Company boards need to know enough about cybersecurity to govern effectively, but four in 10 boards admit they should know more.