risk management – Page 9

Managing Insider Threats Across the Organization

By CIO / Blog / risk management, compliance, threats

TLDR: Insider threats are difficult to manage due to trusted access and can stem from malicious actions, negligence, honest mistakes, or compromised accounts. Organizations face risks especially during onboarding, role changes, or exits. Effective management includes establishing formal insider risk programs, applying least privilege access, designing security around workflows, and automating processes for better resilience.

https://blog.barracuda.com/2026/02/03/managing-insider-threats-across-the-organization

Cyber 2026: Evolving Threats Demand Strategic Leadership

By CIO / Blog / risk management, AI, cybersecurity

TLDR
In 2026, cyber risks escalated due to AI threats and regulatory pressures, requiring board-level action. Key trends included tightening cyber insurance markets, supply chain risks, and the rise of AI-driven attacks. Strategies for resilience involve investing in cybersecurity, adopting data-driven risk management, and enhancing incident response. Cyber threats now involve complex systems and require organizational collaboration to mitigate risks effectively.

https://www.aon.com/en/insights/articles/cyber-2026-evolving-threats-demand-strategic-leadership

The 2026 KPMG Global Third-Party Risk Management Survey

By CIO / Blog / risk management

KPMG's 2026 Global Third-Party Risk Management (TPRM) Survey reveals evolving TPRM strategies heavily influenced by regulatory compliance and cyber risks. Despite progress, many organizations struggle with integration and effectiveness in TPRM efforts, with only 18% fully integrated with enterprise risk management. The survey highlights reliance on managed services, yet only 5% adopt end-to-end models, often outsourcing discrete tasks due to concerns over data loss. Lastly, the role of AI in TPRM is growing, but many find it ineffective, indicating a need for improved data quality and integration across systems.

https://kpmg.com/us/en/articles/2026/global-third-party-risk-management-survey.html

Why Data Privacy Impact Assessments Must Be a Backbone of Any Effective Privacy Program

By CIO / Blog / privacy, risk management, GDPR, compliance, regulation

Data Privacy Impact Assessments (DPIAs) are essential for identifying and mitigating privacy risks before new data processing activities begin. While initially a European concept, DPIAs are now mandated by several U.S. states, with California leading the way through its risk-based model. This model requires assessments for high-risk processing activities, such as selling personal information or using automated decision-making, and emphasizes transparency and accountability.

https://www.jdsupra.com/legalnews/why-data-privacy-impact-assessments-9691846/

Outsourcing a Service Does Not Outsource the Risk

By CIO / Blog / risk management, compliance

Outsourcing Risk: In 2026, third-party risk management (TPRM) shifts from compliance to strategic priority for UK financial services amid stricter regulations. Firms face heightened scrutiny on resilience and must maintain accurate supplier registers. Complex supply chains increase vulnerabilities, particularly with AI dependencies. Effective TPRM requires organizational alignment and proactive risk reduction, not just compliance. Many firms struggle with internal resistance and lack executive engagement, hindering resilience. Successful organizations will embed TPRM into core operations, enhancing visibility and building trust in an interconnected digital economy.

https://www.intelligentciso.com/2026/01/30/outsourcing-a-service-does-not-outsource-the-risk/

Human Risk Management: CISOs’ Solution to the Security Awareness Training Paradox

By CIO / Blog / AI, training, cybersecurity, risk management

Security awareness training (SAT) is ineffective despite significant investment, as it focuses on knowledge rather than behavior. Human risk management (HRM), which focuses on changing employee behavior, is a more effective approach. HRM uses AI to personalize training, identify risky users, and provide targeted interventions, ultimately improving cybersecurity behavior and reducing incidents.

https://www.csoonline.com/article/4123230/human-risk-management-cisos-solution-to-the-security-awareness-training-paradox.html

The AI Code Generation Governance Gap Is a Security Gap — Here’s How to Close It

By CIO / Blog / risk management, AI, cybersecurity, coding

AI code generation governance is lagging, creating security and compliance risks. Only 23% of IT leaders manage AI governance effectively, risking a 30% rise in legal disputes by 2028. The increase in AI-generated code without proper oversight may introduce security vulnerabilities. To address this, governance must become continuous and integrated into the development workflow, allowing for instant checks on security and compliance. Embedding automated governance practices reduces risks, simplifies compliance, and enables productive use of AI tools, turning governance from a hindrance into a facilitator of innovation.

https://solutionsreview.com/the-ai-code-generation-governance-gap-is-a-security-gap-heres-how-to-close-it/

As CIOs Focus on AI Integration, New Tools Complicate the Agenda

By CIO / Blog / technology, risk management, AI

CIOs are shifting focus from AI experimentation to integration, prioritizing the execution of existing AI investments. However, the emergence of on-device AI, exemplified by Lenovo’s Qira, adds complexity to this integration process. While offering benefits like improved data privacy and reduced cloud costs, on-device AI also presents challenges such as technical debt and vendor lock-in.

https://www.informationweek.com/ai-innovations/as-cios-focus-on-ai-integration-new-ai-tools-complicate-the-agenda-in-2026

Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents

By CIO / Blog / risk management, AI, AI agent, security controls

AI agents boost productivity by automating tasks, but their rapid deployment complicates accountability, creating security risks. They bypass traditional access models, accumulating broad permissions without clear ownership. Three types of agents exist: personal (user-owned, low risk), third-party (vendor-owned, moderate risk), and organizational (shared, high risk). Organizations must rethink risk management, establish clear ownership, and map user-agent interactions to avoid authorization bypass problems. Unmanaged AI agents represent significant risks due to their autonomous nature and unclear responsibilities.

https://thehackernews.com/2026/01/who-approved-this-agent-rethinking.html

Top 10 World’s Best Data Security Companies in 2026

By CIO / Blog / technology, risk management, cybersecurity

Top 10 Data Security Companies 2026:
Data security is crucial due to increasing ransomware attacks and strict regulations. The leading companies provide advanced solutions beyond traditional encryption, focusing on intelligent data management, compliance support, and scalable protection across various environments. Key players include Microsoft, IBM, Cisco, and Palo Alto Networks, each offering unique strengths in data governance, AI security, and cloud integration. Investing in the right data security firm is essential for safeguarding sensitive information and maintaining compliance in today's complex digital landscape.

https://gbhackers.com/best-data-security-companies/