cybersecurity – Page 16

When Checklists Aren’t Enough: Moving Beyond Compliance Theater

By CIO / Blog / risk management, cybersecurity, compliance

CISO Series emphasizes shifting from compliance to risk-based cybersecurity by focusing on what truly matters for an organization's mission. Insights from a panel of security leaders highlight that effective risk management revolves around decision-making, cultural shifts, meaningful tradeoffs, and clarity in communication. They advise starting small with specific initiatives like budget decisions while recommending that organizations gauge the effectiveness of compliance frameworks and adapt as necessary to enhance decision-making. The transition is seen as an ongoing process rather than a final destination.

https://cisoseries.com/when-checklists-arent-enough-moving-beyond-compliance-theater/

European Commission Proposes Revised Cybersecurity Act to Boost EU Cyber Resilience, Secure ICT Supply Chains

By CIO / Blog / cybersecurity, EU, regulation

EU proposes revised Cybersecurity Act to enhance resilience, secure ICT supply chains. Act introduces simpler certification, supports compliance, fortifies ENISA, and targets risks from third-country suppliers. Key amendments to NIS2 Directive facilitate legal clarity and compliance for businesses. New horizontal framework for ICT supply chain security addresses strategic risks and vulnerabilities. ENISA strengthens cybersecurity response and supports workforce development. Overall, the initiative aims to improve security and trust in EU's critical infrastructure.

https://industrialcyber.co/regulation-standards-and-compliance/european-commission-proposes-revised-cybersecurity-act-to-boost-eu-cyber-resilience-secure-ict-supply-chains/

European States Spin Wheels on Cybersecurity Directive

By CIO / Blog / NIS2, cybersecurity, EU, regulation

The Network and Information Security 2 Directive (NIS2), intended to enhance cybersecurity across the EU, faces delays in implementation. While some countries have fully transposed the directive, others, including France and Ireland, have yet to do so. This inconsistency creates uncertainty for businesses operating across borders and raises concerns about Europe’s cybersecurity posture.

https://www.bankinfosecurity.com/european-states-spin-wheels-on-cybersecurity-directive-a-30542

New Security Baseline Available for Microsoft 365 Apps for Enterprise

By CIO / Blog / cybersecurity, Microsoft, security controls

Microsoft enhances M365 Apps for Enterprise with new security baselines, improving defenses against cyber threats. Key updates include protections for Excel, PowerPoint, and system settings, blocking risky links, insecure protocols, and legacy automation features. Deployment can be done via Office cloud policies or Group Policy.

https://petri.com/microsoft-365-apps-enterprise-security-baseline/

EU Plans Cybersecurity Overhaul to Block Foreign High-risk Suppliers

By CIO / Blog / cybersecurity, regulation, EU

EU proposes cybersecurity legislation to remove high-risk suppliers from telecom networks to enhance security against cyber threats. The plan aims to improve risk assessments and streamline ICT supply chain certification, allowing for better protection against cyber attacks and enhancing Europe's technological sovereignty.

https://www.bleepingcomputer.com/news/security/eu-plans-cybersecurity-overhaul-to-block-foreign-high-risk-suppliers/

The Value Of The Virtual CISO In Today’s Threat Landscape

By CIO / Blog / CISO, cybersecurity

The virtual CISO (vCISO) model is emerging as a practical solution for small and mid-sized businesses that cannot afford a full-time CISO. vCISOs provide executive-level security strategy and leadership on a fractional basis, helping organizations prioritize controls and improve security posture. Managed service providers (MSPs) and AI can further enhance the vCISO model by scaling security strategy and automating best practices.

https://www.forbes.com/sites/tonybradley/2026/01/20/the-value-of-the-virtual-ciso-in-todays-threat-landscape/

CISOs Are Becoming Ever More Powerful at Work

By CIO / Blog / CISO, cybersecurity

CISOs' roles are expanding, with 52% noting increased responsibilities and 47% at executive levels by 2025. Many face challenges, including manageability issues and understaffing, particularly in non-tech sectors. Collaboration with other C-suite leaders is common, but a significant percentage assert roles are no longer sustainable.

https://www.techradar.com/pro/cisos-are-becoming-ever-more-powerful-at-work-even-more-than-other-c-level-execs

Between the Firewall and the Boardroom: the Role of the CISO in 2026

By CIO / Blog / cybersecurity

CISO's role evolving from technical expert to strategic leader due to rising cyber threats and regulations. They now focus on risk management, resilience, and corporate growth, influencing business processes and culture. Reporting to CEOs, they address security inter-departmental dynamics, ensuring safety amidst innovation. As cyber-resilience replaces the idea of impenetrable defenses, CISOs are held accountable for recovery failures and face personal liability. Their responsibilities now encompass fostering business continuity and adapting to complex digital landscapes, making the role increasingly crucial in corporate strategy.

https://www.computing.co.uk/feature/2026/between-firewall-boardroom-role-ciso-2026

10 Top Priorities for CIOs in 2026

By CIO / Blog / trends, cybersecurity, CIO

Key priorities for CIOs in 2026 include enhancing cybersecurity, consolidating security tools, ensuring data protection, improving team experiences, navigating ERP migrations, driving innovation, and workforce transformation. It's essential for CIOs to adopt agile, comprehensive strategies to manage technological change and risks while fostering an efficient and secure digital workplace.

https://www.cio.com/article/4117023/10-top-priorities-for-cios-in-2026.html

Cybersecurity, the First Institutional Failure of a Hyperconnected Era

By CIO / Blog / risk management, cybersecurity, regulation

Cybersecurity has become a critical institutional failure in the hyperconnected era, as organizations struggle to manage complex cyber risks. The assumption that cybersecurity can be delegated has led to systemic failures and significant financial consequences, with the global cost of cybercrime projected to reach $12.2 trillion annually by 2031. Institutions must transition towards understanding cybersecurity not just as risk mitigation but as essential for preserving digital civilization, emphasizing transparency, accountability, and resilience.

https://www.diplomaticourier.com/posts/cybersecurity-first-institutional-failure-hyperconnected-era