risk management – Page 4

The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust

By CIO / Blog / risk management, data protection, leadership

Steve Durbin highlights that the next major cybersecurity crisis will not be breaches but the growing distrust in data integrity, especially as AI-driven decisions rely heavily on trustworthy data. He stresses that data governance, clear ownership, and auditability of data are critical to maintaining accuracy and preventing harmful distortions that can compromise operations and decision-making.

https://www.securityweek.com/the-next-cybersecurity-crisis-isnt-breaches-its-data-you-cant-trust/

The Architecture of Authority: Why AI Is Breaking the Traditional Hierarchy

By CIO / Blog / risk management, AI, leadership

The article discusses how AI is transforming traditional corporate hierarchies by shifting decision-making authority from humans to machines. It highlights the emergence of “Systems of Action,” where AI not only recommends but also initiates decisions, challenging existing governance models that assume humans control judgment and accountability. The piece emphasizes the need for organizations to intentionally design a “Decision Architecture” to manage the flow of authority between people and AI, avoid fragmented autonomous systems, and address conflicts between machine logic and human intuition.

https://nationalcioreview.com/articles-insights/the-architecture-of-authority-why-ai-is-breaking-the-traditional-corporate-hierarchy/

Shadow AI Solutions Need a Unified Security Approach

By CIO / Blog / cybersecurity, risk management, AI, threats

Shadow AI presents a significantly greater enterprise risk than the previous shadow IT challenges, as employees' unsanctioned use of generative AI tools leads to compliance, data leakage, and regulatory penalties risks. Fortinet's executive Russ Schafer highlights the need for unified security platforms incorporating agentic AI to reduce attack resolution times from hours to seconds, emphasizing governance, access management, and interconnected agent frameworks to maintain control and security in AI-driven environments.

https://siliconangle.com/2026/03/30/shadow-ai-needs-unified-security-approach-rsac26/

The CISO’s Guide to Responding to Shadow AI

By CIO / Blog / risk management, AI

The article provides a guide for Chief Information Security Officers (CISOs) on responding to shadow AI, emphasizing four key steps: assessing the associated risks, understanding the motivations behind unapproved AI use, deciding whether to shut down or integrate shadow AI tools, and reviewing AI governance policies. It highlights that shadow AI usage often arises from the rapid adoption of AI tools without proper oversight, posing risks such as data breaches and operational disruptions, and stresses the importance of balanced governance to manage these risks while fostering responsible AI use within organizations.

https://www.csoonline.com/article/4143302/the-cisos-guide-to-responding-to-shadow-ai.html

AI Sovereignty Risk: a Five-Step Agenda for CIOs

By CIO / Blog / risk management, AI

The article discusses the growing importance of AI sovereignty, where nations control AI ecosystems within their borders, posing challenges for global CIOs. It outlines a five-step agenda for CIOs to manage AI sovereignty risks, including educating executives, consulting legal experts, balancing AI providers, securing data, and anticipating architectural shifts toward hybrid AI models. This approach helps organizations navigate complex regulatory environments and align AI strategies with jurisdictional compliance and enterprise goals.

https://www.idc.com/resource-center/blog/ai-sovereignty-risk-a-five-step-agenda-for-cios/

Before You Scale: a Risk Management Framework for AI Systems

By CIO / Blog / risk management, AI

As AI systems transition from pilot phases to full-scale production, organizations often face hidden risks in governance, data management, operations, and change management that can hinder sustainable growth. EisnerAmper outlines a six-pillar risk management framework—covering governance, business strategy, cybersecurity and data privacy, technology and cloud infrastructure, people and change, and data practices—that helps organizations identify and address potential friction points early, ensuring responsible and scalable AI adoption aligned with established standards like NIST and ISO. Early assessment under this framework is critical for sustaining effective AI systems as usage expands.

https://www.eisneramper.com/insights/artificial-intelligence-insights/ai-risk-management-framework-for-scaling-0326/

14 Risk Oversight Principles You Haven’t Heard Before

By CIO / Blog / security controls, compliance, risk management

Protiviti’s Jim DeLoach presents 14 lesser-known principles of risk oversight aimed at enhancing enterprise risk management (ERM) effectiveness, emphasizing continuous improvement in risk reporting, integration of risk processes into business operations, and adapting to digital transformation. He stresses the importance of balancing risk and opportunity, fostering collaboration across organizational levels, making timely decisions with imperfect information, and cultivating a culture of open risk discussions, all to better prepare organizations for uncertainty and align risk management with strategic goals.

https://www.corporatecomplianceinsights.com/14-risk-oversight-principles-you-have-not-heard-before/

Back to Basics: 14 Risk Oversight Rules You Know (But May Be Ignoring)

By CIO / Blog / security controls, compliance, risk management

Jim DeLoach outlines 14 fundamental risk oversight principles that remain crucial despite advances in digital tools, emphasizing that risk management must be aligned with strategy and adapt continuously to a rapidly changing environment. He highlights the importance of understanding calculated risks, vigilance against cognitive biases, preparation for contingencies, and maintaining strong culture and communication to effectively manage critical enterprise risks and ensure organizational resilience.

https://www.corporatecomplianceinsights.com/risk-oversight-rules-you-know/

EUDR in Practice: How to Correctly Set Up Due Diligence in the Supply Chain

By CIO / Blog / risk management, EUDR, regulation, cybersecurity

The EU Deforestation Regulation (EUDR) establishes new due diligence requirements for companies dealing with certain commodities, mandating proof that products comply with EUDR and are deforestation-free before entering or leaving the EU market. Companies must collect detailed supply chain information, assess risks, implement mitigation measures if necessary, submit a Due Diligence Statement, maintain an internal due diligence system, and retain documentation for inspections.

https://www.grantthornton.cz/en/news/eudr-in-practice-how-to-correctly-set-up-due-diligence-in-the-supply-chain/

CISO’s Perspectives – The 4 Recommendations to Sleep Without a Worry

By CIO / Blog / risk management, cybersecurity, CISO

Paul Bayle, Group CSO at Atos, discusses key recommendations for CISOs to manage cybersecurity effectively and maintain peace of mind despite evolving threats. Emphasizing the importance of thorough IT system mapping, investing in multiple security technologies, fostering strong governance involving cross-department collaboration, and engaging with expert ecosystems, he highlights the challenges posed by “unknown unknowns” and the need for continuous awareness, training, and management support to mitigate risks across the organization.

https://atos.net/en/lp/cybershield/cisos-perspectives-the-4-recommendations-to-sleep-without-a-worry