Blog
-
Beyond the Checklist: What Cybersecurity Can Learn from Occupational Safety
Cybersecurity has become obsessed with proving compliance rather than understanding risk. The Law of the Instrument reminds us that when all you have is a hammer, everything looks like a nail and our hammer has become the checklist. Until we move from box-ticking to real risk thinking, we’ll keep mistaking activity for assurance.
-
The Problem with Oversimplified Cybersecurity Advice
Simplification matters. It allows us to reach a wider audience. But if we’re not careful, we run the risk of misleading the people we’re hoping to help.
-
What MITRE’s Funding Scare Can Teach Us About Systemic Risk
It is in our collective interest to think a bit more clearly about institutional issues such as the dangers of governance and funding failures and the MITRE funding scare gives us an ideal opportunity to do just that.
-
It’s not “positive risk”: Why the concept is undermining effective risk management
To effectively contribute to decision making, risk managers need to abandon the misguided term “positive risk” which conflates the related but distinct concepts of risk and opportunity.
-
The Risk Paradox: Individual ‘Fight or Flight’ vs Collective Corporate Culture
Without a clear, shared approach to risk, companies face confusion and missed opportunities. Building a consistent risk culture that balances individual behaviors with collective goals is critical to navigating today’s complex business environment and avoiding costly mistakes.