The "India Cyber Threat Report 2025" from DSCI and Seqrite, leveraging data from 8.44 million endpoints, reported 369.01 million distinct malware detections in 2024. This translates to an average of 702 potential security threats every minute, indicating a consistently high volume of malicious activity.In 2024 alone, malware attacks rose by 11% and ransomware by 22%, while Internet of Things (IoT) attacks jumped by a staggering 59%.The PwC Global Digital Trust Insights- India edition points out that concerns over cybersecurity threats take center stage for many companies. These threats are cloud-related (52%), attacks on connected devices (45%), hack-and-leak operations (36%), and software supply-chain compromise (35%).The digital world has transformed how societies function, bringing unprecedented opportunities for development, communication, and global collaboration. However, the flip side of this interconnected reality is the growing threat of cybersecurity breaches that can disrupt economies, governance, infrastructure, and even personal lives. As the world heads toward 2030, there is an emerging debate on whether the UN Sustainable Development Goals (SDGs) should include a new goal, SDG 18, dedicated to cybersecurity or if cybersecurity should be integrated into the existing SDGs. The current 17 SDGs focus on economic, social, and environmental sustainability. While these are vital, the digital realm—cyberspace—has become an equally critical part of global sustainability. If there were an SDG 18 dedicated to cybersecurity, perhaps it could be called "Cybersecurity and Digital Safety for All." This SDG 18 would emphasize the importance of creating a secure, resilient digital environment that fosters trust, safety, and innovation. There could be measurable targets, such as reducing cybercrime incidents globally, improving the cybersecurity capabilities of board members, corporates, governments, and businesses, and promoting international cooperation on cyber threats. A new SDG would provide dedicated attention and resources to address cybersecurity challenges at a global scale. It could drive the creation of universal cybersecurity frameworks, similar to global climate protocols, fostering international cooperation. And, of course, the creation of specific indicators and targets would help track global progress in cybersecurity, similar to how other SDGs have contributed to tracking development efforts. However, carving out a separate SDG that focuses exclusively on cybersecurity is not without challenges. There would be a scarcity of resources, and the focus on existing development challenges may get diverted. There could also be an overlap between some areas that are already covered by SDGs, such as infrastructure (SDG 9), industry (SDG 12), and peace and justice (SDG 16). The Role of Independent Board Directors in Cybersecurity Governance India, as a growing digital power, has recognized the need for robust cybersecurity measures. The country faces significant threats from cyberattacks, particularly in sectors like banking, healthcare, and government services. The Indian Computer Emergency Response Team (CERT-In)plays a pivotal role in coordinating responses to cybersecurity incidents and providing guidelines for safeguarding systems. Independent board directors are uniquely positioned to help organizations navigate cybersecurity challenges. Their impartial oversight and diverse expertise can allow them to guide strategic decision-making on cybersecurity. Push for integration:Until the time when and if we get an SDG 18, board directors can work with companies towards the integration of cybersecurity within existing SDGs so as to provide a more holistic approach. They can play an instrumental role in ensuring that cybersecurity is integrated into the overall risk management strategy. It is the board that can ensure cybersecurity is viewed as a governance issue, not just a technical problem, and hold management accountable for implementing robust defenses. Push for investments:A diverse board has the unique advantage of advising companies on how they can align their cybersecurity strategies with long-term business objectives. Cybersecurity concerns need not be just under the realm of the Chief Technology Officer (CTO)! The board can push for investments in cutting-edge cybersecurity technologies and systems to ensure resilience. By elevating cybersecurity from an IT responsibility to a board-level concern, they ensure that companies allocate appropriate resources, conduct regular audits, and invest in advanced threat detection systems. Independent directors can advocate for cybersecurity training for all board members, empowering them with the insights needed to assess risks effectively and prioritize cybersecurity in strategic planning. Push for conversations:Not only that, but independent board directors can catalyze industry-wide conversations around the need for a global cybersecurity framework, potentially formalized as an additional SDG. Through their influence and networks, directors can bring together industry leaders, policymakers, and international bodies to underscore cybersecurity as a critical enabler of sustainable development. By positioning cybersecurity as fundamental to achieving other SDGs—especially those centered on infrastructure, health, and economic stability—board directors can emphasize the urgency of treating digital resilience as a core component of global development goals. Push for advocacy:Board directors are well-placed to advocate for universal standards, benchmarks, and incentives for organizations to bolster their cybersecurity defenses, highlighting the growing interdependence of digital safety and sustainable development. As cybersecurity challenges expand across sectors, board directors can ensure companies are not only prepared for existing threats but also actively contribute to a broader, internationally coordinated approach to digital resilience. If advocating for an SDG proves challenging due to geopolitical or bureaucratic hurdles, boards can adopt alternate avenues tlike integration, to underscore cybersecurity’s importance. Push for reporting frameworks:Board can encourage companies to adopt standards akin to the Global Reporting Initiative (GRI), specifically in cybersecurity metrics. Establishing internal cybersecurity committees or risk management subcommittees can help ensure cybersecurity is consistently addressed at the strategic level, with insights and recommendations from these committees feeding into industry best practices. For example, Infosys has developed a comprehensive cybersecurity framework embedded into its core operations, reflecting its proactive stance on digital security. The company has established a Cybersecurity Council, which directly engages with the board to ensure cybersecurity risks are managed at the highest strategic level. This council oversees various aspects of cybersecurity, including threat management, data protection, compliance with international regulations, and emerging cyber risks. JPMorgan Chase’s board has a dedicated Cybersecurity and Technology Committee, which assesses and strengthens the company’s cybersecurity posture. As cybersecurity challenges expand across sectors, board directors can ensure companies are not only prepared for existing threats but also actively contribute to a broader, internationally coordinated approach to digital resilience.