Tag: risk-management
-
Top 10 Cyber Risk Management and GRC Companies in the UK and Globally
Cyber risk management and Governance, Risk, and Compliance (GRC) have become central to how organisations protect data, meet regulatory obligations, and maintain operational resilience. As cyber threats grow more sophisticated and regulatory scrutiny increases, organisations must demonstrate not only that risks are identified, but that they are governed, prioritised, and controlled effectively. Cyber risk management…
-
Human risk management: CISOs’ solution to the security awareness training paradox
Tags: access, ai, awareness, ciso, compliance, cyber, cybersecurity, data, email, identity, intelligence, malicious, mitigation, risk, risk-management, strategy, tool, trainingWhat is human risk management?: HRM is defined as a cybersecurity strategy that identifies, measures, and reduces the risks caused by human behavior. Simply stated, security awareness training is about what employees know; HRM is about what they do (i.e., their actual cybersecurity behavior).To be more specific, HRM integrates into email security tools, web gateways,…
-
Human risk management: CISOs’ solution to the security awareness training paradox
Tags: access, ai, awareness, ciso, compliance, cyber, cybersecurity, data, email, identity, intelligence, malicious, mitigation, risk, risk-management, strategy, tool, trainingWhat is human risk management?: HRM is defined as a cybersecurity strategy that identifies, measures, and reduces the risks caused by human behavior. Simply stated, security awareness training is about what employees know; HRM is about what they do (i.e., their actual cybersecurity behavior).To be more specific, HRM integrates into email security tools, web gateways,…
-
Skills CISOs need to master in 2026
Tags: access, ai, business, ciso, cloud, compliance, credentials, cyber, cybersecurity, data, endpoint, finance, firewall, group, Hardware, identity, infrastructure, intelligence, jobs, resilience, risk, risk-management, skills, strategy, threat, tool, trainingTop technical skills: In addition to strong knowledge of AI systems, today’s CISOs need a solid foundation in the technologies that define modern enterprise environments. The (ISC)² CISSP is still widely regarded as the gold standard for broad expertise in security architecture, risk management, and governance. “Regulators will expect this, and it still appears in…
-
4 Probleme, die CISOs behindern
Tags: ai, business, ciso, cloud, compliance, cyberattack, cybersecurity, cyersecurity, data, framework, governance, risk, risk-management, skills, strategy, tool, vulnerability-managementLesen Sie, welche strategischen Probleme CISOs bei ihren Aufgaben behindern.Viele Sicherheitsverantwortliche glauben, dass ein Cybervorfall unvermeidlich ist unklsar ist lediglich der Zeitpunkt. Diese Überzeugung spiegelt sich in der gängigen Redewendung wider, dass es nicht darum geht, ‘ob”, sondern ‘wann” ein Angriff erfolgt.Eine wachsende Zahl von CISOs rechnet jedoch eher früher als später mit einem Vorfall:…
-
4 issues holding back CISOs’ security agendas
Tags: access, ai, application-security, attack, business, ciso, cloud, compliance, control, cyber, cybersecurity, data, endpoint, framework, governance, intelligence, jobs, monitoring, network, resilience, risk, risk-assessment, risk-management, sans, service, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-management2. Inability to keep pace with AI innovation and adoption: Executives and employees alike have been rushing to adopt artificial intelligence, enticed by expectations that AI will transform workflows and save time, money, and effort.But CISOs for the most part have not kept pace with their business colleagues’ rate of AI adoption.According to a survey…
-
NHS England Probe Suppliers for Cybersecurity Controls
Suppliers May Be Asked for Evidence of Certain Security Controls, Best Practices. The National Health Service in England will reach out directly to suppliers to ensure they implement proactive and robust cybersecurity risk management, officials said Wednesday. The move comes after recent high-profile ransomware attacks on NHS vendors that seriously disrupted patient care. First seen…
-
Unterschätztes Risiko: Insider-Bedrohungen endlich ernst nehmen
Tags: access, ai, compliance, cyberattack, cybersecurity, data, fraud, governance, identity, infrastructure, mail, nis-2, phishing, resilience, risk, risk-analysis, risk-management, security-incident, threat, tool, vulnerability48 Prozent der Fälle von Datendiebstahl, Industriespionage oder Sabotage in Unternehmen gehen laut einer Studie auf Mitarbeiter zurück.Was wäre, wenn das größte Sicherheitsrisiko Ihrer Organisation bereits einen Mitarbeitendenausweis besitzt, legitim angemeldet ist und genau weiß, wie interne Prozesse funktionieren? Diese Frage ist unbequem, aber sie markiert den Ausgangspunkt für eine längst überfällige Auseinandersetzung mit Insider-Bedrohungen.…
-
Why AI Is Making Attack Surface Management Mandatory
Amit Sheps, head of product marketing at CyCognito, discusses the growing challenges cybersecurity teams face as artificial intelligence accelerates the expansion of enterprise attack surfaces. He explains why visibility, continuous assessment, and proactive risk management are becoming essential in an AI-driven threat landscape. Sheps argues that most teams are still stuck in “vulnerability whack-a-mole” mode,..…
-
For cyber risk assessments, frequency is essential
Tags: access, authentication, backup, breach, ciso, cloud, compliance, cyber, cyberattack, cybersecurity, data, data-breach, exploit, framework, GDPR, infrastructure, mitigation, network, password, radius, ransomware, regulation, risk, risk-assessment, risk-management, strategy, tool, vulnerabilityIdentifying vulnerabilities: A cyber risk assessment helps to identify security gaps in a company’s IT infrastructure, networks, and systems. This provides the opportunity to eliminate these vulnerabilities before they can be exploited by cybercriminals.Prioritize risk management measures: Not every system is critical, and not all of a company’s data is equally important. The results of the risk…
-
NIST’s Blueprint for AI Security: How Data Trust Enables AI Success
Tags: access, ai, attack, automation, business, cloud, compliance, control, csf, cybersecurity, data, endpoint, exploit, framework, governance, guide, intelligence, least-privilege, nist, risk, risk-management, saas, toolThe rapid adoption of artificial intelligence has forced organizations to confront a hard truth: AI changes the cybersecurity equation. New attack surfaces, new misuse patterns and new forms of automation require a different approach to managing risk. That’s why NIST has stepped forward. Through its draft AI cybersecurity profile, NIST CSF 2.0 and the AI…
-
AI-Powered Phishing Makes Human Risk Management Critical
AI-driven phishing is accelerating, making Human Risk Management critical. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ai-powered-phishing-makes-human-risk-management-critical/
-
Neue EU-Schwachstellen-Datenbank gestartet
Die neue GCVE-Datenbank soll das Schwachstellenmanagement effizienter und einfacher machen.Mit db.gcve.eu stellt die GCVE-Initiative (Global Cybersecurity Vulnerability Enumeration) ab sofort eine kostenfreie, öffentlich zugängliche Datenbank für IT-Sicherheitslücken bereit. Ziel ist es, die Abhängigkeit von US-Datenbanken zu beenden und die digitale Souveränität in Europa zu stärken. Die Plattform führt Informationen aus verschiedenen öffentlichen Ressourcen zusammen. Dazu…
-
From arts degree to cybersecurity: Rona Michele Spiegel brings fresh perspective to cyber leadership
Tags: ai, awareness, business, cisco, ciso, cloud, compliance, computer, cyber, cybersecurity, data, governance, group, hacking, Hardware, intelligence, jobs, network, office, penetration-testing, privacy, psychology, risk, risk-management, skills, software, startup, strategy, supply-chain, technology, tool, vulnerabilityRona Michele Spiegel’s journey to cybersecurity might seem unconventional to some: She studied the arts. But as someone who grew up when computers first appeared and everyone wanted to experiment with them, she did a lot of multimedia work. She was always interested in technology and discussed with art colleagues about where the world was…
-
News alert: Panorays study finds most CISOs lack vendor visibility as supply chain attacks climb
NEW YORK, Jan. 14, 2026, CyberNewswire, Panorays, a leading provider of third-party security risk management software, has released the 2026 edition of its annual CISO Survey for Third-Party Cyber Risk Management. The survey highlights third-party cyber risk… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/news-alert-panorays-study-finds-most-cisos-lack-vendor-visibility-as-supply-chain-attacks-climb/
-
CISOs flag gaps in third-party risk management
Third-party cyber risk continues to concern security leaders as vendor ecosystems grow, supply chains stretch, and AI plays a larger role in business operations. A recent … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/15/panorays-cisos-ai-vendor-risk/
-
SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats
Tags: access, ai, authentication, breach, business, communications, compliance, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, defense, government, grc, group, identity, incident response, infosec, infrastructure, malware, monitoring, phishing, ransomware, risk, risk-management, service, supply-chain, technology, theft, threat, toolFor government agencies and critical infrastructure operators, supply chain threats present national security risks that demand heightened vigilance. Public sector organizations managing sensitive data and critical services increasingly rely on contractors and technology vendors whose compromised credentials could provide adversaries with pathways into classified systems or essential infrastructure. Last year alone, the top 98 Defense…
-
2026 Study from Panorays: 85% of CISOs Can’t See Third-Party Threats Amid Increasing Supply Chain Attacks
New York, NY, January 14th, 2026, CyberNewsWire Panorays, a leading provider of third-party security risk management software, has released the 2026 edition of its annual CISO Survey for Third-Party Cyber Risk Management. The survey highlights third-party cyber risk as one of the most critical challenges facing security leaders today, driven largely by a lack of…
-
Tenable Is a Gartner® Peer Insights Customers’ Choice for Cloud-Native Application Protection Platforms
Tags: ai, api, attack, automation, banking, ciso, cloud, compliance, control, cybersecurity, data, detection, gartner, google, governance, healthcare, identity, infrastructure, microsoft, risk, risk-management, service, software, strategy, technology, tool, vulnerability, vulnerability-managementThis recognition, based entirely on feedback from the people who use our products every day, to us is a testament to the unmatched value Tenable Cloud Security CNAPP offers organizations worldwide. Our key takeaways: In our view, this peer recognition confirms Tenable’s strategic value in helping organizations worldwide, across all industry sectors, preemptively close critical…
-
What Enterprises Need in AI Governance Software – Kovrr
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/what-enterprises-need-in-ai-governance-software-kovrr/
-
Predict 2026: AI, Trust and the Security Reckoning Ahead
Join us at Predict 2026 to understand how AI transforms security, governance, and risk management, preparing leaders for the rapidly evolving landscape. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/predict-2026-ai-trust-and-the-security-reckoning-ahead/
-
Unlock remote work’s GRC impact: Challenges to opportunities
As organizations worldwide recalibrate their operations in the wake of unprecedented change, remote work has emerged not simply as a fleeting trend but as a mainstay of modern business. For compliance experts and leaders alike, this shift has introduced a complex interplay of governance, risk management, and compliance (GRC) challenges and opportunities. This article explores…The…
-
UK Government Launches Cyber Action Plan to Bolster Public Sector Security
The UK government has unveiled an ambitious £210 million cyber security initiative designed to fortify digital defenses across public sector departments and restore confidence in online government services. The centerpiece of the initiative is the newly formed Government Cyber Unit, which will coordinate risk management and incident response operations across all government departments. This centralized…
-
NIS2-Umsetzung: Neues BSI-Portal geht an den Start
Tags: bsi, ceo, cloud, cyber, gartner, infrastructure, linkedin, nis-2, resilience, risk-analysis, risk-management, service, vulnerabilityUnternehmen können sich ab sofort über das neue BSI-Portal als NIS2-Einrichtung registrieren und IT-Sicherheitsvorfälle melden.Seit Anfang Dezember gilt die EU-Sicherheitsrichtline NIS2 auch in Deutschland. Rund 29.500 Unternehmen sind dadurch verpflichtet, sich als NIS-2-Einrichtungen zu registrieren und dem Bundesamt für Sicherheit in der Informationstechnik (BSI) erhebliche Sicherheitsvorfälle zu melden. Vor diesem Hintergrund hat das BSI ein…
-
Die wichtigsten CISO-Trends für 2026
Tags: ai, ciso, compliance, cyersecurity, group, nis-2, resilience, risk, risk-management, software, supply-chain, tool, zero-trustLesen Sie, vor welchen Herausforderungen CISOs mit Blick auf das Jahr 2026 stehen.Das Jahr 2025 war für viele CISOs herausfordernd. Anfang des Jahres wurden mit dem Digital Operational Resilience Act (DORA) alle Finanzunternehmen dazu verpflichtet, ihre Cybersicherheit zu erhöhen. Zudem mussten sich in diesem Jahr zahlreiche Unternehmen mit der NIS2-Umsetzung auseinandersetzen. Vor welchen Schwierigkeiten stehen…
-
Holes in Veeam Backup suite allow remote code execution, creation of malicious backup config files
Tags: access, backup, credentials, cve, cvss, cybersecurity, data, exploit, jobs, malicious, monitoring, password, ransomware, remote-code-execution, risk, risk-management, sans, threat, update, veeam, vulnerabilityCVE-2025-59470 (with a CVSS score of 9) allows a Backup or Tape Operator to perform remote code execution (RCE) as the Postgres user by sending a malicious interval or order parameter;CVE-2025-59469 (with a severity score of 7.2) allows a Backup or Tape Operator to write files as root;CVE-2025-55125 (with a severity score of 7.2) allows a Backup…