Insights

For professionals in the realm of risk, compliance, and IT security, the role of the Chief Information Security Officer (CISO) has long been a cornerstone of organizational defense. But as technology evolves and risks become more interconnected, the role itself is undergoing a significant transformation. In a recent analysis in my piece The Death of the CISO: A Eulogy & Reincarnation, I discussed the impending end of the traditional CISO in favor of a more expansive role — the Digital Risk & Resilience Officer (DRRO).

The Consumer Financial Protection Bureau’s (CFPB) latest proposed rule isn’t just another notch in the belt of regulatory updates—it’s a call to arms for fairness, transparency, and accountability. Announced on January 13, 2025, this bold move challenges financial institutions to rethink the very foundations of how they engage with consumers.

For decades, just-in-time (JIT) manufacturing has been the benchmark for operational efficiency. This approach emphasizes delivering products in the fastest, most cost-effective manner while maintaining a highly visible platform for continuous improvement. JIT supply chains minimize resources—such as space, inventory, and workflows—to essential levels, reducing waste and enabling organizations to convert efforts into revenue with remarkable efficiency. By eliminating excess inventory, redundant systems, and systemic bottlenecks, JIT has become a cornerstone of modern manufacturing operations.

Imagine this: a critical government agency, armed with some of the most robust cyber defenses money can buy, finds itself outflanked—not through the front gates, but by a side door left ajar by a trusted partner. This isn’t the plot of a Hollywood thriller; it’s the reality facing the U.S. Treasury Department after Chinese state-sponsored hackers breached its defenses by exploiting a vulnerability in third-party software.

Turn back the clock to the 2010s, and you’ll witness the origins of a compliance revolution. Cloud companies faced a rising tide of regulations like HIPAA and PCI DSS. High-profile breaches—such as the 2013 Target data breach—shattered consumer trust, prompting regulators to crack down on data handlers and processors. Compliance became the bulwark against lawsuits and reputational damage. Cloud providers like AWS and Azure raced to offer robust security and compliance tools, emphasizing shared responsibility between provider and client. By the early 2020s, compliance had cemented its place as the cornerstone of operational security and customer confidence.

Sustainability reporting has evolved from a nice-to-have to a must-do. For years, it’s been voluntary—a chance to show off green credentials. But now? Regulators and investors are upping the ante. KPMG’s 13th Survey of Sustainability Reporting couldn’t have landed at a better time. With mandatory reporting on the horizon for many countries, the survey offers a fascinating look at how global companies are preparing for this seismic shift—or not.

In a damning chapter in the annals of corporate malfeasance to date, McKinsey & Company—the vaunted consulting powerhouse—has agreed to pay $650 million to resolve U.S. Department of Justice (DOJ) investigations into its role in fueling the opioid epidemic. With this settlement, McKinsey becomes the first consulting firm to face criminal charges for advising a client, Purdue Pharma L.P., on activities that significantly contributed to a public health catastrophe of staggering proportions.