Cybersecurity used to be about defending your perimeter.

 today, it’s about defending your entire ecosystem. The real challenge sits well beyond the firewall — in vendors and suppliers, software dependencies, cloud services, regional subsidiaries and the fourth parties no one mapped properly until an incident forced the issue.

The CISO’s job has now expanded faster than most organizations have adapted to. Which is why boards, regulators and customers are asking the same question from different angles:

Can you quantify your exposure and prove you’re managing it?

That question is getting sharper and board expectations are rising fast: 

63% of directors now include cyber events in crisis-planning scenarios

, yet only 28% classify cybersecurity as a top organizational risk — creating a clear mandate for CISOs to translate technical threats into business-ready decisions.

The CISO’s job has become a third-party job

Third-party ecosystems are expanding at the same time that:

AI-enabled threats accelerate attack speed

Regulatory pressure increases across cyber, privacy and resilience

Geopolitical dynamics impact supply chains, sanctions and ownership risk

Traditional vendor questionnaires can’t keep up. Static risk scores can’t explain trade-offs. And “we’re working on it” isn’t board-ready.

 Not because it’s trendy, but because it’s the only way to scale without linear headcount growth.

10% cite third-party and supply-chain compliance failures as one of the biggest risks facing their organizations

 — further proof that vendor ecosystems aren’t just a “security” issue, but an enterprise-risk issue.

Continuous third-party and vendor risk powered by AI

Given the ever-expanding risk of doing business today, third-party programs are shifting from periodic review to continuous scoring.

, organizations can operationalize always-on vendor risk: scores update in real time, multi-region workflows catch gaps, a unified portal cuts chase cycles and structured reporting turns scattered data into decision-ready insights.

That’s how chaos becomes clarity, giving CISOs a real-time view of:

Which vendors are drifting into higher risk

Which indicators suggest escalation before an incident occurs

It's also how you keep pace with AI-driven threats and vendor churn without turning your security team into a questionnaire factory.

Now you have something CISOs desperately need: a living view of third-party exposure, not a stale snapshot.

Cyber risk assessments in the language of the board

Even when CISOs have strong technical visibility, board conversations often stall on translation.

CVEs (common vulnerabilities and exposures) and severity ratings rarely help at the board level. What directors want instead is:

enterprise risk management equipped with native AI

 matters for cyber leadership. It helps translate technical risk into quantified business impact aligned to enterprise objectives and ERM frameworks.

It also supports the moment every risk leader recognizes: when the room leans in during discussions of risk control matrices — because control design is where governance becomes real. It’s where you connect security activities to business assurance.

Join the leaders shaping what’s next in GRC. Elevate 2026 gives you the insights, playbooks and AI know‑how to lead with confidence this year. 

Lead with AI in 2026 

Equipping boards and GCs with decision-ready cyber context

Cyber risk doesn’t live in a CISO slide deck anymore. It lives inside the enterprise risk narrative.

When the integration between the risk management system and the digital boardbook is in place, directors see cyber exposure alongside broader enterprise risks — with consistent framing, comparable metrics and clear action paths.

That’s especially powerful in organizations where 

GCs are becoming the orchestrators of risk reporting

. Instead of cyber being “the security update,” it becomes part of a connected governance story: cyber, third-party, compliance, operational resilience — all informing the same decisions.

With quantified, decision-ready cyber context, boards can actively weigh trade-offs and make informed choices. They see the tension between:

How quickly to act without overextending resources

 Aligning strategy with acceptable risk levels 

That’s what true oversight looks like, and what today’s CISOs have to enable.

Turn cyber and third‑party chaos into clear, board‑ready decisions

 work together to quantify exposure, automate controls and keep your board in the loop in real time — 

The next phase of cyber risk: Using AI to turn cyber and third-party chaos into clear risk decisions 

 has earned a place on the 2026 G2 Best of Software Awards list, recognized as one of the Best Collaboration and Productivity Software Products.

This recognition is especially meaningful because it’s driven entirely by the voices of our customers — the governance professionals, board members and leaders who rely on Diligent every day to collaborate securely and make better decisions.

Why the G2 Best of Software Awards matter

G2 is one of the world’s most trusted software review platforms, relied on by millions of buyers to research and evaluate technology. Its annual Best of Software Awards spotlight top-performing products across categories using only authenticated customer feedback.

For the 2026 awards, rankings were determined exclusively by reviews submitted in the prior calendar year, ensuring results reflect how customers experience products 

Just as importantly, every review is vetted by G2, and award rankings are calculated using a proprietary methodology that weighs customer satisfaction and market presence. This recognition exists for one reason: customers chose to share their experience because Diligent Boards delivers value where it matters most — usability, security, collaboration and outcomes.

In short, this recognition sends a clear message: 

A growing pattern of recognition for Diligent

This G2 honor builds on a growing list of industry recognitions across Diligent’s portfolio.

Diligent is the only GRC company recognized as a Leader by all five of the top global analyst firms, underscoring our position as the trusted partner for governance, risk and compliance teams worldwide. Over the years, Diligent Boards has been recognized by G2 reviewers for:

These distinctions reinforce what customers tell us again and again: Diligent Boards helps organizations collaborate more effectively, streamline governance workflows and maintain confidence in an increasingly complex regulatory environment.

Diligent Boards: Built for modern governance and secure collaboration

Collaboration today isn’t just about working together — it’s about doing so 

securely, transparently and with accountability

. Diligent Boards is purpose-built for leadership teams and boards that need:

A secure, centralized space for sensitive materials

Intuitive tools that drive adoption across diverse stakeholders

Seamless collaboration before, during, and after meetings

Confidence that governance processes meet the highest standards

Being named one of G2’s Best Collaboration and Productivity Software Products validates that approach — and the impact it has for customers around the world.

Most of all, we want to thank the customers who shared their experiences on G2. Your feedback not only shapes our product roadmap — it helps other organizations find technology they can trust.

We’re honored by this recognition and excited to continue raising the bar for board and leadership collaboration in 2026 and beyond.

to schedule a meeting to see what effective, secure board communication really looks like.

Diligent Boards named to G2’s 2026 Best of Software Awards for collaboration and productivity

This article originally appeared in our February 12th edition of the Diligent Minute Newsletter. For more insights like these, delivered straight to your inbox, subscribe

 produced with our partners at Corporate Board Member, and the signals on risk oversight are impossible to miss. More than 200 corporate directors shared how they see the year ahead; their views reveal where boards are strengthening oversight and where blind spots still linger.

Key risk trends boards can’t ignore in 2026

From a risk oversight perspective, the story starts in a familiar place: the macro environment. A majority of directors cite a sharp downturn in the U.S. economy as the single biggest risk over the next few years, with “black swan” events and large-scale cyber incidents close behind. Economic conditions and government policy shifts top the broader risk landscape too, even as directors see technological disruption and M\&A as some of 

Boards are not standing still. Over the past five years, 84% say they’ve changed their approach to scenario planning, expanding the scope of scenarios they consider, increasing the time devoted to planning and broadening the range of geopolitical, technological and social risks they examine.

Some risk-oversight trends that stood out

 of directors cite a sharp downturn in the U.S. economy as a top organizational risk, and 

 worry most about a black swan event they haven’t yet scenario planned.

 include cyber events or data breaches in crisis exercises, 

 test for technology-related disruption and 

 say more frequent, structured risk discussions at the full-board level would most improve risk oversight, and 

 want a clearer link between risk and strategy.

 point to better use of AI-powered data and technology tools as a key lever to strengthen risk oversight.

 of directors view cybersecurity as a top organizational risk, even though cyber incidents are modeled in crisis planning more than any other scenario.

 say strengthening cyber and data‑privacy defenses is a priority for 2026.

AI and technology‑related regulation is expected to demand the most compliance attention this year, yet 

 of directors say it remains the most underestimated area of compliance oversight.

Upgrading the board’s risk oversight toolkit

Boards still lean most heavily on management reporting and updates from internal audit or the risk committee, but many say that isn’t enough in a world of always-on risk. They point to AI monitoring tools, 

 into strategy discussions, and more frequent engagement with external experts as the upgrades they need most.

Digital infrastructure is improving — nearly half of directors now receive real-time or near-real-time operational data between meetings — but many wish board time were more forward-looking, noting that risk and performance data are often used to monitor the present rather than reframe the future.

What emerges is a picture of boards working hard to catch up with the velocity of risk, but still wrestling with misalignment between what they rehearse, what they prioritize and how they equip themselves. Directors in this year’s survey point to the same set of needs: more structured risk discussions, clearer links between risk and strategy, better tools and analytics and ongoing education on emerging threats.

Risk oversight has to become a continuous discipline, not a periodic exercise. That means pairing richer scenarios and better data with more disciplined boardroom processes, so directors can anticipate disruptions, challenge assumptions and guide management through whatever “unimagined” risks come next.

What Directors Think: Are today’s tools enough for tackling tomorrow’s risks?

Consider what unfolded in a single fortnight in January: The United States signaled intensified interest in the Arctic, prompting Denmark to include a NATO ally in its threat assessment for the first time. China expanded military exercises in the South China Sea, testing regional supply chain assumptions. Ukraine's conflict entered a new phase as European leaders debated security guarantees independent of Washington. Venezuela's political crisis deepened, affecting energy markets and regional stability. At Davos, leaders from middle powers – Canada, the EU and others – called for renewed multilateral cooperation as traditional alliance structures showed strain. Meanwhile, trade policy announcements and reversals arrived within hours, not quarters.

For any corporate board still conducting quarterly geopolitical reviews, these two weeks should serve as a wake-up call. The world now moves faster than board calendars.

Directors recognize the problem - but haven't solved it

Diligent Institute and Corporate Board Member's 

 survey reveals that boards understand the risk landscape has fundamentally changed. Eighty-four percent of directors report strengthening their scenario planning approach in some way. Nearly half have increased time spent on scenario planning and 49% have expanded the scope of scenarios considered. These are meaningful investments in risk oversight.

Yet 71% of directors do not incorporate geopolitical conflicts into their crisis planning scenarios, a significant gap given current volatility. Meanwhile, less than a third of directors worry most about "a black swan event we have not scenario planned."

The problem isn't effort — it's rhythm. Boards are investing more time, but the cadence remains periodic rather than continuous. Most directors receive real-time data only "sometimes," "rarely," or "never" between meetings. That means many boards are reacting to last quarter's world rather than today's.

From periodic to continuous: The shift required

Directors themselves are signaling the need for change. According to the survey, 47% want more frequent and structured risk discussions at the full-board level, and 32% seek clearer linkage between risk oversight and strategy setting. The survey also found that directors want their agendas balanced toward forward-looking discussions, yet most meetings remain retrospective.

When tariffs can be announced – and reversed – within hours, when regional conflicts escalate overnight, when alliance structures shift in days, quarterly snapshots become dangerously stale. Geopolitical risk assessment must shift from a calendar-driven exercise to an "always-on" discipline.

I’m based in Silicon Valley, where we seemingly have an app for 

. I believe that technology can help close the gap between the speed of geopolitical change and the pace of board oversight. Indeed, a quarter of directors surveyed also think enhanced use of AI-powered data and technology tools would most improve risk oversight. Yet only 23% regularly use such tools to support strategic decision-making, and 40% don't use AI at all for this purpose.

Imagine a "Geopolitical Intelligence Brief" – a company could create a proprietary LLM with the last 10 years of quarterly and annual reports and press releases, updated weekly, and partner with an AI company to create an app that continuously monitors global headlines, generating an automated morning alert for the board and senior leadership. Each alert would identify two or three potential implications for the company's specific business lines, markets, or exposures. Not definitive answers, but prompted questions: "Given overnight developments in [region], consider reviewing [exposure], [contract], [supply chain node]." This horizon scanning exercise would then connect dots between macro events and micro business implications – and notify management for a further discussion if warranted. Or the app could be queried about the effects of a certain geopolitical scenario on revenues or supply. This isn't about replacing human judgment – it's about ensuring directors have current information in a timely fashion when judgment is required.

Identify a few discrete issues – maybe tariffs, maybe technology, maybe distribution – where advance preparation for some kind of asymmetry will create a market opportunity, and plan for that eventuality.

Establish a geopolitical monitoring cadence between meetings: 

Designate responsibility for weekly or bi-weekly briefings to the board – even a single-page summary keeps directors current.

In this era of polycrisis, build compound scenarios: 

Combine geopolitical shocks with cyber, supply chain or economic triggers – because in the real world, crises don't arrive one at a time.

The difference between boards that preserve value and those that destroy it will increasingly be decided before a geopolitical event occurs – not after. This January's rapid-fire developments compressed what would historically unfold over months into days. This year, the question isn't whether your company will be affected by geopolitical disruption. The question is whether your board will see it coming – and whether you'll have time to act. Quarterly reviews assess yesterday's risks while today's threats materialise in real-time. The boards that thrive will be those that treat geopolitics not as background noise, but as a continuous strategic variable requiring always-on attention.

Diligent

Blog

The next phase of cyber risk: Using AI to turn cyber and third-party chaos into clear risk decisions

Diligent Boards named to G2’s 2026 Best of Software Awards for collaboration and productivity

Your Data Matters