrutiny continues. Boards face ongoing pressure around:

Responsiveness to prior shareholder concerns

Transparency and discipline remain essential.

Best practices in compensation governance

Excellence in compensation governance hinges on strong processes. Boards are encouraged to maintain clear annual calendars for their compensation committees, ensuring all decisions align with committee charters and mandates.

This proactive approach enables early engagement with investors and proxy advisors, particularly on potentially controversial changes, helping to mitigate concerns before they become significant issues.

As the executive compensation landscape continues to evolve, boards that prioritize clarity, disciplined processes, and stakeholder engagement will be best positioned to navigate future challenges.

The Latest in Executive Compensation Trends: Insights from the NextGen Board Leaders East Coast Summit

This article originally appeared in our July 3rd edition of the Diligent Minute Newsletter. For more insights like these, delivered straight to your inbox, subscribe

Board members have a lot on their minds right now. They currently rank the level of risk U.S. businesses face just below 7 on a scale from 1 (lowest) to 10 (highest), according to the latest 

 by Diligent Institute and Corporate Board Member. Top issues include supply chain and inflation/currency risk, geopolitical fluctuations and changes in the regulatory environment along with widespread concern about the economic risk of tariffs.

These issues add to an already-long list of evergreen threats to a company’s business and bottom line — like a product failure, cyber attack, executive scandal or high-profile lawsuit — along with the aftermath. Too often, a negative headline triggers customer flight, investor panic or both, causing a ripple effect of legal, business and reputational challenges.

With the threat of crisis escalating and evolving by the day, Megan Baier’s session at the 

 was perfectly timed. A partner with Wilson Sonsini Goodrich & Rosati, she shared tips and best practices for crisis management.

The steps shared reflect common sense: Identify the issue, mitigate it and manage the communications. But they’re deceptively difficult to execute well under pressure — which is why boards need to be crisis-ready long before a negative incident breaks out.

Here are five top takeaways shared at the Summit on making that happen.

Key players include legal, audit, PR/IR, and bankers. But don’t get too carried away. Smaller groups typically make faster decisions.

It’s also important to equip team members with clear roles, responsibilities and lines of reporting.

A pre-built playbook should cover likely scenarios and the latest best practices, along with guidelines for reporting, disclosures and getting the word out via social media and other channels.

According to the latest Corporate Director Index, nearly half (47%) of boards are engaging in scenario planning to navigate the current crisis environment. In my opinion, this number should be much higher.

 are an excellent way for crisis team members to master their roles, share feedback and build their muscle memory for an effective response — all in a low-stress environment where mistakes are still learning experiences.

Takeaway 4: Find the line between transparency and protection

When something negative happens, investors, customers, employees and other stakeholders want to know. Competitors, activists, and regulators seek this information as well — but for very different reasons.

For boards, this means conflicting pressures to announce bad news quickly versus waiting to gather more facts.

Also note that different crises trigger different legal obligations, such as:

State notification laws and SEC disclosure requirements for cybersecurity incidents

CPSC or FDA reporting for product safety issues

Restatement requirements for financial irregularities

Whistleblower complaints, insider trading investigations and issues related to stock prices in particular require careful coordination between communication and legal teams.

Each scenario requires tailored legal strategies alongside communications planning, she emphasized.

Finally, an important reminder to directors:

 is a board fiduciary duty, requiring enterprise-wide attention.

Are boards receiving regular reports from management about the risks departments are seeing and actions they’re taking to mitigate these issues?

Do board members know enough about the issues to ask the right questions — and are discussions being captured in board minutes for future reference and guidance?

Are committees receiving regular reports as well in their specialized areas like cybersecurity and audit?

Do committee charters clearly define who’s responsible for overseeing what, to avoid overlap and gaps?

The overarching takeaway is this: Knowing what to expect — and how to respond — when the unexpected happens can keep a board in good standing with investors, customers, regulators and more, even in a year when crisis feels more like business as usual.

Curious about how U.S. boards are navigating today’s business landscape? Delve deeper into the latest 

Want regular access to original research in the field of GRC? Bookmark our 

 for the latest surveys, podcasts and reports.

Diligent

Blog

Inside the Diligent Virtual Summit Series: Why top leaders keep coming back

Cybersecurity regulations: What public facing boards need to know

Your Data Matters