It is an open question as to how unfolding changes to international cyber-governance regimes and private-sector technological capacities will reshape current approaches to corporate governance. With this horizon of possibilities in mind, it is the purpose of this article to provide context about recent developments in cybersecurity risk and data privacy within regulatory and proxy voting domains while also attending to the specific forms of cybersecurity risk that constitute the granular considerations that many companies and investors will wish to take into account while formulating their approaches to cyber-governance and risk mitigation. While recent judicial rulings within the United States have contributed to a prevailing emphasis on data privacy as a foremost consideration of cyber-governance, data on critical failure points contributing to material breach events and recent legislative developments underscore the continued importance of cybersecurity hygiene as a consideration of cyber-governance policy.