Insights

What Happens to Your Data After You Hit Send?

It takes about a second. An analyst pastes a contract into a chat box and requests a summary. A recruiter drops a stack of résumés into a tool to rank them. A finance manager uploads a draft board deck and asks for a tighter narrative. The cursor blinks, the answer appears, and everyone moves on. Nothing felt risky. Nothing broke. Yet in that one second, something important happened that almost no one in the building noticed. Information left the organization and went somewhere it had never been.

Book Review: When Governance Outpaces Capability

There is a peculiar imbalance taking shape inside many organizations. Over the past two years, companies have assembled AI governance committees, drafted acceptable-use policies, updated risk registers, and launched internal working groups dedicated to understanding the implications of artificial intelligence. Compliance teams have studied emerging regulations. Privacy officers have debated data-sharing restrictions. Boards have asked increasingly pointed questions about oversight, accountability, and risk.

Deepfakes Unmasked: Building Resilience in the Synthetic Media Era

Synthetic media, popularly known as deepfakes, has evolved from an internet curiosity into a material operational and security risk. Generative AI now enables adversaries to fabricate videos, voices, and imagery that mimic reality with alarming precision. The implications extend beyond misinformation: deepfakes can erode trust, distort markets, and destabilize democratic institutions.

AI & Information Integrity Emerge as Top Enterprise Risks

In this article, Norman Marks examines the findings from Gartner’s latest emerging risk survey, arguing that the growing prominence of AI-related concerns signals a meaningful shift in how enterprise leaders are thinking about operational risk, decision-making, and organizational preparedness.

Swiss GRC Day 2026 Showed a Profession Reconsidering Its Own Assumptions

A ship arrives at port during the plague years. The crew does not disembark. Nobody unloads cargo. Nobody asks for a heat map. They wait forty days. That, as Swiss GRC Day moderator Nikolai Tsenov reminded attendees in Zurich, was one of humanity’s earliest systematic attempts at risk management—quarantine.

Risk & Internal Audit Need to Focus on What Matters Most

A recent post I shared on LinkedIn on the future direction of risk management and internal audit generated a lot of discussion. Not because the ideas were particularly radical, but because many risk and internal audit professionals recognize the profession is reaching an inflection point.

Swiss GRC Day 2026 Puts Heat Maps, Quantification, & Governance Culture Under the Microscope

A debate over heat maps was always going to draw attention at SWISS GRC DAY 2026. Not because anyone in governance genuinely loves them anymore, but because they still sit everywhere, from inside board decks, quarterly reports, audit presentations, and risk committee updates long after many organizations quietly stopped trusting them.