The RiskTech Journal
The RiskTech Journal is your premier source for insights on cutting-edge risk management technologies. We deliver expert analysis, industry trends, and practical solutions to help professionals stay ahead in an ever-changing risk landscape. Join us to explore the innovations shaping the future of risk management.
Browse the latest RTJ insight articles and news updates and below
The RiskTech Journal Online Subscription is a premier resource for executives and professionals focused on the intersection of risk management and technology. It provides subscribers with access to a curated collection of articles and expert insights designed to enhance risk management strategies through technological innovation. With its online format, the RiskTech Journal offers flexible access to critical information, helping leaders make informed decisions and stay competitive.
Cyberattack on Grocery Giant Exposes Global Risk Management Gaps
As organizations like Ahold Delhaize increasingly rely on technology for inventory management, e-commerce, and logistics, cyber disruptions can extend beyond IT systems to affect global supply chains and customer trust. This event serves as a wake-up call for businesses globally to adopt an Integrated Risk Management (IRM) approach to ensure performance, resilience, assurance, and compliance in an interconnected digital landscape.
The Exponential Growth of Cybersecurity Risks and Their Impact on Business Operations
The recent UnitedHealth hack, as detailed in a Wall Street Journal article today, serves as a stark reminder of the growing scale and severity of cybersecurity threats. UnitedHealth’s ongoing struggle with this breach reveals the broader business risks that companies face when a cyber incident occurs, particularly as the monetary and operational impacts spiral far beyond initial forecasts.
Moving Beyond a Security-Based Mindset: The Need for Integrated Disclosure and Internal Controls
In today’s interconnected and complex business environment, it is crucial for organizations to shift away from a security-based mindset that focuses narrowly on immediate threats. Instead, they must adopt an integrated risk management (IRM) approach that balances both tactical and strategic risk perspectives. Lessons learned from the SolarWinds cyberattack serve as a stark reminder of this necessity.
SEC Clarifies Cybersecurity Incident Disclosure Rules: Key Takeaways for Companies
The Securities and Exchange Commission (SEC) continues to refine its stance on the disclosure of material cybersecurity incidents, addressing corporate concerns and compliance complexities. On June 20, 2024, Erik Gerding, the Director of the SEC’s Division of Corporation Finance, provided further clarification regarding the selective disclosure of cybersecurity incidents. This move comes in response to persistent questions surrounding the SEC’s final cybersecurity disclosure rules, specifically under Item 1.05 of Form 8-K.
Understanding the New SEC Cybersecurity Incident Disclosure Rule: Trends and Implications
In the wake of increasing cybersecurity threats, the Securities and Exchange Commission (SEC) has implemented the Cybersecurity Incident Disclosure Rule, which took effect on December 18, 2023. This rule mandates publicly traded companies to disclose material cybersecurity incidents within four business days of recognizing their materiality. Here, we dissect the early trends observed since the rule's implementation and the broader implications for corporate disclosure practices.
CIRCIA’s New Rules on Critical Infrastructure: Incorporating IRM to Manage a $2.6 Billion Economic Impact
As the Cybersecurity and Infrastructure Security Agency (CISA) ushers in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), an estimated 316,244 organizations within vital sectors stand at the cusp of significant regulatory shifts. Amidst this landscape, the strategic incorporation of Integrated Risk Management (IRM) becomes crucial not just for compliance but for bolstering cyber defenses in the face of a projected $2.6 billion economic impact over the next decade.
The Looming Shadow of the EU Cyber Resilience Act: How Integrated Risk Management Can Be Your Shield
The European Union's Cyber Resilience Act (CRA) looms large on the horizon, casting a shadow of both challenge and opportunity for companies selling software and connected devices in the EU. While the act's enforcement date is still months away, its comprehensive cybersecurity regulations demand proactive preparation from manufacturers, importers, and distributors alike.
NIST CSF 2.0: Charting Your Course with IRM Technology and IRM Navigator™
This week’s release of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0 presents a significant opportunity for organizations to strengthen their cybersecurity posture. This updated framework underscores the critical role of risk management in building cyber resilience, offering valuable guidance in a rapidly evolving threat landscape. However, navigating the implementation of NIST CSF 2.0 can be challenging, often hampered by siloed data, fragmented processes, and limited visibility into overall risk exposure.
Shifting Gears: Palo Alto Networks and the Future of Cybersecurity
Palo Alto Networks is taking deliberate steps to align more closely with the burgeoning Integrated Risk Management (IRM) market in a move that signals a profound shift within the cybersecurity industry. While placing Palo Alto outside of the direct IRM market play, this strategy is symbolic of a broader industry evolution. It underscores a critical pivot towards integrating cybersecurity data feeds with IRM solutions to provide a comprehensive, business-focused risk analysis.
Latest SEC Reports Reveal Devastating Digital Risks
In an era of unpredictability and the intertwining of global digital risks, the recent cyberattacks on Clorox and Johnson Controls serve as a stark wake-up call for businesses worldwide. Currently estimated at a combined cost of $76 million, these incidents underscore the critical need for a more sophisticated, proactive approach to risk management. The just published Accenture Risk Study: 2024 Edition echoes this sentiment, revealing a concerning trend: 72% of businesses admit their risk management capabilities are lagging behind the evolving nature of threats, particularly in cybercrime.
Ticking Clock: Companies Scramble to Meet SEC Cybersecurity Rules, Audit Partners Cautious
With the December 15th deadline for the SEC's new cybersecurity risk disclosure rules rapidly approaching, companies are intensifying their preparations. The Center for Audit Quality’s (CAQ) biannual Audit Partner Pulse Survey provides valuable insights into the corporate response, especially in the context of the complex economic, political, and technological challenges businesses currently face.
SEC's Cybersecurity Countdown: Critical Steps for Public Companies
As the December 2023 deadline looms, U.S. public companies and their third parties face a critical juncture in cybersecurity risk management. The SEC's new disclosure rules demand swift adaptation, with implications for cybersecurity practices and risk management infrastructures. The upcoming webinar, "Cyber Risk Reporting to the Board: A Step-by-Step Playbook," offers an in-depth analysis and actionable strategies for compliance.
Integrated Risk Management: The Linchpin for Bridging SEC and NYDFS Cybersecurity Regulations
In response to escalating cyber threats, regulatory bodies such as the New York State Department of Financial Services (NYDFS) and the U.S. Securities and Exchange Commission (SEC) have fortified their cybersecurity rules, presenting a complex regulatory environment for financial institutions. As entities strive to comply with the nuanced requirements of the NYDFS's updated cybersecurity regulations and the SEC's proposed rules, Integrated Risk Management (IRM) emerges as a crucial strategy, providing a unified framework to manage cybersecurity risks and regulatory compliance effectively.
The Convergence of Cybersecurity and Operational Risk: Lessons from the Clorox Breach
The Clorox cyberattack, which led to a whopping 20% drop in shares since August, highlights the ripple effect a cybersecurity incident can have on operational processes. Here, a technology-centered vulnerability impacted the company's operational capabilities, and consequently, its market value. Such setbacks not only disrupt the daily functioning of an organization but can tarnish its reputation and erode stakeholder trust.
Bridging the Security Gap: Integrated Risk Management’s Response
In response to recent comments by Palo Alto Networks CEO Nikesh Arora on the need for rapid, modernized cybersecurity defenses, John A. Wheeler emphasizes the crucial role of Integrated Risk Management (IRM). John draws from his extensive expertise to highlight the four key benefits of IRM: a unified view, intelligent resource allocation, streamlined compliance, and strategic future-proofing, addressing both the challenges and solutions in today’s evolving threat landscape.
The Future of Cybersecurity: Navigating NIST CSF 2.0 with IRM
In the complex and ever-changing cybersecurity landscape, the NIST Cybersecurity Framework (CSF) 2.0 emerges as a beacon for organizations striving to manage and mitigate cybersecurity risk. Integrated Risk Management (IRM) technology plays a pivotal role in this journey, bridging the gaps between various risk management disciplines and fully integrating cybersecurity risk with Enterprise Risk Management (ERM).
Decoding the New SEC Cybersecurity Rules: Material Incident Reporting and Risk Management Disclosures
The Securities and Exchange Commission (SEC) recently adopted new rules to enhance and standardize public companies’ cybersecurity incident reporting and risk management disclosures. These rules, effective in December, represent a significant shift in the regulatory landscape. Companies must act now to ensure they are prepared, and Integrated Risk Management (IRM) can play a crucial role in this process.
Navigating Cybersecurity: The SEC's New Disclosure Rules and the Role of Integrated Risk Management
In response to the escalating significance of cybersecurity threats in today’s digital era, the Securities and Exchange Commission (SEC) has set the stage for a major transformation in corporate cybersecurity disclosures. Integrated Risk Management (IRM) can serve as the perfect ally to companies as they adapt to these changes.