#enterprise-risks
#enterprise-risks

22 hours ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

Boards Are Falling Short on Cybersecurity

Boards recognize the need for cybersecurity investments, yet the worsening cybercrime situation suggests governance may be deteriorating.

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

fromBusiness Matters

5 IT Mistakes That Still Catch Small Businesses Off Guard

Cybersecurity is a critical concern for SMEs, yet many underestimate the risks and only seek help after incidents occur.

Stakeholder Confidence in the Age of Digital Threats: PR as a Security Asset

Cybersecurity involves both technical measures and effective communication to maintain stakeholder trust during incidents.

EU data protection

22 hours ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

Boards Are Falling Short on Cybersecurity

Boards recognize the need for cybersecurity investments, yet the worsening cybercrime situation suggests governance may be deteriorating.

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

fromBusiness Matters

5 IT Mistakes That Still Catch Small Businesses Off Guard

Cybersecurity is a critical concern for SMEs, yet many underestimate the risks and only seek help after incidents occur.

The people who always have a backup plan aren't pessimists. They grew up in environments where promises were unreliable, and redundancy became the only architecture that didn't collapse when someone changed their mind without warning. - Silicon Canals

Obsessive planners are often generous, driven by past experiences that teach them to prepare for uncertainties.

21 hours ago

No mediocre worker is safe the bar for keeping your job just went up

Companies are replacing underperforming employees with better talent due to constrained hiring budgets and a focus on maximizing performance.

Online learning

fromeLearning Industry

19 hours ago

Continuous Learning Cultures: What High Performing Organizations Do Differently

Organizations must adopt a continuous learning culture to keep pace with rapid changes in technology and evolving job roles.

Healthcare

Dignity as a competitive business model

Healthcare affordability is forcing families to delay care, highlighting the need for dignity-centered care models that prioritize patient respect and community health.

#ai-governance

fromMarTech

Your AI governance gap is bigger than you think | MarTech

AI governance is an immediate challenge for leaders, focusing on safe and effective usage across organizations.

fromComputerWeekly.com

EU data protection

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

fromMarTech

Your AI governance gap is bigger than you think | MarTech

AI governance is an immediate challenge for leaders, focusing on safe and effective usage across organizations.

EU data protection

fromComputerWeekly.com

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

Bootstrapping

Your Management Strategy Is Doomed to Fail If You Don't Do This

Effective management focuses on execution through a straightforward approach: face reality, investigate issues, fix them systematically, and own the outcomes.

Productivity

How Senior Leaders Make Fewer, Better Decisions

Senior leaders must make high-impact decisions with less visibility by treating decision-making as a discipline and designing supportive systems.

Bootstrapping

Your Management Strategy Is Doomed to Fail If You Don't Do This

Effective management focuses on execution through a straightforward approach: face reality, investigate issues, fix them systematically, and own the outcomes.

Productivity

How Senior Leaders Make Fewer, Better Decisions

Senior leaders must make high-impact decisions with less visibility by treating decision-making as a discipline and designing supportive systems.

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

Tech industry

22 hours ago

Goodbye, middle managers. Hello, 'player-coaches' and 'org leads.'

Meta and Block are redefining managerial roles to embrace AI, with Meta introducing 'org leads' and Block using 'player-coaches'.

Remote teams

fromInfoQ

How to Handle Trusts and Psychological Safety When Scaling Organizations

Trust must be built team by team; it cannot be replicated as organizations scale.

Startup companies

This Business Model Is the Hidden Goldmine For Boosting Profits

Done-For-You business models are surging as entrepreneurs seek results without managing every task themselves.

DevOps

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

#data-breach

fromSilicon Canals

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

fromSilicon Canals

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

Why Leaders Often Discover Organizational Problems Too Late

Hidden problems in teams often remain unreported due to a culture that discourages early issue escalation, leading to delayed responses and increased costs.

Your CEO gives you the ick. Now what?

Emily's perception of her CEO's integrity is compromised after discovering his affair, affecting her confidence in promoting company values.

Fundraising

How giving starts progress and leadership scales it

Volatility and accountability are transforming philanthropy, requiring leadership to drive impactful change.

#reputation-management

London startup

For London's fintech and SaaS firms, digital risk is no longer theoretical - London Business News | Londonlovesbusiness.com

Reputation is a critical business variable for fintech and SaaS companies, impacting partnerships, regulations, and revenue.

Social media marketing

Not All PR Fires Burn the Same - Here's How to Put Them Out

Reputation management during a crisis requires digital intervention and a well-crafted media response to effectively control the narrative.

London startup

For London's fintech and SaaS firms, digital risk is no longer theoretical - London Business News | Londonlovesbusiness.com

Reputation is a critical business variable for fintech and SaaS companies, impacting partnerships, regulations, and revenue.

Social media marketing

more#reputation-management

Not All PR Fires Burn the Same - Here's How to Put Them Out

Reputation management during a crisis requires digital intervention and a well-crafted media response to effectively control the narrative.

Marketing

Beyond earned media: A new PR playbook

A strong PR plan balances daily visibility with long-term brand building, adapting to evolving media landscapes and consumer habits.

US Elections

Prediction markets have sparked a golden age of insider trading-but the party may be coming to an end | Fortune

Insider trading in prediction markets has surged, raising concerns about unethical betting practices and lack of regulatory oversight.

Python

fromTNW | Artificial-Intelligence

The State of Trusted Open Source Report

AI is reshaping software development and security, influencing container image usage and vulnerability management.

#artificial-intelligence

Business intelligence

Human-governed AI. How Fortis Solutions is building trust in intelligent infrastructure

AI is reshaping work while emphasizing the necessity of human governance and intention in technology.

fromTNW | Artificial-Intelligence

Artificial intelligence

Don't Let AI Destroy the Skills That Make Your Company Competitive

Business intelligence

Human-governed AI. How Fortis Solutions is building trust in intelligent infrastructure

AI is reshaping work while emphasizing the necessity of human governance and intention in technology.

more#artificial-intelligence

Don't Let AI Destroy the Skills That Make Your Company Competitive

AI can enhance performance but risks undermining an organization's unique identity and adaptability.

Data science

fromComputerworld

AI project 'failure' has little to do with AI

The reliability of genAI is compromised by various factors, necessitating independent verification of its outputs.

fromFuturism

19 hours ago

The Real Reason OpenAI Shut Sora Down Is a Warning to Every AI Startup

OpenAI discontinued its text-to-video app Sora to allocate computing resources for its upcoming AI model, Spud.

Law

The Workplace Liability Too Many Leaders Ignore

Slip-and-fall accidents can lead to significant legal, financial, and operational challenges for businesses.

Bootstrapping

How to Build Financial Resilience as a Solopreneur

Designing a delivery model and client journey is crucial for business stability and avoiding the feast or famine cycle.

Boards Need to Rethink How They Advise CEOs

Boards need to adapt discussions despite having experienced members, as CEOs struggle to prioritize amid disruption.

Podcast

What Does It Take to Be an Outstanding CSO or CISO?

Outstanding security leaders often come from non-traditional backgrounds, with 40% of recent CSO-CISO Hall of Fame honorees starting in the private sector.

fromElectronic Frontier Foundation

Google and Amazon: Acknowledged Risks, And Ignored Responsibilities

Google and Amazon have failed to act on human rights risks associated with Project Nimbus despite multiple warnings and commitments.

Why the best employees often carry the heaviest burden

The capability curse leads to increased expectations and reliance on capable individuals, often resulting in a heavier burden for them over time.

I was laid off twice from the same company. The second time was a gut punch but taught me not to take cuts personally.

When the CEO held a virtual town hall in 2020 and said there needed to be layoffs, I knew I would be one of the first to go because I served zero purpose at that point.

Marketing

DevOps

fromInfoQ

Online Community Development

Event-Driven Patterns for Cloud-Native Banking: Lessons from What Works and What Hurts

Event-driven architecture introduces complexity and requires careful implementation, especially in regulated environments, to ensure reliability and system evolution.

Is Crowdsourcing Your Security Plan a Career Risk?

Crowdsourcing security plans can damage credibility if not approached intentionally.

Philosophy

Calling out corporate BS? There's a steaming pile to aim for

Corporate jargon impresses those least equipped for analytical thinking, confirming biases while also serving essential functions in specific contexts.

Bootstrapping

Clear Job Responsibilities Helps You Grow Faster - Here's How

Deliberate governance design is essential as companies grow to avoid confusion and inefficiency.

Google gives enterprises new controls to manage AI inference costs and reliability

Gemini API introduces Flex and Priority tiers for managing AI inference workloads based on criticality and cost.

In the age of AI anxiety, the 100 Best Companies to Work For are betting on their people | Fortune

Employee feedback is crucial for leadership effectiveness and companies must adapt to new priorities in the AI era.

Agile

What Every CEO Should Do When a Customer Claims Your Business Caused Harm

Businesses need a clear, repeatable playbook for handling serious complaints to prevent chaos and control outcomes during critical moments.

Your Team Doesn't Need a 'Work Family' - It Needs This System That Holds Up When It Counts

Teams struggle with clarity, not effort; accountability erodes when support blurs lines between family and business.

Healthcare

Why Liability Insurance No Longer Works the Way You Think - and What CEOs Must Do About It

Liability insurance has shifted to a shareholder-driven system, requiring leaders to manage claims proactively to avoid costly surprises.

#ai

McKinsey's new AI leadership playbook: flatten teams and move faster

AI can streamline organizational structures by flattening management layers and enhancing decision-making capabilities.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control

AI assistance in policy as code can introduce serious flaws, leading to incorrect access permissions despite syntactically valid policies.

McKinsey's new AI leadership playbook: flatten teams and move faster

AI can streamline organizational structures by flattening management layers and enhancing decision-making capabilities.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control

AI assistance in policy as code can introduce serious flaws, leading to incorrect access permissions despite syntactically valid policies.

How to Treat Your Successes Like Renewable Resources

Success can create pressure and lead to misaligned goals for entrepreneurs, making them feel obligated rather than fulfilled.

fromTechCrunch

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro detected an intrusion on March 28, prompting the company to take down some of its systems. Parts of Hasbro's website appeared down, with error messages indicating maintenance.

Privacy professionals

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

Toxic bosses don't just hurt people. They hurt the bottom line

Toxic bosses significantly harm organizational culture, employee well-being, and financial performance, making them a critical issue for leaders to address.

How Leaders Can Build a High-Agency Culture

Larry Culp became GE's first outsider CEO in 2018, inheriting a crisis with plummeting stock and excessive debt.

fromTNW | Insights

18 hours ago

KeeperDB brings zero-trust database access to privileged access management

Database credentials are a major attack vector, and KeeperDB integrates access controls into its PAM platform to enhance security.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

fromMedium

When Not to Use AI: Strategic Restraint as a Leadership Skill

Leaders must prioritize responsible AI adoption, focusing on strategic deployment rather than indiscriminate implementation to avoid pitfalls.

fromMedCity News

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

fromComputerworld

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

fromwww.housingwire.com

Reducing risk: Why logging, protection, and review matter

Application logs are critical cybersecurity safeguards that provide visibility into system behavior, enabling early detection of security threats and operational issues in real estate and mortgage lending organizations.

fromInfoQ

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.

3 weeks ago

Why UK businesses are taking physical security more seriously - London Business News | Londonlovesbusiness.com

UK businesses are shifting physical security from a background facilities concern to a central risk management priority as operational complexity and vulnerabilities increase.

One prediction isn't enough - Why CEOs are shifting to wartime planning | Fortune

Scenario planning is essential for CEOs to prepare for unpredictable events and ensure rapid response to multiple potential futures.

Business intelligence

Why UK business leaders turn to corporate intelligence to mitigate hidden risks - London Business News | Londonlovesbusiness.com

UK business leaders increasingly rely on corporate intelligence to navigate geopolitical risks, supply chain vulnerabilities, cybersecurity threats, and regulatory pressures that traditional governance tools cannot adequately address.

fromWIRED

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.

Marketing

fromInc

CEOs Who Stay Silent Are Losing Trust-and Business

Trust now depends on leaders openly sharing their thinking rather than polished corporate messaging, as AI-generated content has commoditized traditional branding approaches.

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

Blind trust in hardware vendors is always a bad idea

Attackers are increasingly targeting hardware and firmware vulnerabilities as traditional security tools focus primarily on software layers.

Law

fromBusiness Matters

How Unexpected Workplace Incidents Can Disrupt Business Continuity

Unexpected workplace incidents can quickly disrupt operations, creating legal liability, staffing strain, lost momentum, and eroded trust for small and mid-sized businesses.

The Rising Tide of Executive Protection: Corporations Ramp Up Security in an Era of Heightened Threats

Companies are increasingly investing in executive protection due to rising threats, making it a strategic necessity for business continuity and resilience.

Mercor, a $10 billion AI startup, confirms it was caught up in a major security incident | Fortune

Mercor confirmed a security breach linked to a supply chain attack that may have exposed sensitive data of its customers.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

more#supply-chain-attack

HPE sees the network as a security sensor: what does that mean?

HPE Networking views the network as a critical security sensor and enforcement point, especially after acquiring Juniper Networks.

#immigration-enforcement

US politics

Not Business as Usual

US politics

Not Business as Usual

US politics

Not Business as Usual

more#immigration-enforcement

US politics

Not Business as Usual

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

fromComputerWeekly.com

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl accelerated in 2025, with 29 million new hardcoded secrets identified, marking a 34% increase from the previous year.

fromZDNET

1 in 2 security leaders say they're not ready for AI attacks - 4 actions to take now

AI-powered cybercrime is a significant and growing threat to businesses, with many feeling unprotected.

As risk skyrockets, current and former CFOs are in demand for audit committees | Fortune

As audit committees confront a rapidly expanding risk landscape, their role in corporate governance is being reshaped. Boards have often turned to current and former CFOs as independent directors, particularly for audit committees, because of their ability to translate complex operational and financial realities into effective oversight.For example, this month, J. Michael Hansen, former EVP and CFO of Cintas Corporation, was appointed to the audit committee at Paychex.

Business

Where to Look for Ethical Risk Inside a Company

Unchecked integrity gaps—overlooked conflicts of interest, offensive behavior, or aggressive sales practices—can escalate into severe reputational and financial harm.

3 weeks ago

What Boards Must Demand in the Age of AI-Automated Exploitation

AI-powered exploitation has eliminated the time constraints that previously made large vulnerability backlogs survivable, forcing organizations to immediately address security gaps or face rapid compromise.

The Benefits-and Challenges-of an Insider CEO

Promoting seasoned insiders to CEO typically yields stronger leadership due to superior understanding of the organization's culture, strategy, and stakeholders.

Four Risks Boards Cannot Treat as Background Noise

Rather than stolen data making headlines, it was business stoppage that triggered attention. Moving into 2026, the board's focus should be on ensuring business continuity and building resilience in the face of emerging risks generated by AI usage and attack vectors, quantum computing and geopolitics.

Information security

Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It

Triage failures occur when decisions are made without execution evidence, causing false positives, missed threats, and higher costs; interactive sandboxes enable evidence-backed verdicts within seconds.

From vulnerability whack-a-mole to strategic risk operations

Shift security from counting vulnerabilities to strategic risk operations that prioritize exposure, value at risk, and measurable business outcomes.