Tag: Trends and Insights
-
What 2026’s data breach headlines reveal about the limits of data governance software
Read more: What 2026’s data breach headlines reveal about the limits of data governance softwareAs many business leaders will have noticed, data breach headlines have come thick and fast in early 2026, but the bigger story is not just volume. It is pattern. Look across the year’s most visible incidents and the same problem keeps surfacing through different routes. Different sectors, different systems, different immediate causes, but the same…
-
The hidden risks of quick‑fix compliance tools in an era of proof‑based regulation
Read more: The hidden risks of quick‑fix compliance tools in an era of proof‑based regulationRecent reporting suggests compliance leaders are entering a tougher phase. Regulatory fragmentation is pushing businesses away from self-declaration and toward verified data. Meanwhile AI, fraud, and rising complexity are turning compliance into a technology arms race just as already-stretched teams face tighter resources and mounting pressure to move faster. That is exactly why the idea…
-
AI is redefining third party risk: why your “approved” vendors may no longer be safe storage for data
Read more: AI is redefining third party risk: why your “approved” vendors may no longer be safe storage for dataFor years, vendor risk was treated almost exclusively as a procurement event. You assessed a new provider, negotiated terms, signed the contract and moved on to monitoring. However, that model is starting to break. The real issue now is not just new vendors entering your business ecosystem. Existing vendors are changing underneath you, in unprecedented…
-
Provision 29 compliance, explained: how boards can turn internal controls into a business advantage
Read more: Provision 29 compliance, explained: how boards can turn internal controls into a business advantageProvision 29 has changed the conversation for UK boards. This is no longer about showing you have policies, frameworks and good intentions on paper. It is about whether the board can stand up and say, publicly and with confidence, that the company’s material controls were effective at the balance sheet date, and explain how that conclusion was…
-
The new EU Cyber Resilience Act guidance is out. Here’s the business risk for compliance and risk teams
Read more: The new EU Cyber Resilience Act guidance is out. Here’s the business risk for compliance and risk teamsThe European Commission published draft EU Cyber Resilience Act guidance on March 3, 2026, and opened feedback until March 31. The draft focuses on the exact implementation knots teams have been struggling with: remote data processing, free and open-source software, support periods, and how the CRA fits with other EU laws. That means this is…
-
HF Sinclair’s CFO exits amidst a wave of prominent C-suite exits: breaking down the GRC trend behind the headlines
Read more: HF Sinclair’s CFO exits amidst a wave of prominent C-suite exits: breaking down the GRC trend behind the headlinesHF Sinclair’s CFO, Atanas Atanasov, took a voluntary leave of absence after concerns raised by the audit committee, one week after CEO Tim Go did the same. The internal review started after concerns were raised about the company’s 2025 disclosure process and “tone at the top,” and the audit committee ultimately reported no deficiencies in financial reporting controls or disclosure…
-
700+ passport scans exposed at Abu Dhabi Finance Week, reports say. Here’s the vendor mistake behind it
Read more: 700+ passport scans exposed at Abu Dhabi Finance Week, reports say. Here’s the vendor mistake behind itThis Abu Dhabi Finance Week leak is a vendor risk case study, not a cyber mystery The Financial Times and Reuters reported that a cloud environment linked to a third-party event vendor left scans of more than 700 passports and state identity documents accessible online via a web browser. The leak was discovered by security researcher Roni Suchowski, and the event reportedly hosted 35,000+…
-
Cyber Essentials tightens in April 2026: MFA and patching can now fail you fast
Read more: Cyber Essentials tightens in April 2026: MFA and patching can now fail you fastFrom April 2026, more organizations will fail Cyber Essentials. Not because the five controls are changing, but because the scheme is becoming far less forgiving of gaps between what you say you do and what is actually happening on systems day to day. Cyber Essentials has always been sold as baseline cyber hygiene. Baseline does…
-
DORA just got a UK handshake: the EU – UK ICT oversight pact is a warning shot for third-party risk
Read more: DORA just got a UK handshake: the EU – UK ICT oversight pact is a warning shot for third-party riskIf your business depends on a small set of shared providers like cloud, identity, payments, or data platforms, your operational resilience risk is no longer just a “your firm” issue. It’s a system wide dependency. Regulators are now shifting supervision to where that risk sits: at the provider level, not just inside each regulated company.…
-
Saudi sports law sets a new benchmark for governance, risk, and compliance in the Middle East
Read more: Saudi sports law sets a new benchmark for governance, risk, and compliance in the Middle EastAcross the Middle East, governance, risk, and compliance are undergoing a quiet but consequential shift. What was once treated as a supporting function is increasingly becoming a core driver of credibility, investment, and long-term resilience. This change is not being led by speeches, slogans or strategy documents. It is showing up in how regulation is…