CIO.works – Page 18

From Cyber Risk to Business Risk: How CISOs Should Engage the Board in 2026

By CIO / Blog / leadership, cybersecurity

IDC's 2026 insights highlight that cyber risk has evolved into a critical business concern at the board level, requiring CISOs to translate technical cyber threats into measurable business impacts and align security strategies with regulatory and operational priorities. Amid rising regulatory pressures like NIS2 and the EU AI Act, CISOs are advised to adopt financial risk metrics, implement robust risk management frameworks, and engage regularly with boards through clear, business-focused communication to enhance organizational resilience and informed decision-making.

https://www.idc.com/resource-center/blog/from-cyber-risk-to-business-risk-how-cisos-should-engage-the-board-in-2026/

Before You Scale: a Risk Management Framework for AI Systems

By CIO / Blog / risk management, AI

As AI systems transition from pilot phases to full-scale production, organizations often face hidden risks in governance, data management, operations, and change management that can hinder sustainable growth. EisnerAmper outlines a six-pillar risk management framework—covering governance, business strategy, cybersecurity and data privacy, technology and cloud infrastructure, people and change, and data practices—that helps organizations identify and address potential friction points early, ensuring responsible and scalable AI adoption aligned with established standards like NIST and ISO. Early assessment under this framework is critical for sustaining effective AI systems as usage expands.

https://www.eisneramper.com/insights/artificial-intelligence-insights/ai-risk-management-framework-for-scaling-0326/

14 Risk Oversight Principles You Haven’t Heard Before

By CIO / Blog / compliance, security controls, risk management

Protiviti’s Jim DeLoach presents 14 lesser-known principles of risk oversight aimed at enhancing enterprise risk management (ERM) effectiveness, emphasizing continuous improvement in risk reporting, integration of risk processes into business operations, and adapting to digital transformation. He stresses the importance of balancing risk and opportunity, fostering collaboration across organizational levels, making timely decisions with imperfect information, and cultivating a culture of open risk discussions, all to better prepare organizations for uncertainty and align risk management with strategic goals.

https://www.corporatecomplianceinsights.com/14-risk-oversight-principles-you-have-not-heard-before/

Back to Basics: 14 Risk Oversight Rules You Know (But May Be Ignoring)

By CIO / Blog / security controls, compliance, risk management

Jim DeLoach outlines 14 fundamental risk oversight principles that remain crucial despite advances in digital tools, emphasizing that risk management must be aligned with strategy and adapt continuously to a rapidly changing environment. He highlights the importance of understanding calculated risks, vigilance against cognitive biases, preparation for contingencies, and maintaining strong culture and communication to effectively manage critical enterprise risks and ensure organizational resilience.

https://www.corporatecomplianceinsights.com/risk-oversight-rules-you-know/

The Dark Side of DDoS: Why DDoS Downtime Is Harder to Prevent

By CIO / Blog / security controls, ddos

Cloudflare's 2026 data reveals that DDoS attacks are increasingly sophisticated, AI-driven, and strategically timed to cause maximum disruption, often targeting critical services with low-volume Layer 7 attacks. Organizations face challenges maintaining resilience due to evolving network environments and configuration drift, highlighting the necessity for continuous, automated DDoS validation and proactive defense strategies to ensure service availability amid rapid changes and growing threats.

https://securityboulevard.com/2026/03/the-dark-side-of-ddos-why-ddos-downtime-is-harder-to-prevent/

Microsoft Backtracks on Copilot Chat Access in M365 Apps

By CIO / Blog / Microsoft, AI

Microsoft will remove free access to its AI assistant, Copilot Chat, from Office apps like Word, Excel, and PowerPoint for large Microsoft 365 enterprise customers (those with over 2,000 users) starting April 15, 2026, requiring a paid Microsoft 365 Copilot license instead. For smaller customers, Microsoft will impose usage restrictions and reduced performance on Copilot Chat, reflecting a shift to prioritize paid subscriptions despite limited adoption of the full-featured paid version.

https://www.computerworld.com/article/4150022/microsoft-backtracks-on-copilot-chat-access-in-m365-apps.html

The Inside Track on How Boards Evaluate Their CIOs

By CIO / Blog / strategy, leadership, CIO, technology

Corporate boards increasingly expect CIOs to translate complex technology initiatives into clear strategic opportunities by demonstrating strong business acumen, especially around investment, growth, and risk. Effective CIOs communicate technology’s impact on business outcomes concisely and align their presentations to board members’ perspectives, balancing operational improvements with innovation to support both running and transforming the business.

https://www.cio.com/article/4149185/the-inside-track-on-how-boards-evaluate-their-cios.html

EUDR in Practice: How to Correctly Set Up Due Diligence in the Supply Chain

By CIO / Blog / risk management, cybersecurity, regulation, EUDR

The EU Deforestation Regulation (EUDR) establishes new due diligence requirements for companies dealing with certain commodities, mandating proof that products comply with EUDR and are deforestation-free before entering or leaving the EU market. Companies must collect detailed supply chain information, assess risks, implement mitigation measures if necessary, submit a Due Diligence Statement, maintain an internal due diligence system, and retain documentation for inspections.

https://www.grantthornton.cz/en/news/eudr-in-practice-how-to-correctly-set-up-due-diligence-in-the-supply-chain/

Ransomware’s New Era: Moving at AI Speed

By CIO / Blog / threats, AI, cybersecurity, ransomware

Ransomware attacks are accelerating in speed and sophistication, with threat actors increasingly using artificial intelligence to quickly exploit valid credentials and bypass traditional security tools like endpoint detection and response (EDR). Reports from Halcyon and Arctic Wolf highlight that ransomware tactics have evolved from encrypting data to multi-extortion schemes and direct victim targeting, while AI enables automated, high-fidelity social engineering, making defense more challenging and emphasizing the need for improved access management and transparency in cybersecurity efforts.

https://www.darkreading.com/endpoint-security/ransomware-new-era-moving-ai-speed

Why AI Scaling Is so Hard – and What CIOs Say Works

By CIO / Blog / strategy, AI, CIO, leadership

The article explains that many organizations struggle to scale AI beyond pilot projects due to high costs, poor data quality, unclear business value, and difficulty integrating it into everyday workflows. CIOs say successful scaling starts with solving real operational problems, involving end users early, improving data foundations, and measuring outcomes instead of experimenting without goals. The article concludes that AI delivers results only when treated as a business transformation effort with governance, user adoption, and clear return on investment, rather than as a standalone technology project.

https://www.informationweek.com/machine-learning-ai/why-ai-scaling-is-so-hard-and-what-cios-say-works