Leadership Solutions

Strategic News

Why Non-Financial Metrics are Important for Supplier Risk Analysis

It is easy to zero in on profits, accounting returns, etc. But neglecting non-tangible assets, such as quality, innovation, or customer service risks, will lead to missing relevant early warning signals.
Manufacturers Alliance for Productivity and Innovation

Cyber-attacks, weak government, and energy shocks pose biggest risks to firms, WEF finds

The World Economic Forum (WEF) spoke to more than 12,000 executives around the world about what they considered to be the biggest risks to doing businesses, ranging across political, societal and technological concerns.

Business travel risks analysed

According to the Ipsos MORI Business Resilience Trends Watch 2019 survey, carried out in partnership with International SOS, 43 per cent of key business decision-makers believe that travel risks will increase in 2019.
International Travel and Health Insurance Journal

'Self-Defense' Bill Would Allow Victims to Hack Back

The Active Cyber Defense Certainty (ACDC) Act would amend the Computer Fraud and Abuse Act, which bans unauthorized access of computers. The idea of treating a computer virus victim like the recipient of a face-punch, however, has received mixed reviews from experts.
US News and World Report

FBI: U.S. now has one active shooter incident every three weeks

Active shooter incidents are becoming more common, according to an FBI report released Wednesday... The majority of the incidents in the report -- 60 percent -- were over before police could arrive on the scene.
The Washington Post

Startups Are More Vulnerable to Fraud. Here’s Why.

Academic study shows that potential partners and employees may be more likely to deceive startups than established companies.
Harvard Business Review

Social Media Has Doubled the Cost of Reputational Blows

In the aftermath of a reputational crisis, most companies suffer a noticeable drop in stock value. A new study offers evidence that company response has a direct bearing on whether that initial dip has a lasting impact on shareholder value.
Risk & Insurance

Most Companies Suffer Reputation Damage After Security Incidents

New Kroll Annual Global Fraud & Risk Report says 86% of companies worldwide experienced security incidents and information theft and loss in the past twelve months.
Dark Reading

How RAND Is Responding to Truth Decay: Q&A with Michael Rich and Jennifer Kavanagh

RAND President and CEO Michael Rich has been talking about what he sees as an erosion of respect for facts and evidence in political life—a phenomenon he calls “Truth Decay.” He asked RAND political scientist Jennifer Kavanagh to help analyze the issue and lay out a research agenda to better understand Truth Decay's causes and consequences.
RAND Corporation

Failure of a top cloud service provider could cost US economy $15 billion

A new report by Lloyd’s, the specialist insurance and reinsurance market, and risk modeler AIR Worldwide analyzes the financial impact of the failure of a leading cloud provider in the US. The report finds that an extreme cyber incident that takes a top cloud provider offline in the US for 3 to 6 days would result in economic losses of $15bn and up to $3bn in insured losses.

To Prevent a Digital Dark Age: World Economic Forum Launches Global Centre for Cybersecurity

The World Economic Forum has announced a new Global Centre for Cybersecurity to help build a safe and secure global cyberspace. The centre will be based in Geneva, Switzerland, and will function as an autonomous organization under the auspices of the World Economic Forum. The aim of the centre is to establish the first global platform for governments, businesses, experts and law enforcement agencies to collaborate on cybersecurity challenges.
World Economic Forum

Innovation Should Be a Top Priority for Boards. So Why Isn’t It?

According to a survey of over 5,000 board members from around the world, overall, innovation does not rank as a top strategic challenge for the majority of boards. Although directors in certain industries are more aware of the threat of disruption, the widespread lack of board-level engagement in innovation processes could be a major blind spot and a potential liability.
Harvard Business Review

Quantifying and publicizing a firm's security levels may strengthen security over time

New research from the UBC Sauder School of Business has quantified the security levels of more than 1,200 Pan-Asian companies in order to determine whether increased awareness of one’s security levels leads to improved defense levels against cybercrime.
UBC Sauder School of Business

How a Cyber Attack Could Cause the Next Financial Crisis

How might a financial crisis triggered by a cyber attack unfold? A likely scenario would be an attack by a rogue nation or terrorist group on financial institutions or major infrastructure.
Harvard Business Review

New SAFETY Act Best Practices Guide to Commercial Building Security Now Available

A new web-based tool can help security professionals for commercial office buildings perform assessments based on the Best Practices for Anti-Terrorism Security (BPATS) for commercial office buildings.
Department of Homeland Security

“Corporate security professionals can give employers a real competitive advantage”: Abbott security director Joule Sullivan

In an increasingly complex and dangerous world, how can the modern corporate security professional not only minimise risks to people and assets, but also bring commercial value to their employer? Joule Sullivan, director of international security operations at global healthcare giant Abbott, has a number of suggestions.
IFSEC Global

Confidence in Shipping Risk Management Drops

Confidence in the ability of sound risk management to contribute to commercial success in the shipping industry has fallen in the last 12 months an average 5.9 out of a possible score of 10.0, according to the latest annual Shipping Risk Survey from accountant and shipping adviser Moore Stephens.
Maritime Executive

OCC won’t offer further guidance on ‘fourth-party’ risk

Onus is on banks to vet subcontractors during contract negotiations, regulator says

New Research Confirms that IT and Physical Security Are Moving to Integrate

More and more, the management of physical access control solutions is coming under the control of information technology (IT) or information security.
Total Security Daily Advisor

DHS Creating New Cyber Threat ‘Risk Radar’ For Agency Leaders

The Department of Homeland Security is working with multiple Federal agencies to develop a new “risk radar” that will help agencies’ top executives contextualize cybersecurity risk and clarify where they need to apply focus and resources.

Microsoft: U.S. political system facing 'broadening cyberthreats' from Russia

Last week, Microsoft received a federal court's permission to take down malicious websites that mimicked the login pages of the Senate, Microsoft's own Office 365 email platform and two conservative think tanks, the International Republican Institute and the Hudson Institute.

65% of Procurement Professionals Say Regulations Increase Business Risk

A survey of 600 professionals in the U.S. and U.K. conducted by Dun & Bradstreet also finds that "88% of the 341 respondents who experienced fraud in the past two years said fraud has had an impact on their company’s brand." Follow the link in the article for the full report.
Supply Chain Dive

Social Media and Fraud Part 1: The CISO's Advice

Social media platforms have emerged as the world's most popular forms of communication. They also have become popular platforms for committing fraud. David Pollino, CISO of Bank of the West outlines what institutions should do to secure their social media presence.

IBM's HR Chief Shares Best Advice On The Future Of Work

Diane Gherson discusses teambuilding, motivation, and the impact of technology on the global workforce.

Congress passes data security bill for small businesses

The US Senate has passed its version of the NIST Small Business Cybersecurity Act. The bipartisan measure promises smaller companies a consistent, relevant and universal set of NIST-based guidance and resources for protecting their data against online threats.

America Needs a Blockchain Strategy ASAP

The technology behind cryptocurrency can keep the United States safe—but only if the country takes advantage of its head start.
Foreign Policy

74 Arrests in Business Email Compromise Takedown

A six-month coordinated global law enforcement effort to crack down on business email compromise schemes has resulted in 74 arrests, the DOJ announced.
Data Breach Today

Atlanta expects ransomware infection that sought $50K will cost the city millions more: Report

Atlanta anticipates spending another $9.5 million to recover from the ransomware virus that infected city computers in late March and disrupted government services for several weeks, a top local official said.
The Washington Times

School Security Plan Should Look for Threatening Behaviors, Experts Say

Public spaces — including Boston Public Schools — are increasing security in response to mass shootings, but school safety experts say that’s only a small piece of the puzzle.
Boston Herald

Trump’s School Safety Commission Won’t Look at Guns, Betsy DeVos Says

During her testimony Tuesday before the Senate subcommittee that oversees education spending, Education Secretary Betsy DeVos said that the federal commission on school safety established after the Parkland, Fla., school shooting will not focus on the role guns play in school violence.
New York Times

Gaining Confidence in Showing Value

Four proven elements to help security leaders maintain a strong business focus.
SEC Faculty Advisor

COSO offers enterprise risk management certificate

The Committee of Sponsoring Organizations of the Treadway Commission, also known as COSO, has introduced a COSO Enterprise Risk Management Certificate program for professionals who want to demonstrate their expertise in the COSO ERM Framework.
Accounting Today

Why the Security of Your Vendor’s Entire Enterprise Matters

Be cautious of vendors who contend that their enterprise security program is none of your concern. That very argument demonstrates a lack of understanding of the cyber-threat landscape.
Dark Reading

Alexa Mishap Hints at Potential Enterprise Security Risk

Some significant security concerns comes with the possibility of a headlong rush into voice assistants in the workplace.
Dark Reading

Third of business decision makers would pay hacker’s ransom demands rather than invest in more security, NTT Security Risk:Value report reveals

The findings from the 2018 Risk:Value Report, commissioned by NTT Security, the specialised security company of NTT Group, show that another 30 per cent in the UK are not sure if they would pay or not, suggesting that only around half are prepared to invest in security to proactively protect the business.
Response Source

Fixating On Vulnerabilities Is A Vulnerability

Security teams struggle to prioritize and understand the business risks associated with vulnerabilities, sometimes at the expense of other security efforts.