There has been a lot of talk about ChatGPT since it burst onto the market several months ago. And despite its infancy and the lack of standardized regulations around intelligent automation — the OpenAI tool has exploded into the tech ecosystems of businesses everywhere. While many see significant benefits from its use, few discuss the cyber risk to the industry and our organizations.

According to a 2022 Verizon report, 43 percent of all data breaches reported worldwide targeted small and medium-sized businesses – with numerous businesses reporting at least eight hours of downtime after a severe cybersecurity incident. Little surprise, then, that demand for cyber liability insurance has surged in recent years. Businesses – especially small ones, with fewer financial resources – want to be made whole after a disruption.

Naming a company is one of the most important decisions a business ever makes. It’s the first thing potential customers will see, and it’s what they’ll use to remember you. A good company name helps establish credibility and image.

The security industry spent decades propagating the myth that risk is bad, and you must eliminate it — but this truth is… Your biggest risk could be the way you view it. You see, there are various “lenses” through which to view risk: rose-colored, blinders, magnifying and crystal clear. After presenting this concept at an ISACA-sponsored webinar, I received many questions and comments about putting this into practice.

Chief information security officers (CISOs) have both internal- and external-facing roles. Externally, they must constantly scan the horizon for potential threats. Internally, they must implement, communicate, and champion best practices for security at their enterprises. In a time of sprawling global supply chains and growing automation, the role of the CISO is more complex than ever. To carry out this role effectively, CISOs must learn the importance of trust management.

When you think about third-party risk management, what comes to mind? Are you concerned with measuring the effectiveness of your program? Do you know which third-party providers to focus your risk management efforts on? How are you evaluating your providers during the due diligence process?

Companies around the world and across industries face greater cyber threats than ever before. Cybersecurity incidents are becoming ever more frequent, and the costs associated with those attacks have marched upward too. As the risks grow, companies have strengthened their capabilities, both in prevention and incident response. Still, no company can guarantee that it will never be hacked, so companies must have cyber insurance in place in case the worst happens.

Internal controls can serve two purposes: to protect a business from accounting fraud, asset loss, or similar financial reporting failures; and to assure that the business meets its regulatory compliance obligations. An audit evaluates the accuracy of a company’s financial statements and the effectiveness of its internal control system to identify control weaknesses. In addition, audits typically include some form of substantive testing, which tests for risks of material misstatements and errors.

These four words are all too familiar to most CISOs and Risk Managers. In fact, nearly 70% of cybersecurity practitioners and decision-makers feel that their organization doesn’t have enough security staff to be effective, found a recent Cybersecurity Workforce Study.1 Infosec and cyber risk management teams are usually small, stretched thin and overwhelmed with work.

Legal authorities and the general public typically hold organizations accountable for any harm caused during their daily operations. The expectation is that leaders of those organizations have considered the potential harms that might happen, and implemented reasonable precautions to reduce or eliminate the risks. This is known as the “DoCRA standard.”