Cyber resilience has emerged as a crucial governance issue due to the escalating complexity and cost of cyber threats. However, the concept of cyber resilience lacks a unified definition across regulatory frameworks, leading to inconsistent guidance for organizations operating across multiple sectors and countries1. This lack of standardization poses a significant risk for top management teams, as it hinders their ability to effectively oversee and measure cyber resilience. Without a clear definition, boards struggle to determine their responsibilities and key performance indicators. The absence of a standardized definition also complicates the development of effective cyber resilience strategies. As a result, organizations are left vulnerable to cyber threats, emphasizing the need for a board-level definition of cyber resilience to ensure effective governance and risk management, which matters to practitioners as it directly impacts their ability to protect their organizations from increasingly sophisticated cyber attacks.