Joe Donohue’s Post

This is why we can't have nice things. There is no longer such thing as "cybersecurity" in the IT stack from which it was birthed. The evolution is to move and align cyber-related risks with the REST of corporate risk and governance. This would dramatically reduce the success of attacks and increase focused spending on these issues in business terms, with business outcomes. We need to get cyber out of the basement and into the real world with the rest of the adults. To try to keep it on its own and build tactical audit and compliance, R&Rs will continue to fail as it has for decades. Data is the problem. Govern the data. Do it in business terms. THEN, apply operational controls that measure outcomes in dollars and cents, not bits and bytes.

How do you translate awareness into action when it comes to cyber risk? X-Analytics Cyber Reporting Service provides your board with continuous analysis and actionable guidance to protect your organization's financial interests. Experienced cyber risk management, corporate governance, and regulatory compliance experts across multiple industries provide actionable guidance and insightful decision-making tools. Find out more https://ow.ly/VkCq50SioJN

Cyber Risk Alert!! As the Cyber Risk Advisor to the NACD (National Association of Corporate Directors) we have selected an approach that applies business, operational and financial context to cyber threats impacting your organization. Combined with a risk reducing strategy! Learn Below!! X-Analytics (SSIC) John Frazzini Peter Gleason https://lnkd.in/e4xyPgXf

"For the first time, this new X-Analytics (SSIC) reporting provides me with something actionable. It shows you're aligning your cyber strategy with the priorities of the business." -CEO @ a Publicly Traded High Tech Company It's extremely fulfilling to provide organizations and security teams with information they need to enhance their cyber resilience, and it's awesome to work w/ such a forward-thinking and impactful organization like the NACD (National Association of Corporate Directors). Kyle Ferguson Kevin Richards Christopher Hetner #cybergovernance #cyberrisk

Investors ... we have a problem. While the new SEC Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules don't require that companies declare which cybersecurity standards they use, a very worrisome trend is emerging when we look for those citations. Companies seem to be confusing "risk management" with "compliance." Risk analysis means thinking through the likelihood and impact of harms that may occur. In the SEC's case, we need to consider risk of harm to investors. So why do so few companies who cite their cybersecurity controls standards also cite their risk assessment standards? It's the risk assessment standards that would estimate the risk to investors, no?

How does cybersecurity intersect with Operational Risk Management (ORM) in the investment management industry? Our latest whitepaper dives deep into the critical role of ORM in managing cybersecurity risks. It outlines how good planning can reduce large scale risk or operational failure in worst case scenarios. The paper provides key insights into understanding operational risk drivers, how to integrate cybersecurity within ORM frameworks and the essential role of a Chief Information Security Officer (CISO) in driving ORM. Don’t miss out on strategies to bolster your firm’s resilience against cyber threats. Read the full whitepaper now and discover how Adeptyx Consulting can guide your cybersecurity journey.  Ari Fuad, CFA Richard Tweed Lars Ranger Runar Andersen Ryan Blackhall https://lnkd.in/gUs6A2BF

Cyber risk management: What leaders can learn from Australia “As a society, we’re still lacking a solid basis for understanding cyber—it’s too often a case of ‘let’s bring in the expert to deal with this,’” he explains. “It’s important for boards to recognize that cyber is both a business risk and a technology risk. Technology risks don’t exist independent of other risks.” Read more here: https://buff.ly/3PfmI6O

Introducing SmartRisk Agent :Revolutionising Human Risk Management 🚀 We have just unveiled SmartRisk Agent, a game-changing tool in the world of cybersecurity. Why it's brilliant: 📊 Real-time risk scoring: Assess individual employee risk instantly  🎯 Personalised training: Tailored learning paths based on risk profiles  🔍 Comprehensive insights: Gain a holistic view of your organisation's security posture  ⚡ Automated workflows: Streamline your security processes effortlessly SmartRisk Agent™ doesn't just identify risks—it actively helps mitigate them. By focusing on human behaviour, it transforms your workforce into a robust line of defence against cyber threats. 🤔 Curious about how it works? KnowBe4's blog post offers a deep dive into this innovative solution. Check it out here: https://lnkd.in/eJHYdXKj #CybersecurityInnovation #HumanRiskManagement #KnowBe4 #SmartRiskAgent #AIinSecurity KnowBe4 Partners Benjamin Symons Teddy Burton Ellis Swindles-Rimmer Lewis Bramley

🚀 Introducing SmartRisk Agent™: Revolutionising Human Risk Management 🛡️ Exciting news from KnowBe4! They've just unveiled SmartRisk Agent™, a game-changing tool in the world of cybersecurity. Why it's brilliant: 📊 Real-time risk scoring: Assess individual employee risk instantly  🎯 Personalised training: Tailored learning paths based on risk profiles  🔍 Comprehensive insights: Gain a holistic view of your organisation's security posture  ⚡ Automated workflows: Streamline your security processes effortlessly SmartRisk Agent™ doesn't just identify risks—it actively helps mitigate them. By focusing on human behaviour, it transforms your workforce into a robust line of defence against cyber threats. 🤔 Curious about how it works? KnowBe4's blog post offers a deep dive into this innovative solution. Check it out here: https://lnkd.in/eFkk9dKf #CybersecurityInnovation #HumanRiskManagement #KnowBe4 #SmartRiskAgent #AIinSecurity KnowBe4 Partners Steve Gray Harry Fredrickson Ellis Swindles-Rimmer

These are great questions to ask as well as “Is the cost of a control greater than the value it provides?” Too many times as security practitioners we assume a control has value but never set down and measure the true value of it.