risk management – Page 2

The Ultimate Guide to Managing Third-Party Risk

By CIO / Blog / risk management, cybersecurity

Third-party risk management (TPRM) is the process of identifying, assessing, and mitigating risks associated with external third parties. TPRM programs are driven by regulatory requirements, cybersecurity risk, competitive advantages, and internal efficiency. The TPRM lifecycle includes sourcing and selection, intake and onboarding, inherent risk scoring, internal controls assessment, external risk monitoring, SLA and performance management, and offboarding and termination.

https://www.jdsupra.com/legalnews/the-ultimate-guide-to-managing-third-5033967/

How to Create an Effective Business Continuity Plan

By CIO / Blog / risk management

A business continuity plan (BCP) is a strategic guide that helps organizations maintain or quickly resume operations during disruptions such as natural disasters, cyberattacks, or supply chain failures. It involves assessing critical business processes, setting recovery objectives, detailing roles and procedures, and regularly testing and updating the plan to address evolving risks, including those from AI and third-party dependencies. Effective BCPs, supported by senior management and enhanced by modern tools like AI, are vital for minimizing downtime and ensuring organizational resilience in an increasingly complex operating environment.

https://www.cio.com/article/4166194/how-to-create-an-effective-business-continuity-plan-3.html

AI Is Spreading Decision-Making, but Not Accountability

By CIO / Blog / risk management, AI, leadership, legal

As AI systems become widely adopted in enterprises, decision-making responsibilities are distributed across various teams, but legal accountability tends to concentrate on the organizations deploying these systems and their executive leadership, particularly CIOs. While AI governance frameworks involve multiple functions like legal, risk, IT, and business, courts generally hold humans—especially those integrating AI into real-world decisions—responsible when failures occur, underscoring that AI spreads decision-making but does not absolve accountability.

https://www.cio.com/article/4160986/ai-is-spreading-decision-making-but-not-accountability.html

8 Best Practices for CISOs Conducting Risk Reviews

By CIO / Blog / risk management

Rico Mariani, Deputy CISO at Microsoft Security, shares eight best practices for CISOs conducting risk reviews to proactively enhance security posture amid evolving cyberthreats driven by AI. His approach emphasizes identifying assets and applications, ensuring strong authentication and authorization, network isolation, effective detection and auditing, and not overlooking backup or development systems, thereby enabling structured conversations and informed risk management.

https://www.microsoft.com/en-us/security/blog/2026/04/29/8-best-practices-for-cisos-conducting-risk-reviews/

Why a ‘Risk Position’ Should Be The Next Big Thing In Business Leadership

By CIO / Blog / culture, strategy, risk management, leadership

Dr Emma Soane argues that an organization's “risk position”—its intentional stance on risk-taking and management—should be regarded as fundamental as its strategy, culture, and leadership. Highlighting examples like Netflix and The Royal Mint, she explains that a clear risk position enables organizations to align risk with strategic goals, foster open risk dialogue, and move beyond viewing risk solely as a compliance issue or threat.

https://www.lse.ac.uk/study-at-lse/executive-education/insights/articles/why-a-risk-position-should-be-the-next-big-thing-in-business-leadership

EY/IIF Third Annual Global Insurance Risk Management Survey

By CIO / Blog / strategy, report, growth, risk management

The EY/IIF Global Insurance Risk Management Survey reveals a shift in insurance risk management, emphasizing its role as a strategic driver of transformation and growth. Key themes include the dominance of cyber risk, the importance of resilience, and the evolving role of CROs as strategic partners.

https://www.iif.com/Publications/ID/6532/EYIIF-Third-Annual-Global-Insurance-Risk-Management-Survey

Vercel’s Breach Is a Warning—”Shadow AI” Risks to CX Are Escalating

By CIO / Blog / threats, risk management, AI

Enterprises' unmonitored use of “shadow AI” tools—where employees independently adopt AI solutions without centralized governance—is escalating security risks that can expose sensitive customer data and disrupt customer experience (CX). The recent Vercel breach, caused by a compromised third-party AI tool connected to an employee account, illustrates how shadow AI can serve as an unguarded access point for cyberattacks, emphasizing the need for enterprises to improve visibility, governance, and coordination between security and customer-facing teams to protect CX effectively.

https://www.cxtoday.com/security-privacy-compliance/vercels-breach-is-a-warning-shadow-ai-risks-to-cx-are-escalating/

Handling Shadow AI at the Source: Why the Browser Is the New Control Layer

By CIO / Blog / risk management, AI, threats, browser

Shadow AI poses significant security risks as employees often use unauthorized public AI tools to boost productivity without realizing the potential for sensitive data exposure. A secure enterprise browser transforms the browser from a passive tool into an active control layer, enabling organizations to monitor AI usage, enforce policies, and prevent data loss by applying granular, context-aware controls that balance productivity with security.

https://www.scworld.com/resource/handling-shadow-ai-at-the-source-why-the-browser-is-the-new-control-layer

How the EU’s NIS2 Directive Is Changing How CIOs Think About Digital Infrastructure

By CIO / Blog / cybersecurity, risk management, compliance, EU, NIS2, regulation

The EU’s NIS2 directive is prompting CIOs to rethink digital infrastructure by extending risk accountability beyond individual organizations to encompass the entire ecosystem of interconnected providers, including cloud platforms and network operators. This shift emphasizes designing resilient systems that can continue operating despite failures in any part of the network, moving resilience from a compliance exercise to a strategic priority focused on infrastructure architecture and connectivity.

https://www.cio.com/article/4162091/how-the-eus-nis2-directive-is-changing-how-cios-think-about-digital-infrastructure.html

How 1Password CIO Jacob DePriest Thinks About Approving Internal AI Tools

By CIO / Blog / risk management, tools, AI

1Password CIO and CISO Jacob DePriest emphasizes the need for faster evaluation and approval processes for internal AI tools to keep up with AI-driven cyber threats. To manage the rising number of employee “citizen developers,” 1Password is implementing expedited, limited experiments for AI tools alongside thorough onboarding and security controls that limit access based on need, ensuring both innovation and security.

https://www.itbrew.com/stories/2026/04/20/how-1password-cio-jacob-depriest-thinks-about-approving-internal-ai-tools