Cybersecurity is an increasingly important consideration for companies and their boards due to accelerating digitisation, the growth of the global digital domain and its diverse, and increasing, cyber threats. This note considers the existing cybersecurity regulatory framework in Australia, the duties of company directors with respect to cyber risk and best practice principles for boards to follow to manage and mitigate cyber risks effectively.