Insights

Over the years, the term Integrated Risk Management (IRM) has increasingly become a focal point in discussions around governance, risk management, and compliance (GRC). While IRM gained limited traction in some circles, it’s important to remember that the concept of GRC is deeply rooted in a decades-long evolution, beginning with early work in risk management, compliance, and IT security. To understand where IRM fits, it's crucial to first understand how GRC came to be and why it continues to play a central role in managing risk and uncertainty to organizational objectives while ensuring integrity in organizations today.

In the vast and sprawling digital landscape, where our lives are lived in bits and bytes, we often forget how much of our personal data is at risk, until something shatters that illusion of safety. In the early months of 2025, that illusion was pierced when a massive data breach at X (formerly Twitter) exposed over 200 million user records. Names, email addresses, screennames, user IDs, and profile images, fragments of millions of lives, were laid bare for anyone to see.

Europe has been quietly re-engineering the rules of resilience. A few years ago, the Critical Entities Resilience Directive (CER) officially entered into force, marking a watershed moment for how the EU approaches the safeguarding of essential services across borders and sectors.

The UK government’s plan to modernize its cyber defenses isn’t just another legislative checkbox. It’s a pointed response to a threat that’s evolving faster than policy typically can. With ransomware attacks delaying over 11,000 NHS appointments last year and state-sponsored actors regularly probing UK infrastructure, the forthcoming Cyber Security and Resilience Bill is just trying to catch up.

Picture this, it’s 2024, and the EU has just dropped a new bombshell in the world of cybersecurity. It’s called the NIS2 Directive, and while its name might not scream "party," it’s definitely something organizations need to pay attention to. For all the tech nerds and cybersecurity folks out there, this is more than just a new set of rules—it's a whole new way of doing business when it comes to securing networks, reporting incidents, and managing risk. But don’t worry, this article isn’t going to sound like it was written by a robot (unless, of course, that robot had an excellent sense of humor and personality). We’re diving into what NIS2 means, how it impacts AI, and what exactly you should be doing to stay ahead of the game. And spoilers, AI is going to be your best friend in this one.

In this article, Norman Marks inspects the concept of "risk appetite," challenging its validity and questioning its role in decision-making. Drawing from personal experiences and real-world examples, Marks argues that the traditional approach to defining and managing risk is overly simplistic and fails to capture the complexity of real-world risk. He critiques the common practice of quantifying risk as a single number and suggests that a more dynamic, objective-driven approach is needed. Rather than focusing on a static "risk appetite," Marks proposes that organizations should consider the likelihood of achieving their objectives, using risk as a factor in the decision-making process.

In the increasingly interconnected world of modern business, organizations rely more than ever on third-party relationships. While these partnerships offer significant opportunities for growth and innovation, they also expose businesses to a range of risks that can threaten resilience and success. As geopolitical tensions and economic uncertainties continue to rise, it is essential for companies to reassess and strengthen their third-party governance, risk management, and compliance strategies. This article expands on the insights from my previous piece, Navigating the Storm: Strengthening Third-Party Governance and Risk Management in Your Extended Enterprise, offering a deeper look into how businesses can build robust, proactive frameworks to navigate these challenges and ensure sustained success across their extended enterprise.