A new report recommends that corporate boards answer four key questions on a regular basis to guide cybersecurity governance.