Firms with intermediate cybersecurity and privacy oversight have a solid foundation and are seeking to extend their influence in the organization. By strengthening strategy, governance, adherence to requirements, and risk management practices, CIOs can incorporate other critical business functions to make sure cybersecurity and privacy efforts drive success. This report — the second of three in the oversight competency of the cybersecurity and privacy playbook — helps CIOs effectively address the challenges of this intermediate phase.