Podcasts about cyber risk

Gina Yacone — Virtual CISO at Trace3 and Roller Derby Penalty Box VisitorLive from B-Sides Jacksonville, No Password Required welcomes Gina Yacone, Virtual CISO at Trace3. Jack Clabby of Carlton Fields, P.A. and Sarina Gandy, host and producer of the CyberBay Podcast, host a conversation on Gina's unconventional career path, leadership under pressure, and the power of community in cybersecurity. With career stops in private investigation, digital forensics, and executive security, Gina brings a people-first, purpose-driven perspective to complex cyber risk.Gina shares how her early work as a private investigator on high-profile criminal defense cases laid the foundation for her success in cybersecurity. She also reflects on raising her hand for big challenges, the rewards and risks of always saying yes, and how authenticity has guided her. She offers insight on why conference hallway conversations can be just as impactful as keynote sessions.A visible advocate for the cybersecurity community, Gina speaks openly about setting healthy mentorship boundaries and building resilient professional networks.The episode wraps with the Lifestyle Polygraph, where Gina lightens the mood with stories from her roller derby days, dream Amazing Race partners, and why John Wick might just be the ultimate executive assistant.Follow Gina on LinkedIn: https://www.linkedin.com/in/ginayacone/ Chapters:00:00 Introduction to Cybersecurity and B-Sides Jacksonville01:16 Gina Yacone's Unique Journey to Cybersecurity06:22 Navigating Burnout in Cybersecurity08:06 The Importance of Raising Your Hand10:04 Adapting Leadership Styles in Different Roles 14:03 Being a Role Model for Women in Cybersecurity16:34 How to Establish a Good Mentee and Mentor Relationship18:50 Feedback and Constructive Criticism22:55  The Value of Hallway Conversations26:19 The Lifestyle Polygraph: Fun and Insights38:54 Conclusion and Future Connections

Cybersecurity is essential for every practice that relies on technology. In this episode, guest Kaitlin Upchurch, Senior Vice President and Cyber & Tech Practice Leader at Lockton, addresses the cybersecurity questions practices are—and are not—thinking about. She explains why cybersecurity risks are often misunderstood, what makes health care a prime target, and why insurance alone is not enough. Tune in to understand your cyber exposure, the biggest threats facing practices today, and the first steps to strengthen your protection beyond buying a policy.  Chapters00:00 Intro00:47 Banter04:25 Guest background10:20 Tell us about Lockton.13:40 Do medical practices need cybersecurity?18:40 What are cybersecurity misconceptions?20:48 What are some cybersecurity threats?25:00 How can medical practices avoid cybersecurity issues?26:37 Access+27:16 Legal Takeaways28:45 OutroWatch full episodes of our podcast on our YouTube channel: https://www.youtube.com/@byrdadatto  Stay connected for the latest business and health care legal updates:WebsiteFacebookInstagramLinkedIn

In Episode 166 of Cybersecurity Where You Are, Sean Atkinson sits down with Tyler Moore, Ph.D., Chair of Cyber Studies at the University of Tulsa, and Daniel Woods, Lecturer at the University of Edinburgh. Together, they review the foundations of actuarial science in cyber risk.Here are some highlights from our episode:00:48. Introductions to Tyler and Daniel01:22. How actuarial science fits into a traditional approach of risk modeling02:20. Why cyber risk has historically been difficult to quantify04:01. How data sources available to insurers and individual organizations have evolved07:21. Adaptability as a key principle to model risk for an evolving cyber threat landscape08:58. Loss distribution modeling for different types of cyber threats11:38. Similarities and differences between how actuaries and frameworks view risks13:10. Quantifying severity, frequency, and resilience to different cyber risks14:31. How insurers differ from underwriters in their view of risk17:43. Ransomware as a case study where actuarial modeling improved risk management22:30. The value of translating cyber risk to business risk for CISOs like Sean26:20. Why data on which security controls matter most remains elusive32:33. The biggest misconceptions of using actuarial models in cybersecurity36:09. How cyber actuarial science can help to determine what works in cybersecurityResourcesEpisode 121: The Economics of Cybersecurity Decision-MakingEpisode 105: Context in Cyber Risk QuantificationEpisode 77: Data's Value to Decision-Making in CybersecurityHow Risk Quantification Tests Your Reasonable Cyber DefenseEpisode 113: Cyber Risk Prioritization as Ransomware DefenseEpisode 65: Making Cyber Risk Analysis Practical with QRAFAIR: A Framework for Revolutionizing Your Risk AnalysisIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In this episode of Security Matters, host David Puner welcomes back David Higgins, senior director in CyberArk's Field Technology Office, for a timely conversation about the evolving cyber threat landscape. Higgins explains why today's attackers aren't breaking in—they're logging in—using stolen credentials, AI-powered social engineering, and deepfakes to bypass traditional defenses and exploit trust.The discussion explores how the rise of AI is eroding critical thinking, making it easier for even seasoned professionals to fall for convincing scams. Higgins and Puner break down the dangers of instant answers, the importance of “never trust, always verify,” and why zero standing privilege is essential for defending against insider threats. They also tackle the risks of shadow AI, the growing challenge of misinformation, and how organizations can build a culture of vigilance without creating a climate of mistrust.Whether you're a security leader, IT professional, or just curious about the future of digital trust, this episode delivers actionable insights on identity security, cyber hygiene, and the basics that matter more than ever in 2026 and beyond.

Reinventing Physical Security in a Cyber-Driven World | DailyCyber 282 with Oscar Hedaya ~ Watch Now ~In this episode of DailyCyber, I sit down with Oscar Hedaya, founder and inventor of The Space Safe, the world's first next-generation connected safe designed to bridge the gap between physical security and modern cyber threats.For decades, safes have barely changed. Oscar set out to fix that — by designing a safe that incorporates WiFi, cameras, sensors, real-time event visibility, and a mobile app to bring physical protection into the connected era.But with innovation comes new questions: does adding connectivity make a safe less secure?Do people still need safes in a world that uses less cash?And how do you build trust in a product designed to protect what matters most?This episode is ideal for cybersecurity leaders, product designers, IoT professionals, and anyone interested in the convergence of hardware and cyber risk. 

On this episode, Silent Sector breaks down what cybersecurity really looks like beyond the buzzwords. We dive into CTEM and why continuous exposure management beats the outdated once-a-year pen test. You'll hear how adversarial simulation, social engineering, and threat modeling work together to reveal real-world risk—not just compliance checkboxes. If you've ever felt overloaded by industry acronyms or wondered how organizations can actually stay ahead of evolving threats, this conversation brings clarity, strategy, and straight-talk insights from the front lines of cyber defense.Pick up your copy of Cyber Rants on Amazon.Looking to take your Cyber Security to the next level? Visit us at www.silentsector.com. Be sure to rate the podcast, leave us a review, and subscribe!

All links and images can be found on CISO Series. Check out this post by Nick Nolen of Redpoint Cyber for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Erika Dean, former CSO, Robinhood. In this episode: Delegation requires accountability The reality of daily decision-making The gap between theory and practice Beyond the advisory role Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO

As physical and digital threats collide, converged security models that unite physical and cyber protections under one strategy are becoming more essential. John Scimone, Chief Security Officer for Dell Technologies, offers guidance for CISOs looking to bridge physical and cyber security into one cohesive strategy.

Patrick Foy, senior director, strategic planning, TransUnion's insurance business, discusses how evolving customer expectations and digital demands are reshaping commercial insurance heading into 2026.

CISA's threat data helps companies and insurers sharpen their cyber-risk strategies by sharing real-time insights on attack patterns, emerging threats, and proactive defense tactics. Watch this sneak peek … Read More » The post How CISA Data Is Shaping Smarter Cyber Risk Decisions appeared first on Insurance Journal TV.

CISA's threat data helps companies and insurers sharpen their cyber-risk strategies by sharing real-time insights on attack patterns, emerging threats, and proactive defense tactics. Watch this sneak peek … Read More » The post How CISA Data Is Shaping Smarter Cyber Risk Decisions appeared first on Insurance Journal TV.

CISA's threat data helps companies and insurers sharpen their cyber-risk strategies by sharing real-time insights on attack patterns, emerging threats, and proactive defense tactics. Watch this sneak peek … Read More » The post How CISA Data Is Shaping Smarter Cyber Risk Decisions appeared first on Insurance Journal TV.

In this episode of Darnley's Cyber Café, we dive into the real story behind CrowdStrike's recent insider scandal, and what it teaches us about the hidden dangers brewing inside modern companies. We break down how a “bad apple” employee allegedly leaked internal information to a notorious hacking collective, why insider threats are so hard to detect, and how businesses can spot warning signs before damage is done.If you've ever wondered how hackers exploit trust, how companies uncover hidden risks, or how one employee can change everything, pull up a chair. This episode might make you look at your workplace… and your latte… a little differently.Tune in to find out what's really simmering beneath the surface.Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

Cybersicherheit ist längst keine reine IT-Frage mehr – sie ist Chefsache! In dieser spannenden Folge spreche ich mit Prof. Thomas R. Köhler, einem der führenden Experten für Digitalisierung, Cyber Risk und Zukunftstechnologien. Der Unternehmer, Professor und Autor des Buches „Chefsache Cybersicherheit“ erklärt, warum digitale Sicherheit zur zentralen Führungsaufgabe geworden ist und wie Verantwortung auf Managementebene konkret gelebt werden kann. Besonders eindrucksvoll: Thomas Köhler gewährt Einblicke in die Methoden moderner Hacker und zeigt, wie künstliche Intelligenz Cyberangriffe auf ein neues Level hebt. Ein Gespräch über Risiko, Führungskultur und digitale Verantwortung – voller praktischer Impulse für alle, die ihre Organisation sicher und zukunftsfähig aufstellen wollen.

From politically motivated attacks to basic configuration errors, purpose-driven orgs are now on the front lines of cyber risk. In this episode, Steve Sharer and Garrett Miller walk through five areas where B Corps are more vulnerable than they realize — and the practical steps that strengthen each one. They explain why these gaps matter and how to close them with straightforward practices that don't overwhelm small teams.View the show notes: https://go.lifteconomy.com/blog/5-cyber-risks-for-b-corps-and-how-you-can-fix-them-w/-steve-sharer-garrett-millerUnlock your free B Corp Values Assessment—plus tips and insights to help your business grow. https://go.lifteconomy.com/b-corp-newsletter

Am 17. Januar 2025 ist der „Digital Operational Resilience Act“, kurz DORA, in Kraft getreten. Seitdem stehen Finanzinstitute und IT-Dienstleister vor der Herausforderung, ihre digitale Widerstandsfähigkeit nicht nur auszubauen, sondern auch nachweisbar zu machen. • Was sind derzeit noch die größten Baustellen in der Umsetzung der Anforderungen aus DORA? • Welche Themenfelder stehen bei der ersten Prüfung durch Jahresabschlussprüfer, aber auch Regulatoren aktuell besonders im Fokus? • Und welche Lehren lassen sich für die Institute insgesamt ziehen? Auf diese Fragen geben Jan Krone, Berater im zeb, und Dr. Saskia Hohe eine Antwort. Saskia ist Partnerin bei zeb und hat bereits zahlreiche Prüfungen begleitet, sowohl von Prüfer- als auch von Mandantenseite. Das heißt, sie bringt spannende Einblicke aus der Praxis und erste Erfahrungen direkt von der „Prüfungsfront“ mit.

In this episode, James Maude sits down with Chris Neuwirth, VP of Cyber Risk at Networks Group, whose path into cybersecurity might be the most unconventional you'll ever hear—from delivering babies as a teenage EMT to penetration testing critical infrastructure today. Chris's journey includes serving as an LAPD officer at Venice Beach, responding to 9/11 at the Pentagon, managing IT during Hurricane Sandy, and running operations as assistant commissioner at New Jersey's Department of Health during COVID-19. Along the way, he's been hacking everything he could get his hands on—from war driving through Manhattan in the early 2000s to conducting sophisticated penetration tests at hospitals and airports today. Chris discusses the importance of organizations being prepared and shares the uncomfortable truth: sometimes the easiest way past your defenses is just showing up and plugging in.

CYBERISKIQ from the CARE-Report: Quantifying Small Business Cyber Risk with Ralph Pasquariello and Craig Sekowski (North Fulton Business Radio, Episode 914) On this episode of North Fulton Business Radio, host John Ray welcomes cyber risk specialists Ralph Pasquariello and Craig Sekowski of the CARE-Report. Ralph and Craig explain why small and mid-sized businesses are far […]

CYBERISKIQ from the CARE-Report: Quantifying Small Business Cyber Risk with Ralph Pasquariello and Craig Sekowski (North Fulton Business Radio, Episode 914) On this episode of North Fulton Business Radio, host John Ray welcomes cyber risk specialists Ralph Pasquariello and Craig Sekowski of the CARE-Report. Ralph and Craig explain why small and mid-sized businesses are far […]

Aon's Brent Rieth discusses the ripple effects of the Cyber Information Security Act (CISA) not being renewed, warning that insurers now face a major data gap in assessing … Read More » The post EP. 109: The Future of Cyber Risk Without CISA: How Insurers and Businesses Can Adapt appeared first on Insurance Journal TV.

Aon's Brent Rieth discusses the ripple effects of the Cyber Information Security Act (CISA) not being renewed, warning that insurers now face a major data gap in assessing … Read More » The post EP. 109: The Future of Cyber Risk Without CISA: How Insurers and Businesses Can Adapt appeared first on Insurance Journal TV.

Aon's Brent Rieth discusses the ripple effects of the Cyber Information Security Act (CISA) not being renewed, warning that insurers now face a major data gap in assessing … Read More » The post EP. 109: The Future of Cyber Risk Without CISA: How Insurers and Businesses Can Adapt appeared first on Insurance Journal TV.

Welcome to the CanadianSME Small Business Podcast, hosted by Maheen Bari. In this episode, we explore how Artificial Intelligence is transforming cybersecurity for small businesses, providing proactive defense and peace of mind in an era of growing digital threats.Joining us is Brian Stoner, SVP of Growth at Judy Security, an industry veteran with over 20 years of experience in global cybersecurity. Brian shares how Judy's AI-powered virtual cybersecurity assistant is redefining protection for SMEs—offering intelligent monitoring, rapid threat response, and affordable enterprise-grade security.Key Highlights:1. The New Threat Landscape: How shadow IT and unapproved AI tools create unseen vulnerabilities for SMEs.2. AI-Powered Protection: How Judy's 24/7 Threat Management and affordable tools secure businesses without full-time IT teams.3. Data Sovereignty: Why knowing where your data lives is vital for compliance, trust, and growth.4. Virtual Cyber Assistant: How Judy uses AI training to strengthen human awareness and real-time protection.5. Future of Cybersecurity: How MSP partnerships will shape the next chapter of small business defense in Canada.Special Thanks to Our Partners:RBC: https://www.rbcroyalbank.com/dms/business/accounts/beyond-banking/index.htmlUPS: https://solutions.ups.com/ca-beunstoppable.html?WT.mc_id=BUSMEWAGoogle: https://www.google.ca/A1 Global College: https://a1globalcollege.ca/ADP Canada: https://www.adp.ca/en.aspxFor more expert insights, visit www.canadiansme.ca and subscribe to the CanadianSME Small Business Magazine. Stay innovative, stay informed, and thrive in the digital age!Disclaimer: The information shared in this podcast is for general informational purposes only and should not be considered as direct financial or business advice. Always consult with a qualified professional for advice specific to your situation.

WHAT happens if you don't buy cyber risk insurance? Well, Jaguar Land Rover certainly found out earlier this year. The luxury carmaker was hit by a devastating cyber attack in late August, causing it to shut down its production lines for more than four weeks and costing it £50m a week. It only got things back to normal in early October. It was initially forced to withhold payments from suppliers. That is no small matter, given that the automotive parts supply chain, which famously runs on the just-in-time model, supports 200,000 jobs in the UK. It even had to turn to its bankers to secure a £2bn funding facility, which won't have come cheap. On top of all that, the government saw no choice but to step in with a £1.5bn credit guarantee, simply to avoid the potential economic fallout. Other recent victims of cyber crime include Heathrow Airport and high street retailers Marks & Spencer and the Co-op. Many big players in the maritime industries have also been on the receiving end, from boxship giants Maersk, MSC and CMA CGM to ports giant DP World and top broker Clarksons. A recent report from IBM, which examined data breaches experienced by about 600 organisations worldwide, put the average cost of an incident at $4.4m (or £3.3m). What is clear is that cyber risk is a growing threat, as hackers becoming increasingly more sophisticated. This special joint Insurance Day/Lloyd's List podcast will look at how insurance can at least mitigate the worst impacts for companies in both the maritime and wider business sectors. Joining Insurance Day reporter Queenie Shaikh are: Robert Dorey, chief executive, Astaara William Altman, director, CyberCube Stephen Wares, head of international underwriting, Coalition Subscribe to Lloyd's List: https://www.lloydslistintelligence.com/products/lloyds-list Learn more about Lloyd's List Intelligence: https://www.lloydslistintelligence.com/

Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.

Deepfakes that fool the eye. Voices that sound real. Attacks that never sleep. As artificial intelligence reshapes both offence and defence, cyber risk has gone mainstream. In this episode of No Ordinary Wednesday, Jeremy Maggs speaks with Investec cybersecurity experts Nomalizo Hlazo and Tash van den Heever about the new era of digital resilience where trust, adaptability and awareness are your strongest defences. Podcast key moments 00:00 - Introduction 01:27 - AI on both sides – Attackers and defenders in the digital arms race 02:52 - 2025: The year cyber risk went mainstream 03:46 - Why digital risk is compounding 05:05 - Building resilience through third-party and supply chain visibility 07:15 - Regulation tightens – Balancing compliance and agility 08:57 - Critical infrastructure under threat 10:32 - Building digital trust in a diverse and connected market 11:48 - The future of cybersecurity: Integrity, speed, and adaptability 13:16 - Quantum computing, AI agents, and hyperconnectivity 13:58 - Cybersecurity as a life skill 14:56 - Closing remarks Read more on www.investec.com/now Hosted by seasoned broadcaster, Jeremy Maggs, the No Ordinary Wednesday podcast unpacks the latest economic, business, and political news in South Africa, with an all-star cast of investment and wealth managers, economists, and financial planners from Investec. Listen in every second Wednesday for an in-depth look at what's moving markets, shaping the economy, and changing the game for your wallet and your business. Investec Focus Radio SA

Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.

To understand how much to spend on cybersecurity, you have to accurately assess or quantify your risks. Too many people still peg their cybersecurity spend to their IT budget; that is, they’ll look at what they’re spending on IT, and then allocate a percentage of that to cybersecurity. That may have made some sense when... Read more »

To understand how much to spend on cybersecurity, you have to accurately assess or quantify your risks. Too many people still peg their cybersecurity spend to their IT budget; that is, they’ll look at what they’re spending on IT, and then allocate a percentage of that to cybersecurity. That may have made some sense when... Read more »

For Cybersecurity Awareness Month, in a new Actuary Voices podcast episode, Committee on Cyber Risk member Bobby Jaegers discusses building a strong U.S. cybersecurity infrastructure and cyber resilience at the personal level.

Cyber Risk Unfiltered: Behind the Scenes of Mid-Market Attacks by IB Talk

Small and medium-sized enterprises in Canada may be dangerously underestimating their exposure to cyber risk, leaving many without adequate defences or insurance coverage, according to a new survey commissioned by the Insurance Bureau of Canada, or the IBC. In this episode, host Amanda Glassner is joined by Heather Engel, Managing Partner at Strategic Cyber Partners, to discuss. To learn more about today's stories, visit https://cybercrimewire.com • For more on cybersecurity, visit us at https://cybersecurityventures.com.

Link to episode page This week's Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guests Mike Lockhart, CISO Eagleview, and Dustin Sachs, chief technologist at CyberRisk collaborative, and author of Behavioral Insights in Cybersecurity Thanks to our show sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker” All links and the video of this episode can be found on CISO Series.com      

Cybersecurity is evolving faster than many community banks and credit unions can keep pace with. With the retirement of the FFIEC Cybersecurity Assessment Tool (CAT) on August 31, 2025, financial institutions are left wondering how best to measure, track, and manage cyber risk without a regulator-endorsed standard. In this episode of the Banking on Data podcast, host Ed Vincent sits down with Cathy Jackson to unpack what comes next for institutions in this post-CAT world. Together, they explore how banks can leverage the Cyber Risk Institute's Profile 2.1, why the seven functional areas of cyber risk matter, and how moving beyond spreadsheets to an integrated risk suite can give leaders a holistic, regulator-ready view of their risk posture.Follow us to stay in the know!

In this episode of On Aon, Joe Peiser, CEO of Commercial Risk, and Richard Waterer, Global Risk Consulting Leader, unpack the major findings from Aon's 2025 Global Risk Management Survey — and what Risk Management leaders can do to remain resilient in the face of increasingly systemic and interconnected risks.They explore the critical role of analytics in understanding evolving threats and highlight three traits that distinguish highly resilient organizations: insight, agility and collaboration. Key Takeaways:Many of the top risks in Aon's Global Risk Management Survey are broad and interconnected, impacting multiple areas of business.Cyber Risk remains the top concern globally. The rapid adoption of AI is intensifying risk complexity. Artificial Intelligence is itself a top 10 future risk.A persistent gap exists between risk awareness and action. Organizations, need better data and analytics to build accurate risk profiles.Resilient organizations are those that can quantify exposures, optimize capital allocation and embed risk strategy into decision making. Experts in this episode:(Host) Joe Peiser, CEO, Commercial Risk at AonRichard Waterer, Global Risk Consulting Leader at Aon Key moments: (1:12) The top 10 risks in our 2025 Global Risk Management Survey had some surprising and not-so-surprising results. Cyber Risk and Increasing Competition continue to rank highly, while Geopolitical Volatility made a significant jump. (4:14) The risks cited are systemic and interconnected. Their impact is widespread and can be felt across the company. (8:37) Highly resilient companies need three things to set themselves apart — insight, agility and collaboration. Additional Resources:Findings from Aon's Global Risk Management Survey5 Ways to Position Risk Capital as a Value DriverAI and Workforce Skills: Who Should Act and Why Now?5 Top Trends for Risk Capital in 2025 Soundbites:Joe Peiser:“Business leaders can't simply manage more risk by intuition. They really need the tools and the insights from those tools to interpret today's landscape and make decisions that help them survive and thrive.” Richard Waterer:“We were surprised to see Attracting and Retaining Top Talent fall out of this year's top 10. When you consider the challenges being brought about by workforces today, for example, healthcare costs in North America, new legislation on pay transparency in EMEA, you can understand why talent is a complex and costly issue for leaders.

As artificial intelligence reshapes workplaces and business strategies, firms increasingly depend on AI providers, making AI a tool of geopolitical influence. We'll discuss the impact across industries, as digital currencies affect monetary control and cyber threats challenge operational resilience. Host: William Foster, Senior Vice President, Sovereign Risk Group, Moody's Ratings Guests: Vincent Gusdorf, Associate Managing Director, Digital Finance and AI Analytics, Moody's Ratings; Leroy Terrelonge, Vice President-Analyst, Cyber Credit Risk, Moody's Ratings  Related research:Artificial Intelligence – Global – Nations push for AI sovereignty to capture economic, geopolitical gains 30 September 2025 Sovereigns - Global – Digital currency growth, inconsistent regulation amplify countries' financial risks 25 September 2025Artificial Intelligence – Corporates – Pace of AI advances, regional disparities will steer credit trends across industries 23 September 2025 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Organizations continue to face an increasingly complex cyber threat landscape. Amid ongoing geopolitical and geoeconomic tensions and supply chain disruptions, a robust and comprehensive cyber risk management strategy can help businesses mitigate risks and improve resiliency. In this episode of Risk in Context, Marsh McLennan's Dan Bowden speaks with Marsh's Helen Nuttall and Matt Berninger about the importance of reviewing and reinforcing cyber controls to help minimize cyber exposures and uncertainty and better protecting their people, finances, and operations from cyber threats. You can access a transcript of the episode here. Read Cybersecurity Signals, Connecting Controls and Incident Outcomes and The 2025 OT Security Financial Risk Report. For more insights and insurance and risk management solutions, follow Marsh on LinkedIn and X and visit marsh.com.

Artificial intelligence (AI) is a transformational technology, but it has limitations in challenging operational settings. Researchers in the AI Division of the Carnegie Mellon University Software Engineering Institute (SEI) work to deliver reliable and secure AI capabilities to warfighters in mission-critical environments. In our latest podcast, Matt Gaston, director of the SEI's AI Division, sits down with Matt Butkovic, technical director of the SEI CERT Division's Cyber Risk and Resilience program, to discuss the SEI's ongoing and future work in AI, including test and evaluation, the importance of gaining hands-on experience with AI systems, and why government needs to continue partnering with industry to spur innovation in national defense. 

CyberCube is delivering the world's leading cyber risk modeling and analytics. With best-in-class data access and advanced multi-disciplinary analytics, the company's cloud-based platform helps insurance organizations quantify cyber risk to facilitate placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube's enterprise intelligence layer provides insights on millions of companies globally and includes modeling on thousands of points of technology failure. The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners. It is backed by Morgan Stanley Tactical Value, Forgepoint Capital, HSCM Bermuda, MTech Capital, individuals from Stone Point Capital and Scott G. Stephenson. For more information, please visit www.cybcube.com or email info@cybcube.com. Focusing exclusively on risk management and insurance professional development, the Risk & Insurance Education Alliance provides a practical advantage at every career stage, positioning our participants and their clients for confidence and success.

In this episode of Friday Fiduciary Five, Eric Dyson talks about a common and easily fixable cybersecurity risk in retirement plans: participants who have not set up user IDs and passwords for their accounts. This oversight is the most frequent cause of cyber breaches, not the fault of plan sponsors or record keepers. Eric shares an anecdote about an employee discovering unauthorized 401(k) loan deductions, highlighting the importance of security measures like user IDs, passwords, and two-factor authentication. He urges plan sponsors and advisors to communicate the necessity of these security steps to participants to prevent cyber breaches.Connect with Eric Dyson: Website: https://90northllc.com/Phone: 940-248-4800Email: contact@90northllc.com LinkedIn: https://www.linkedin.com/in/401kguy/ The information contained herein is general in nature and is provided solely for educational and informational purposes.It is not intended to provide a specific recommendation of any type of product or service discussed in this presentation or to provide any warranties, financial advice, or legal advice.The specific facts and circumstances of all qualified plans can vary, and the information contained in this podcast may or may not apply to your individual circumstances or to your plan or client plan's specific circumstances.

In this special episode of The Lawyers Weekly Show, produced in partnership with Cybertify, we unpack why legal practices are increasingly such attractive targets for cyber criminals, the ways they get past defences, and what firms can do to ensure that the “doors are locked”. Host Jerome Doraisamy speaks with William Welch, the principal solutions architect for the legal sector and AI security at Cybertify, about who the company is and the work he does, why the risks inherent with cyber security are so much more prominent for Australian law firms at present, why every business is a potential target, the need for “locked doors”, why law firm owners aren't fully across the dangers, and the lessons and takeaways from recent breaches in the legal space. Welch also delves into what BigLaw practices need to be doing right now, ensuring systems are talking to each other properly and having the right point people, what SMEs must be doing at present, the questions those smaller firms need to be asking, overcoming concerns about being time-poor, understanding the changing landscape, and how best Cybertify can help. To learn more about Cybertify, click here.

In our latest Mishcon Academy: Digital Sessions podcast, Joe Hancock, Partner in Cyber Risk and Complex Investigations at Mishcon de Reya, is joined by Emeric Bernard-Jones, Intelligence Manager in the same team. They discuss cybercrime and digital investigations - and covering issues from cyber-enabled fraud and blackmail to the real-world impact of online exposure and how threats are reshaping what it means to be safe online.They discussed:Why are cyber incidents — from hacks to hoaxes — becoming more frequent?How is the privacy and security landscape shifting for individuals as well as businesses?And what's the human cost for directors, staff, and high-profile individuals when things go wrong?

Jonathan Trull is the Chief Security Officer at Qualys. In this episode, he speaks to Cybercrime Magazine from Black Hat 2025, where the company left the conference with two Pwnie Awards, which celebrate groundbreaking achievements in cybersecurity. Listen to hear his thoughts on navigating cyber risk, including fighting today's threat actors and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Recorded live at Black Hat 2025, this episode takes you straight to the frontlines of cybersecurity innovation. Host, Raghu Nandakumara first sits down with Bennett Moe, a cartographer turned N2K CyberWire VP, reveals how mapping skills can turn massive data into actionable cyber insights and why fundamentals still matter in an AI-driven world. Then, Jim Reavis, CEO of the Cloud Security Alliance and ISSA Hall of Famer, shares his urgent warning on cloud risks, the impact of generative AI, and why security leaders must rethink old playbooks.We discussed:How cartography principles help prioritize and visualize cybersecurity data The evolution of AI in security and where it's moving beyond buzzwords Why fundamentals like security hygiene and the right people in the right roles are still critical Systemic risks in cloud environments and why old security playbooks may no longer suffice How security leaders can become their company's most informed voices on AI The importance of actionable insights over overwhelming data for decision-makingThe role of cloud as a foundation for AI innovations like ChatGPT Distinguishing between securing AI and defending against AI-powered attacks How continuous learning, communication, and community collaboration are essential in cybersecurity The CSA's mission and legacy as a navigator for the cybersecurity community  Stay Connected with our host, Raghu on LinkedInFor more information about Illumio, check out our website at illumio.com 

How does one crypto transaction spiral into a $1.5 billion cybercrime? The Bybit heist.This wasn't just the largest crypto theft in history—it was a criminal feat of deception that exposed how even sophisticated systems can be breached when fraud, cybersecurity, and human oversight don't align. In this episode, we are excited to welcome returning guest Geoff White, investigative journalist and creator of The Lazarus Heist podcast, to join host, Alex Pillow, in examining one of the most audacious crypto thefts to-date. How did hackers executed the largest crypto theft in history while making operations seem normal from the inside?Tactics used in the heist and the broader implications of money laundering in the crypto space The impact of remote work on verifying employee legitimacy and protecting organizational value What the aftermath of money laundering looks like for victims—can stolen crypto ever be recovered? How companies can map where value resides across departments—and identify weak links before attackers do For more information, check out the resources below:  Cyber Siege: From Russia to RedcarThe Lazarus Heist podcastTo learn more about Moody's, please visit our website or get in touch—we would love to hear from you.

Today, we're going to go deeper into the world of cyber attacks than we have ever done before. We'll be looking at the insurance claims that they produce as well as the longer-term consequences for their victims Often as journalists covering cyber insurance we focus on the big hacks, the headline numbers, and gloss over the detail of the personal stories and the real hard yards that have to be run to recover from an attack and the potential long-term consequences for a business, its directors, its customers and all other stakeholders. As the immediate damage and business interruption triggers potential regulatory, statutory and other serious third-party consequences, these hard yards often have to be run down multiple different paths simultaneously. The in-depth interviews that follow will deepen your understanding of the more complex and long-tail nature of this peril. I'd like to put you right in the room in the shoes of the Directors of a company as an attack unfolds. We're going behind the scenes to uncover what it's really like when a business becomes the target of a digital assault, from the immediate shock to the long-term repercussions that are often ignored by boards. We're also going to go into detail on how the nature of the cyber threat and the tactics of cyber criminals are evolving. To help me in this task my guests are: Magnus Jelen, (pictured top) Director of Incident Response EMEA for Coveware, a firm that helps victims of cyber extortion recover their data; and three senior executives at Beazley: Raf Sanchez (pictured 2nd from top), Beazley's Head of Cyber Services, Cyber Risks. Melissa Collins, (pictured 2nd from bottom) Head of Third Party Cyber & Tech Claims, and Wayne Imrie, (pictured bottom) Head of London Market Wholesale Executive Risks. Magnus and Raf are right on the front line, dealing with the immediate consequences of a hack. Magnus even deals with the hackers themselves. Melissa deals with the external insurance claims that result and Wayne is a Directors and Officers (D&O) specialist who has a deep understanding of how the D&O and Cyber insurance products interact. LINKS:  As promised, here is the link to Beazley's latest Risk and Resilience Survey Spotlight on Tech Transformation & Cyber Risk 2025: https://www.beazley.com/en-001/news-and-events/spotlight-on-tech-transformation-cyber-risk-2025/

This week, we are pleased to be joined by ⁠George Glass⁠, Associate Managing Director of ⁠Kroll⁠'s Cyber Risk business, as he is discussing their research on Scattered Spider and their targeting of insurance companies. While Scattered Spider has recently turned its attention to the airline industry, George focuses on the broader trend of the group's industry-by-industry approach and what that means for defenders across sectors. George and Dave discuss the group's history, their self-identification as a cartel, and their increasingly aggressive tactics, including the use of fear-based social engineering, physical threats, and the recruitment of insiders at telecom providers. They also examine how organizations—especially those with vulnerabilities similar to past targets—can proactively defend against this threat and prepare an effective response if their industry becomes the next focus. Complete our annual ⁠⁠audience survey⁠⁠ before August 31. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber threats are not static—and HITRUST knows assurance can't be either. That's why HITRUST's Michael Moore is leading efforts to ensure the HITRUST framework evolves in step with the threat environment, business needs, and the technologies teams are using to respond.In this episode, Moore outlines how the HITRUST Cyber Threat Adaptive (CTA) program transforms traditional assessment models into something far more dynamic. Instead of relying on outdated frameworks or conducting audits that only capture a point-in-time view, HITRUST is using real-time threat intelligence, breach data, and frameworks like MITRE ATT&CK and MITRE ATLAS to continuously evaluate and update its assessment requirements.The E1 and I1 assessments—designed for organizations at different points in their security maturity—serve as flexible baselines that shift with current risk. Moore explains that by leveraging CTA, HITRUST can add or update controls in response to rising attack patterns, such as the resurgence of phishing or the emergence of AI-driven exploits. These updates are informed by a broad ecosystem of signals, including insurance claims data and AI-parsed breach reports, offering both frequency and impact context.One of the key advantages Moore highlights is the ability for security teams to benefit from these updates without having to conduct their own exhaustive analysis. As Moore puts it, “You get it by proxy of using our frameworks.” In addition to streamlining how teams manage and demonstrate compliance, the evolving assessments also support conversations with business leaders and boards—giving them visibility into how well the organization is prepared for the threats that matter most right now.HITRUST is also planning to bring more of this intelligence into its assessment platform and reports, including showing how individual assessments align with the top threats at the time of certification. This not only strengthens third-party assurance but also enables more confident internal decision-making—whether that's about improving phishing defenses or updating incident response playbooks.From AI-enabled moderation of threats to proactive regulatory mapping, HITRUST is building the connective tissue between risk intelligence and real-world action.Note: This story contains promotional content. Learn more.Guest: Michael Moore, Senior Manager, Digital Innovation at HITRUST | On LinkedIn: https://www.linkedin.com/in/mhmoore04/Hosts:Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com/Marco Ciappelli, Co-Founder at ITSPmagazine and Host of Redefining Society Podcast & Audio Signals Podcast | https://www.marcociappelli.com/______________________Keywords: sean martin, marco ciappelli, michael moore, hitrust, cybersecurity, threat intelligence, risk management, compliance, assurance, ai security, brand story, brand marketing, marketing podcast, brand story podcast______________________ResourcesVisit the HITRUST Website to learn more: https://itspm.ag/itsphitwebLearn more and catch more stories from HITRUST on ITSPmagazine: https://www.itspmagazine.com/directory/hitrustLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Send us a text