This paper investigates the association between the board structure of a firm and the possibility of information security breaches. Building on the agency theory and resource dependence theory, we hypothesize that the board structure could affect the guidance and advice capability of the board on the executives’ decision of information security management. Our results show that the board size and the number of independent directors could increase the possibility of security breaches while the average and heterogeneity of age/tenure could reduce it. Our findings shed lights on the crucial role played by the board when managing information security risks in organizations.