Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.
The guardrails we built use state-of-the-art technology and screening lists, but no screening system is perfect, and motivated bad actors consistently try to find a way.
Research finds that relying on regulations to determine your policies and procedures can result in ethical blindspots, or situations where people might think if there is not a rule for something, that it's permissible. After years of shifting towards values and culture-based compliance, leadership might be heading the opposite direction.
For patents to be born strong, and the public to have confidence that they are, we must ensure strict adherence to USPTO's ethical standards and avoid (real or apparent) conflicts of interest.
As audit committees confront a rapidly expanding risk landscape, their role in corporate governance is being reshaped. Boards have often turned to current and former CFOs as independent directors, particularly for audit committees, because of their ability to translate complex operational and financial realities into effective oversight.For example, this month, J. Michael Hansen, former EVP and CFO of Cintas Corporation, was appointed to the audit committee at Paychex.
Rather than stolen data making headlines, it was business stoppage that triggered attention. Moving into 2026, the board's focus should be on ensuring business continuity and building resilience in the face of emerging risks generated by AI usage and attack vectors, quantum computing and geopolitics.
If your partner in Munich mishandles customer data, or your reseller in Paris uses a "black box" AI tool to generate deceptive ads, it isn't just their reputation on the line. It's yours. With the EU AI Act now in full swing and GDPR entering its "mature enforcement" era, the distance between a partner's mistake and your company's $20 million fine has never been shorter.
The AI gold rush has put new pressure on governments and other public agencies. As enterprises look to gain a competitive advantage from emerging technologies, governing bodies are eager to implement rules and regulations that protect individuals and their data. The most high-profile AI legislation is the EU's AI Act. However, global law firm Bird & Bird has developed an AI Horizon Tracker that analyzes 22 jurisdictions and presents a broad spectrum of regional approaches.
This will also greatly increase the need for AI audit trails: detailed records of what data AI used, what steps it took, what suggestions or decisions it influenced, and who ultimately confirmed the choices. These trails will become crucial for compliance, ethical accountability, and ensuring business integrity. According to Pugh, there will be a clear trend toward transparent AI workflows, and companies will increasingly see that an error in a prediction can be traced back to a specific step in the AI workflow.
Businesses are acting fast to adopt agentic AI- artificial intelligence systems that work without human guidance-but have been much slower to put governance in place to oversee them, a new survey shows. That mismatch is a major source of risk in AI adoption. In my view, it's also a business opportunity. I'm a professor of management information systems at Drexel University's LeBow College of Business,
AI chatbots have been with us three years and one month (at least the kind that use large language models (LLMs) to communicate with natural-sounding words). Already norms are emerging in some professions for users to disclose how they use AI. For example: Organizations such as the International Committee of Medical Journal Editors created policies for disclosing AI use in scientific manuscripts.
I belong to six professional organizations. Or maybe it's 13, 19, 26, or 47. I can't be sure. The ones where I pay dues or volunteer I know well: ASIS International, the Life Safety Alliance, Chartered Security Professionals, and a couple of others. Then come the niche and industry-specific associations like the International Council of Shopping Centers, public-private partnerships such as OSAC and Infragard, and the countless ASIS Communities.
Building security into the framework of an organization prevents security from being seen as a barrier to daily activities. If an employee feels as if a security measure is inhibiting them from completing their daily tasks, they're far more likely to find a way around that measure. This can range from propping open a door to using the same easy-to-remember password for every account.
To all employees, this company takes data protection very seriously. It has a material impact on our operations. The CIO and IT Director are in charge of those policies. If one of them comes to your business unit and gives you an instruction, take it as seriously as you would instructions from any other C-level, including myself. As of this date, know this: If you disregard or otherwise violate any IT instruction, you better pray that they are wrong.
