Diligent
Blog
Stay ahead of the news and trends impacting GRC for leaders, organizations and the public sector. Find resources and insights covering everything from governance best practices to ESG to strategic risk, compliance and audit management.
Organizations are ‘rapidly prioritizing’ cyber risk oversight — Datos Insights report
In an era where cyber threats loom larger than ever, highly regulated organizations such as financial institutions (FIs) and insurers are increasingly elevating cyber risk oversight to the board level. A new report from Datos Insights highlights this critical trend, finding that businesses who adopt integrated cyber governance, risk and compliance (GRC) frameworks are not only better equipped to manage risk but also more resilient and competitive. According to the research, board and C-suite cyber GRC technology is now the second-largest planned cybersecurity investment for North American FIs in 2025, marking a major industry shift. With increasing regulatory pressures — such as the SEC’s 2023 cybersecurity risk management rules — and rising cyber threats, organizations can no longer afford fragmented governance, risk, and compliance (GRC) approaches. You can read the full research paper, Cyber GRC: Elevating the Board in the New Age of Risk, here. Key findings: Cyber risk at the board level The Datos Insights study, which surveyed CISOs and cyber-risk leaders from 20 North American regulated firms, reveals that financial institutions are rapidly prioritizing board-level cyber risk oversight. Among the key findings: 57% of financial institution risk leaders rank improving cyber risk oversight at the board level as their top priority for 2025. 60% cite high resource impact on staff as the most severe pain point with current board-level cyber GRC solutions. Enterprise risk visibility and cyber risk quantification (CRQ) remain significant gaps, preventing many organizations from effectively assessing and mitigating cyber threats. The challenge: Overcoming siloed and inefficient cyber GRC practices Historically, cyber risk management has lagged behind other traditional GRC functions in maturity. While organizations have long-established frameworks for managing financial, operational and compliance risks, cyber risk remains a highly dynamic and evolving challenge. The rise of remote work, digitalization and third-party dependencies has only compounded the complexity. Without an integrated cyber GRC platform, many financial institutions struggle with: Siloed data and inconsistent reporting, making it difficult to track and respond to risks in real time. Lack of board-level cyber expertise, limiting the effectiveness of oversight and governance. Regulatory pressure, with frameworks like NIST CSF and SEC regulations demanding greater transparency and incident disclosure. Diligent One Platform: A solution for the evolving cyber GRC landscape As organizations work to modernize their cyber strategies, the Diligent One Platform has been recognized as a leading GRC solution. By providing real-time insights into cyber risks, automating compliance workflows and streamlining board reporting, Diligent One helps boards and C-suite leaders stay ahead of evolving cyber threats. Key capabilities include: Integrated dashboards and AI-driven insights, enhancing board-level risk visibility. Automated compliance tracking, streamlining regulatory reporting and disclosures. Enterprise-wide risk quantification, enabling leaders to measure and mitigate cyber threats effectively. What’s next for cyber GRC? As CROs, CISOs and general counsels increasingly work in partnership with boards on cyber risk and compliance oversight, organizations must rethink how they govern, manage and respond to cyber risk. As regulatory scrutiny intensifies and cyber threats grow more sophisticated, the ability to demonstrate cyber resilience will become a defining factor for financial institutions. For those still relying on disconnected cyber risk management tools, the Datos Insights report serves as a clear warning: unified cyber GRC is no longer optional — it’s a competitive necessity. Want to dive deeper? Download the full Datos Insights report to learn how leading organizations are transforming board-level cyber risk oversight.
Introducing Café GRC by Diligent: Connecting governance professionals to learn and grow
In the world of governance, risk, and compliance, things are changing fast. With new technologies emerging and work dynamics constantly shifting, there's a wealth of opportunities to innovate and grow. Amidst all this, personal and professional growth can sometimes take a back seat. But finding time to connect with like-minded professionals and engage in peer-to-peer learning can make all the difference — introducing Café GRC! This quarterly breakfast event promises a fun and intimate setting for governance professionals to connect, learn, and grow. We sat down with Tracey Brady, Head of Global Corporate Services at Diligent, to learn more about this exciting new initiative. Here’s what Tracey had to say about Café GRC and our vision for the future. Find out more about Café GRC and register your interest in upcoming events here. What inspired the creation of Café GRC by Diligent? Tracey shared that the inspiration behind Café GRC stemmed from the need for more in-person connections in the governance community. "Other people inspire me, when you create community and develop personal connections, it takes everything up to the next level," she explained. Emphasising the power of community in elevating professional achievements, Tracey noted: "What you can achieve on your own is great, but when you're part of a group of like-minded people working towards the same goals, your achievements are elevated to a whole new level." How do you see the current governance landscape in 2025, and what are the key trends professionals should be aware of? Tracey highlighted the significant role of technology in the GRC field, emphasising that embracing technological advancements is crucial for staying competitive and effective. "Technology is now absolutely key and central for our profession. Whether you're talking about automation, AI or how you manage your data, you need to be part of the conversation." In addition to technology, Tracey noted the evolving nature of work. "We work in such different ways now. The shift to remote and hybrid working has resulted in finding different ways of collaborating which has benefits for many people but does mean we need to make extra efforts to connect in person.” What can attendees expect from a typical Café GRC event? Attendees of Café GRC can look forward to a variety of engaging activities designed to foster community and learning. Each session will feature a speaker from a different background with an alternative outlook to challenge our thinking. We’ll also encourage you to take the stage! More on that to come... The events are designed to be interactive, with opportunities for networking, discussions, and fun activities. "We want to create a space where people feel comfortable to share ideas and learn from each other," Tracey added. The intimate setting, limited to 30 participants per session, ensures meaningful connections and conversations. "It's about learning from your peers, sharing ideas, and going away with some new thinking and new ideas." What are the main benefits for governance professionals attending Café GRC? Attending Café GRC offers a range of valuable benefits. Tracey emphasised that participants will gain access to the latest insights on governance and technology, helping them stay ahead in their field: "You'll get the chance to hear from experts who live and breathe GRC, giving you the tools to stay ahead of the curve." But it's not just about the information. Café GRC provides a unique opportunity to build a strong professional network. "There’s nothing more powerful than coming to a group with a problem or an idea and solving that problem or testing that idea with others who understand you," Tracey said. The events are designed to foster meaningful discussions and connections, allowing attendees to engage with peers and share ideas in a supportive environment. The combination of learning, networking, and personal growth makes Café GRC a must-attend event for governance professionals looking to enhance their skills and knowledge in a relaxed setting. Where and when will Café GRC events be held, and how can you sign up? Café GRC events will be held quarterly in various cities across the UK and beyond. "We will be holding Café s on a quarterly basis with the first one kicking off in London," Tracey shared. The events are designed to be interactive, with a limited capacity to ensure a quality experience for all attendees. "We want to ensure that each attendee gets the most out of the event, so we are keeping the capacity to 30 people per session. This way, we can provide a more engaging experience," she noted. To sign up for Café GRC, professionals can visit the event’s registration page and register their interest. Tracey advised registering early due to the limited number of spots available per session. Step into the future of governance with Café GRC Café GRC by Diligent is set to become a cornerstone event for governance professionals looking to stay ahead in their field. With expert speakers, engaging activities, and ample networking opportunities, these events promise to be both informative and enjoyable. Don’t miss your chance to be part of this exciting new initiative – register now and stay tuned for more updates on upcoming events.
