Getting senior managers to take computer security seriously is a struggle within many organisations, despite the frequency of high-profile data breaches and hacking incidents.  

Now the UK government's computer security agency, the National Cyber Security Centre (NCSC), has put together a list of five questions aimed at starting 'constructive' discussions between executives and their computer security teams.  

According to the NCSC, two-thirds of boards have received no training to help them deal with a cyber incident, and 10 percent have no plan in place to respond to one. These conversation-starters aim to bridge the gap between executives who don't know about security issues and the IT department that may struggle to make its voice heard. Boards need to understand cyber risk in the same way they understand financial risk, or health-and-safety risk, said the NCSC.

"There is no such thing as a foolish question in cyber security. The foolish act is walking away without understanding the answer because that means you don't understand how you're handling this core business risk," said NCSC chief executive Ciaran Martin.