For years, small and medium-sized businesses have told themselves they were too small to be worth a hacker’s time. That illusion has officially expired. Cybercriminals have shifted their focus downstream, and small businesses are now at the center of a digital storm they were never built to weather.

In early October, Discord disclosed that a third-party vendor supporting its customer service operations had been breached, exposing user data including names, emails, and government ID photos. The contractor, 5CA, provided age-verification services. Attackers accessed internal support systems, stealing images and metadata tied to verification requests.

After years of legal wrangling, Alphabet—the parent company of Google—has emerged from the Justice Department’s antitrust case largely intact. The ruling stops short of breaking the company apart or banning its search dominance outright. But make no mistake, this isn’t a free pass. It’s a warning shot to every company sitting comfortably atop its market.

The U.S. Securities and Exchange Commission (SEC) is preparing to upend one of the most entrenched practices in corporate America: quarterly reporting. SEC Chair Paul Atkins has signaled his intent to fast-track the removal of the decades-old requirement that public companies issue quarterly earnings reports, a change that could redefine how markets, boards, and regulators think about corporate transparency.

After working with dozens of legal firms on GRC modernization, I’ve seen the same pattern: firms that unify risk and compliance processes gain measurable competitive advantages, while those clinging to isolated tools, spreadsheets, and outsourcing fall behind.

Airports are among the most complex infrastructures in modern society. They sit at the intersection of public safety, commerce, global connectivity, and high stakes logistics. Yet recent events show how fragile that complexity truly is, especially when a single vendor or software provider becomes a critical point of failure.

On August 25, 2025, the U.S. government quietly cleared the final hurdle to make the Cybersecurity Maturity Model Certification (CMMC) a binding requirement for Department of Defense (DoD) contracts. With this approval, CMMC moves from policy talk to enforceable reality, and it will go live in October 2026.

The legal industry is experiencing growing compliance complexity as firms manage client confidentiality, data protection regulations like GDPR and CCPA, professional conduct rules, cybersecurity mandates, and industry-specific frameworks. This isn’t a crisis—it’s an…

In the fast-moving world of fintech, innovation often outpaces regulation. But recent enforcement actions show that regulators are catching up, and they’re not pulling punches.

Most companies don’t see their GRC platform as a productivity tool that can boost business. That needs to change. In an environment where regulatory complexity is growing and resources aren’t, governance, risk, and compliance systems must do more than just audits. They should be helping you…

When news broke that Coinbase had suffered a major breach, with hackers demanding a $20 million ransom after compromising sensitive customer data, there was every reason to expect the usual corporate playbook: silence, damage control, maybe a quiet settlement. But that’s not what happened…

The legal landscape for enterprises is constantly shifting, often in unpredictable and profound ways. Recent First Amendment cases, such as challenges to age verification laws for adult content, highlight the growing complexity organizations face in navigating regulatory compliance…

Lily Yeoh, is joined by Patrick Sullivan, VP of Strategy and Innovation at A-LIGN, who brings over 25 years of experience in IT security and compliance, making him a trusted voice on AI governance and the new standard ISO 42001.

The Change Healthcare data breach in early 2024 stands out as one of the largest in U.S. history, affecting over 100 million individuals and exposing vast amounts of sensitive health data. It’s a sobering reminder of the risks organizations face when security investments lag behind business operations…

Last week, CrowdStrike faced a significant issue involving their Falcon platform for Windows systems. On July 19, 2024, a faulty content update intended for Windows systems caused numerous crashes and blue screens of death (BSOD) on millions of customer machines.

Litigation and regulatory enforcement are increasing risks for companies and cybersecurity leaders. Something must be done to protect the profession.

Vendor management is crucial in today's interconnected business landscape. As organizations increasingly rely on external vendors to provide essential services and technology solutions, the need to ensure their reliability and security becomes paramount.

For our latest podcast, All About Risk, our CEO Lily is joined by a selection of the greatest female minds managing GRC programs for leading US Law Firms. Today’s podcast covers…

Gartner analysts are calling for organizations to adopt a “minimum effective toolset” for enterprise security, using the fewest technologies required to observe, respond and defend against threats.