Perspectives on governance, risk, cyber and AI from the boardroom and beyond.
Far too often, organisations rush to integrate AI fuelled by the fear of missing out. The technology is genuinely transformative, but the pace of adoption is frequently outstripping the governance maturity needed to deploy it well. FOMO is not a strategy.
Read moreRI Advice. FIIG Securities. Fortnum Private Wealth. Three ASIC cyber enforcement actions, three companies prosecuted, zero directors held personally to account. Is the enforcement trajectory escalating or is the regulatory signal fundamentally contradictory?
Read moreEvery cyber governance course tells Directors to "know your crown jewels." Few explain how to actually do it. The missing link is objective centric risk management: connecting strategic objectives through to the information and technology assets that support them, before deciding what to protect.
Read moreAnthropic built an AI model capable of finding vulnerabilities that survived decades of expert review, then chose not to release it. Project Glasswing is the right response, but it does not solve the ecosystem problem. Your organisation's exposure is still determined by the weakest participant in your supply chain, and that gap just widened.
Read moreNew Australian research analysed 44 extreme cyber incidents over 21 years. Companies that suffered a major cyber incident underperformed their market benchmarks by 7% at one year and 12% at two years. Post-2020 incidents showed average underperformance of 34%. But there is good news in the data too.
Read moreWhat began as a legal dispute over policy wording has evolved into a fundamental restructuring of how the insurance market treats state-linked cyber events. With the Iran conflict now stress-testing Lloyd’s exclusion framework in real time, the question for directors is clear: if your organisation is hit by collateral damage from a state-linked cyber operation, does your policy respond?
Read moreFor the better part of two decades, I have worked at the intersection of governance, risk and technology. In the early years, that work was deeply creative. Then I co-founded and built a business, and gradually lost the part of the work I loved most. This is the story of finding it again.
Read moreI have spent the better part of three years watching the AI conversation unfold. My journey has been one of deliberate scepticism, and I think that has made me a better adviser. Here is an honest account of how my thinking has evolved, and why I have chosen to formalise my expertise with the IAPP's Certified AI Governance Professional (AIGP) credential.
Read moreYour developers are about to manage 30 AI agents writing code simultaneously. Is your executive team ready for what that means? On 1 January 2026, Steve Yegge released Gas Town: an orchestrator that lets a single developer manage 10, 20, even 30 parallel AI coding agents, all generating production code at machine speed.
Read more