risk-analysis
-
Post-Quantum Cryptography: The Migration Decision CISOs Can No Longer Defer
NIST's post-quantum cryptography standards are final, NSA compliance deadlines for national security systems begin in January 2027, and adversaries are already collecting encrypted data for future decryption. This briefing provides CISOs with the governance framework for starting migration now.
risk-analysis -
Geopolitical Cyber Risk in 2026: A Briefing Framework for Boards and CISOs
Nation-state cyber operations have moved from targeted espionage to broad pre-positioning and disruptive campaigns affecting commercial organisations. This briefing provides CISOs with a framework for assessing and communicating geopolitical cyber risk to boards.
risk-analysis -
Shadow AI: The Governance Gap That's Driving Your Next Data Breach
Three quarters of CISOs have already discovered unsanctioned GenAI tools running in their environments. The data suggests the breach hasn't happened yet -- but the conditions are in place.
risk-analysis -
NIS2 Supply Chain Security: What Article 21 Actually Requires -- and What Most Organisations Are Getting Wrong
NIS2 Article 21 mandates supply chain security as a core cybersecurity obligation for essential and important entities. This briefing covers what the directive requires, the implementation gaps most organisations have, and what boards need to understand before their national regulator comes looking.
risk-analysis -
The AI Vulnerability Wave: What Every CISO Needs to Tell the Board Right Now
Anthropic's Project Glasswing found 10,000+ critical vulnerabilities in open source in a single month. The NCSC has warned of a forced correction of technical debt. What this means for board risk posture, vendor expectations, and patch SLAs that are already obsolete.
risk-analysis -
Quantifying Cyber Risk for the Board: Combining NIST CSF 2.0 with FAIR
Boards are asking for cyber risk in business terms, not security metrics. This brief explains how to combine NIST CSF 2.0's Govern function with FAIR financial quantification to produce board-ready risk reporting.
risk-analysis -
Cyber Due Diligence in M&A: What CISOs Need to Assess Before the Deal Closes
Mergers and acquisitions carry hidden cyber risk that traditional financial due diligence doesn't capture. This brief covers what CISOs must assess before signing, the regulatory obligations that transfer with an acquisition, and how to structure post-merger security integration.
risk-analysis -
Cyber Insurance in 2026 -- What CISOs Need to Know Before Renewal
The cyber insurance market has hardened significantly. Insurers are scrutinising security controls more closely than ever, exclusions are expanding, and the gap between policy wording and actual coverage is catching organisations off-guard. What every CISO needs to understand before the next renewal.
risk-analysis