What does the board need to know?

When it comes to preparing for a cyber-attack, what does the board need to know?