Skip to main content
CISO Daily

All Articles

  • Quantifying Cyber Risk for the Board: Combining NIST CSF 2.0 with FAIR

    Quantifying Cyber Risk for the Board: Combining NIST CSF 2.0 with FAIR

    Boards are asking for cyber risk in business terms, not security metrics. This brief explains how to combine NIST CSF 2.0's Govern function with FAIR financial quantification to produce board-ready risk reporting.

    risk-analysis
  • Cyber Due Diligence in M&A: What CISOs Need to Assess Before the Deal Closes

    Cyber Due Diligence in M&A: What CISOs Need to Assess Before the Deal Closes

    Mergers and acquisitions carry hidden cyber risk that traditional financial due diligence doesn't capture. This brief covers what CISOs must assess before signing, the regulatory obligations that transfer with an acquisition, and how to structure post-merger security integration.

    risk-analysis
  • Cyber Insurance in 2026 -- What CISOs Need to Know Before Renewal

    Cyber Insurance in 2026 -- What CISOs Need to Know Before Renewal

    The cyber insurance market has hardened significantly. Insurers are scrutinising security controls more closely than ever, exclusions are expanding, and the gap between policy wording and actual coverage is catching organisations off-guard. What every CISO needs to understand before the next renewal.

    risk-analysis
  • NIS2 Directive: The CISO's Compliance Roadmap by Sector

    NIS2 Directive: The CISO's Compliance Roadmap by Sector

    What CISOs must implement under the EU's NIS2 Directive -- sector-specific obligations, board accountability requirements, and the cost of non-compliance.

    regulatory-update
  • How to Present Cyber Risk to the Board: A Framework That Works

    How to Present Cyber Risk to the Board: A Framework That Works

    Moving beyond FUD to quantified risk. How CISOs can use FAIR methodology, key risk indicators, and business-aligned language to secure meaningful board engagement.

    risk-analysis
  • The True Cost of a Ransomware Incident in 2026

    The True Cost of a Ransomware Incident in 2026

    Beyond the ransom: a comprehensive breakdown of ransomware incident costs including downtime, legal exposure, regulatory fines, and long-term reputational damage.

    risk-analysis
  • Vendor Risk Management When Adopting AI Tools

    Vendor Risk Management When Adopting AI Tools

    A practical framework for CISOs evaluating AI tool vendors: data residency requirements, model security considerations, and the contractual controls that protect your organization.

    briefing
  • DORA: ICT Risk Management Requirements for Financial Entities

    DORA: ICT Risk Management Requirements for Financial Entities

    A CISO's guide to the Digital Operational Resilience Act -- what financial institutions must implement, how DORA interacts with NIS2, and the oversight regime for critical third-party providers.

    regulatory-update