Jack Jones and Doug Hubbard explain how to measure what matters on the new frontier of risk management.
by Nikhil Chawla
The CISO is confronting countless “swords of damocles.” Each one seems critical. Each one is waiting to drop on their head. Their job is to eliminate those risks before they drop. Unfortunately, security is expensive and budgets are limited. Where to start when you only get to pick one, two, or three things to mitigate out of dozens of possibilities? The straight forward answer is, “Just shoot for getting the biggest bang for you’re buck!” This is easier said than done. The risk of some yet to happen event causing real impact is highly uncertain. The value of security control in mitigating those risks are also uncertain. And, the range of impacts that can occur add more fuel to the fire of uncertainty. This podcast bring the foremost thinkers on modeling cyber risk together – to discuss modern approaches for measuring risk and deciding on the best way forward economically. Meaning, the best way forward in terms of both cost as risk reduction.
The cybersecurity industry has a terminology problem. We’re still calling it “ransomware” when the majority of attacks no longer encrypt and request a ransom for decryption as their primary weapon. Resilience’s analysis of cyber extortion claims in our portfolio throughout 2025 reveals a dramatic acceleration in attack methods. Data theft extortion-only events rose from 49% […]
Here’s a question that should make any enterprise risk management (ERM) professional uncomfortable: How can you manage a risk you don’t even know exists? In my role leading threat intelligence at Resilience, I work at the intersection of cybersecurity and business risk. And I’ve noticed a persistent gap: many ERM professionals know cyber risk belongs […]
We’ve covered why vendor discovery matters, how to mine data streams for comprehensive vendor identification, which vendor categories are commonly overlooked, and how to implement risk-based tiering. Now comes the critical question: how do you actually implement this in your organization and make it sustainable over time? Chuck Norton from Resilience emphasizes the resource reality: […]
Spotify
Apple Podcast
Google Podcast