If you’ve been following any of our recent webinars or in-person presentations, you’ve heard us talk a lot about shifting the mindset from a focus on compliance to a risk-first approach. We’ve discussed that the best way to do this is to align your risk management program to specific outcomes, where compliance becomes a subset of your risk management program. But what does that mean specifically? And what are some examples of how this can be done?

Global third-party suppliers have become an essential resource for many companies, providing crucial strategic and competitive support. Outsourcing, however, is not without its dangers. As dependency on third parties grows, so do the chances of supply chain, compliance, or reputation risks that hit your organization through those third parties. Your management team will need to address those risks somehow.

There are a lot of buzzwords and hot topics in the cyber security industry but there’s one thing we GRC professionals can not agree upon … risk assessments. Some people start with a pre-built risk register while others start by conducting internal surveys. Some re-assess risk annually, some use mathematical equations and some still use spreadsheets!

The Reciprocity® Community Edition is now available and is your chance to see the new Reciprocity ROAR Platform in action and it…is…totally…free! This is a great opportunity for you to not only get an instance of the ROAR Platform but also to see how the Reciprocity Community can provide you with meaningful content and connections to other organizations facing similar challenges. And did I mention that it’s free?!?

In a world full of security breaches and litigation, every organization needs a solid strategy to identify and reduce risks relating to the use of third parties, e.g., vendors, suppliers, partners, contractors, or other service providers.

The 2021 CrowdStrike Global Security Attitude Survey found that on average, organizations take 146 hours to discover a cybersecurity incursion, an alarming increase on the 2020 average of 117 hours. This means that an intruder could remain inside an enterprise network for more than six days before detection. Moreover, those attackers can move laterally across the network in just 92 minutes, searching for — and often finding — sensitive enterprise data or other high-value assets.

Learn how the industrial internet of things (IIoT) is changing industries around the world, and what your business can do to make sure your IIoT devices are secure. The fourth industrial revolution – industry 4.0, as some are calling it – is upon us. As digital transformation sweeps across manufacturing, production and related industries, many organizations are grappling with this new stage in the organization and control of the industrial value chain.

Operational risk is defined as the risk of a loss that results from inadequate or failed business processes, people and systems, or from external events. More simply, operational risk pertains to any uncertainty or threat your organization faces (or might face in the future) during day-to-day business activities. The risk arises from operational disruptions and is likely to result in losses or reputational damage. Some operational risk is inevitable for every organization.

Most businesses today want to deliver modern applications, products, and services to customers as efficiently as possible. This seemingly simple goal is far more complex than it sounds – particularly in the age of digital transformation.

Global regulations for data privacy and cybersecurity are quickly becoming more common and more stringent. That puts added pressure on organizations to manage their risks appropriately or face potentially painful consequences. In particular, organizations around the world and across industries are experiencing high demand from regulators to implement compliance risk management.