Blog – Page 89 – CIO.works

Why Your Best Engineers Are Interviewing Elsewhere, CodeGood

Best engineers leave due to poor information flow in hierarchies, not just compensation. Decisions are often made without considering engineering insights, leading to crises and resignations. Middle managers filter bad news, causing delays in executives learning about issues. Effective solutions include skip-level conversations to gather direct feedback, which can prevent attrition by addressing problems early. Organizations that foster open communication retain talent better and avoid costly turnover, while those that ignore these issues face increased recruitment costs and knowledge loss.

https://codegood.co/writing/why-your-best-engineers-are-interviewing-elsewhere

GDPR’s Economic Footprint: Rising Costs, Falling Investment, and Shifting Data Quality

By CIO / Blog / GDPR

GDPR's economic impact: compliance costs rising, investment declining; businesses face legal uncertainty. Report recommends simplifying regulations, harmonizing rules, and fostering innovation while maintaining privacy protections. Findings show 8% profit drop, 2% sales decrease for affected firms.

https://www.aboutamazon.eu/news/policy/gdprs-economic-footprint-rising-costs-falling-investment-and-shifting-data-quality

What Past ERP Mishaps Can Teach CISOs About Security Platformization

By CIO / Blog / cybersecurity

An opinion piece discusses how CISOs can learn from ERP migration challenges to transition effectively from isolated security tools to integrated platforms. Key recommendations include securing executive buy-in, focusing on team dynamics, implementing phased projects, establishing modern data pipelines, and using platformization for process re-engineering to enhance cybersecurity and operational efficiency.

https://www.csoonline.com/article/4080709/what-past-erp-mishaps-can-teach-cisos-about-security-platformization.html

A CIO’s First Principles Reference Guide for Securing AI by Design

By CIO / Blog / cybersecurity, AI

AI security demands a new strategy as attack surfaces evolve beyond traditional software, introducing unique vulnerabilities like data poisoning and model hijacking. CIOs must base their AI security on first principles: Confidentiality, Integrity, and Availability (CIA), integrated throughout the AI lifecycle. Key practices include thorough visibility of AI ecosystems, rigorous access controls, continuous anomaly monitoring, and securing the AI supply chain. A unified security platform is essential for holistic protection, fostering a culture of accountability for AI security at all organizational levels.

https://www.paloaltonetworks.com/blog/2025/11/cios-first-principles-reference-guide-securing-ai-design/

How to Compare and Choose the Best SaaS Security Platforms

By CIO / Blog / tools, cybersecurity

SaaS security is crucial as reliance on cloud systems grows. Selecting the right security solution involves evaluating features like visibility, data protection, compliance, ease of deployment, and integration with existing systems. Leading platforms include ZeroThreat, Cloudflare, Orca Security, Wiz, Palo Alto Networks, Netskope One, and CrowdStrike, each offering unique benefits. Choosing the right tool depends on business needs, emphasizing integration and visibility for effective protection of sensitive data and compliance while supporting innovation.

https://vocal.media/01/how-to-compare-and-choose-the-best-saa-s-security-platforms

How Payment Threat Intelligence Helps Banks Fight Fraud Faster

By CIO / Blog / payments, cybersecurity

Payment fraud is evolving, with criminals using AI and automation to enhance attacks rapidly. Effective fraud prevention relies on timely payment threat intelligence, allowing teams to detect early signs of fraud, improve collaboration between cybersecurity and fraud divisions, and proactively mitigate risks. As threats become more sophisticated—employing techniques like infostealers and deepfakes—integrated intelligence systems can equip banks to respond quickly, reducing potential losses from attacks by sharing vital, real-time insights about fraudulent activities.

https://www.mastercard.com/us/en/news-and-trends/Insights/2025/how-payment-threat-intelligence-helps-banks-fight-fraud-faster.html

AI Summarization Optimization

By CIO / Blog / AI

AI notetakers are becoming central to meetings, potentially manipulated by attendees for favorable summaries, termed AI summarization optimization (AISO). Similar to SEO, AISO involves adjusting language to influence AI outputs. Techniques include using specific phrases and strategic timing. This manipulation can distort records, favoring certain views. Potential defenses include social norms, organizational rules, and enhanced AI methods to detect manipulation. As AI integrates into workplace dynamics, adapting communication for AI becomes a new skill, reshaping collaboration and decision-making methods.

https://www.schneier.com/blog/archives/2025/11/ai-summarization-optimization.html

Securing Critical Infrastructure: Why Europe’s Risk-based Regulations Matter

By CIO / Blog / regulation, cybersecurity

Cyberattacks increasingly threaten critical infrastructure like hospitals, power grids, and financial systems, prompting Europe to implement new cybersecurity regulations (NIS2, DORA). These rules broaden security requirements, making CISOs more strategic and demanding improved risk management, swift incident reporting, and higher board involvement. The goal is to shift from a compliance mindset to real, risk-based resilience, prioritizing effective controls such as multifactor authentication and robust asset management. Boards are now accountable for cyber risks, and organizations should use specific metrics, such as inventory, privileged access, and timely updates, to measure and manage security posture. The focus is on practical protections that clearly mitigate real threats to society, rather than applying all possible controls equally.

https://www.microsoft.com/en-us/security/blog/2025/11/05/securing-critical-infrastructure-why-europes-risk-based-regulations-matter/

ESG Assurance Maturity Index 2025

By CIO / Blog / CSRD

KPMG's ESG Assurance Maturity Index 2025 reports on ESG practices among 1,320 companies, highlighting regulatory shifts and the importance of proactive response to sustainability standards. The survey includes diverse regions and emphasizes that ESG assurance is a continuous journey requiring commitment.

https://kpmg.com/sg/en/insights/esg/esg-assurance-maturity-index-2025.html

10 Promising Cybersecurity Startups CISOs Should Know About

By CIO / Blog / cybersecurity, tools

This article lists 10 notable cybersecurity startups founded after 2020, each addressing trending security challenges and gaining rapid traction with enterprises and investors.

Highlighted Startups:

Astrix Security: Focuses on securing non-human identities in enterprise environments; raised $85M since 2021.
Chainguard: Provides software supply chain security via a Linux-based platform; $600M+ in funding, $3.5B valuation.
Cyera: Specializes in data security posture management, with a significant platform play in the AI era. The company has raised $1.3 billion and is valued at $6 billion.
Drata: Automates GRC & trust management, growing quickly post-acquisition of SafeBase; $100M ARR, 7,000+ customers.
Island: Developed a secure enterprise browser for safer SaaS access; $730M in funding, 450+ enterprise customers.
Mimic: Ransomware detection and deflection at the kernel level, with fast simulation and recovery features; founded in 2023.
Noma Security: AI and agent security/governance, rapid growth, and $135M raised since 2023.
Reality Defender: Deepfake detection across media types, industry award-winner, strong market backing.
Upwind: Cloud-native app protection with runtime-first detection; rapid revenue and feature growth, $180M raised.
Zenity: Governs AI agents’ access and behavior in real-time, integrates broad agent discovery/governance, with $38M raised.

https://www.csoonline.com/article/4080699/10-promising-cybersecurity-startups-cisos-should-know-about.html