Tag: Trends and Insights
-
Anthropic, OpenAI, and the UK government just sent the same cyber warning – here’s what you need to know as a GRC leader
Read more: Anthropic, OpenAI, and the UK government just sent the same cyber warning – here’s what you need to know as a GRC leaderLast week’s AI headlines did not just signal another round of model launches. They signaled a shift in cyber risk that business leaders should take seriously. In the space of a few days, Anthropic unveiled Mythos, OpenAI expanded trusted access to a more cyber-capable model for verified defenders and the UK government issued an open…
-
As the US cools and Europe pushes on, ESG reporting is becoming a governance problem
Read more: As the US cools and Europe pushes on, ESG reporting is becoming a governance problemRecent ESG headlines are not pointing in one simple direction. In the U.S., the political environment has become less supportive of climate-related regulation under the current administration, but investor pressure has not disappeared. In the past week alone, investors pressed Amazon, Microsoft, and Google for sharper disclosure on the water and power demands of their…
-
The ICO has put AI hiring under the risk and compliance spotlight. Enterprise leaders should pay attention.
Read more: The ICO has put AI hiring under the risk and compliance spotlight. Enterprise leaders should pay attention.On 31 March 2026 UK’s Information Commissioner’s Office (ICO), called on businesses to review their use of automated decisions in recruitment and published fresh expectations for organizations using automated decision-making in hiring. The regulator said it had engaged with more than 30 employees, wrote to 16 organizations likely to be using automated decision-making in candidate…
-
What 2026’s data breach headlines reveal about the limits of data governance software
Read more: What 2026’s data breach headlines reveal about the limits of data governance softwareAs many business leaders will have noticed, data breach headlines have come thick and fast in early 2026, but the bigger story is not just volume. It is pattern. Look across the year’s most visible incidents and the same problem keeps surfacing through different routes. Different sectors, different systems, different immediate causes, but the same…
-
The hidden risks of quick‑fix compliance tools in an era of proof‑based regulation
Read more: The hidden risks of quick‑fix compliance tools in an era of proof‑based regulationRecent reporting suggests compliance leaders are entering a tougher phase. Regulatory fragmentation is pushing businesses away from self-declaration and toward verified data. Meanwhile AI, fraud, and rising complexity are turning compliance into a technology arms race just as already-stretched teams face tighter resources and mounting pressure to move faster. That is exactly why the idea…
-
AI is redefining third party risk: why your “approved” vendors may no longer be safe storage for data
Read more: AI is redefining third party risk: why your “approved” vendors may no longer be safe storage for dataFor years, vendor risk was treated almost exclusively as a procurement event. You assessed a new provider, negotiated terms, signed the contract and moved on to monitoring. However, that model is starting to break. The real issue now is not just new vendors entering your business ecosystem. Existing vendors are changing underneath you, in unprecedented…
-
Provision 29 compliance, explained: how boards can turn internal controls into a business advantage
Read more: Provision 29 compliance, explained: how boards can turn internal controls into a business advantageProvision 29 has changed the conversation for UK boards. This is no longer about showing you have policies, frameworks and good intentions on paper. It is about whether the board can stand up and say, publicly and with confidence, that the company’s material controls were effective at the balance sheet date, and explain how that conclusion was…
-
The new EU Cyber Resilience Act guidance is out. Here’s the business risk for compliance and risk teams
Read more: The new EU Cyber Resilience Act guidance is out. Here’s the business risk for compliance and risk teamsThe European Commission published draft EU Cyber Resilience Act guidance on March 3, 2026, and opened feedback until March 31. The draft focuses on the exact implementation knots teams have been struggling with: remote data processing, free and open-source software, support periods, and how the CRA fits with other EU laws. That means this is…
-
HF Sinclair’s CFO exits amidst a wave of prominent C-suite exits: breaking down the GRC trend behind the headlines
Read more: HF Sinclair’s CFO exits amidst a wave of prominent C-suite exits: breaking down the GRC trend behind the headlinesHF Sinclair’s CFO, Atanas Atanasov, took a voluntary leave of absence after concerns raised by the audit committee, one week after CEO Tim Go did the same. The internal review started after concerns were raised about the company’s 2025 disclosure process and “tone at the top,” and the audit committee ultimately reported no deficiencies in financial reporting controls or disclosure…
-
700+ passport scans exposed at Abu Dhabi Finance Week, reports say. Here’s the vendor mistake behind it
Read more: 700+ passport scans exposed at Abu Dhabi Finance Week, reports say. Here’s the vendor mistake behind itThis Abu Dhabi Finance Week leak is a vendor risk case study, not a cyber mystery The Financial Times and Reuters reported that a cloud environment linked to a third-party event vendor left scans of more than 700 passports and state identity documents accessible online via a web browser. The leak was discovered by security researcher Roni Suchowski, and the event reportedly hosted 35,000+…