What is ESG and Why Does it Matter?
ESG measures how a company integrates Environmental, Social, and Governance practices into their business and it is changing the approach investors use when viewing their portfolios. Investors are not only focusing on financial return but also considering the societal impact of a company. Companies that …
Automate & Educate at Scale
The increasing exposure of software supply chain vulnerabilities through cyberattacks has brought renewed focus on third-party risk management programs, as well as the tools used to oversee them. …
5 Steps to Effective Vendor Risk Management
The term ‘Vendor risk” covers all aspects of threats to your organisation and your customers posed by an outsourced relationship with a vendor and the products or services they provide. …
Why being compliant isn’t the same as being secure
In the world of cybersecurity, two terms that are often used interchangeably are “security” and “compliance.” However, they are not the same thing. As cyber threats increasingly become a business-critical issue for all organisations, it is time for organisations to step up from simply being …
Why Diversity and Inclusion Matter at C2
Diversity, Equity, and Inclusion Q&A with Jonathan Wood, CEO C2 Risk. According to People Management, diverse teams are 87% better at making decisions and further statistics found that those diverse teams deliver 60% better results. This highlights that inclusive decision making can bring about faster …
How much do you really know about your extended enterprise?
Information risk is something that businesses everywhere are having to face, and with risk comes responsibility. All organisations now generate, process and store vast amounts of information to maximise the returns from their investments. But, who is responsible for defining an acceptable level of risk …
Cyber Security, is it a core part of your ESG?
With the costs of a data breach rising by 10% between 2020-2021, the global average cost to a business now sits at a huge £3.93 million. With these figures focussing board attention and the news of data breaches hitting the media every day, it’s no …
Comparing CIS 20 & ISO 27001
The CIS20 (Critical Security Controls) framework and ISO 27001 2(013 and now 2022)are both standards that provide guidelines and best practices for information security management. However, there are some key differences between the two. …
We’ll be at #RISK!
#RISK Expo is just around the corner and it’s safe to say, I’m pretty buzzed to be going! Events such as #RISK provide important insight into the ever-growing world of risk, how it’s all interconnected, and how it shapes the environments we live in today. …
Understanding Regulation of Critical Third Parties
All companies in Financial Services are subject to Financial Conduct Authority (FCA) regulations and Prudential Regulation Authority (PRA) regulations, on assessment of third-party risk. …