Cyber Risk Management: Expert Tips from CISOs Around the World

“We’re not just checking boxes”: CISOs share how GRC technology is reshaping cyber risk management

The new era of cybersecurity is here to stay, meaning that traditional cyber risk management approaches will no longer cut it. Gone are the days of fragmented departments and different teams. Organisations face increasingly complicated cyber risks, and regulatory requirements are becoming stricter.

To build resilience and maintain compliance, organisations are turning to integrated Governance, Risk, and Compliance (GRC) technology to streamline processes, centralise risk data and provide actionable, board-ready insights.

At the recent Cyber Risk Virtual Summit — a global event that brought together more than 4,500 practitioners, executives and board directors — an expert panel of CISOS and risk management professionals shared their experiences with leveraging GRC tools to enhance visibility, automate compliance and improve decision-making at all levels.

Breaking down silos for greater risk visibility

James Wade, Chief Information Security Officer at property services provider, MCS, described how his organisation faced significant challenges due to siloed cyber risk management practices. “We were a very siloed company,” Wade explained. “We had different business units in the property preservation space, the commercial space, and now in the government space, each doing their own thing. They weren’t reporting back on the software they were using or the risks they were encountering.”

By implementing a centralised GRC software solution — the Diligent One Platform — MCS was able to unify its risk data. “We really had to pull the reins back and put an actual GRC program in place,” Wade noted. “It helped us bridge the silos, ensure everyone was aligned, and provide executives with a holistic view of our risk posture.”

“GRC tools allow us to categorise risks into clear buckets so we can prioritise them effectively.”

– Parrish Gunnels, CISO of Sunflower Bank

Tip: Make use of a GRC tool to unify your data, allowing for a clear picture of risk. Once you know what you’re dealing with, you can approach your cyber risk management with a comprehensive plan

Banner promoting the ebook'Cybersecurity As A Business Driver: The Importance of Reputation and Resilience in Cybersecurity.' Highlights include frameworks for cyber resilience, key questions for boards, and strategic steps for risk executives. — Unlock the strategic power of cybersecurity Download Cybersecurity As A Business Driver and turn risks into growth opportunities

Navigating regulatory complexity with automation

For multinational organisations, regulatory compliance is a constant challenge. Deana Robinson, Governance, Risk, and Compliance Manager at Sonoco Products, highlighted how her company leverages GRC tools to stay ahead of regulatory changes. “We frequently receive regulatory updates from different regions,” Robinson explained. “Sometimes, a local jurisdiction sends a new compliance requirement to one of our plants, and it’s the first time we’re hearing about it. Managing these across a global company is a challenge.”

By leveraging GRC automation, Sonoco Products now receives regulatory alerts in real time, categorises them efficiently, and initiates compliance workflows immediately. “Instead of scrambling to address compliance letters from local jurisdictions, we now have a structured system in place that alerts us proactively,” Robinson said. “It’s reduced our response time and improved our ability to demonstrate compliance to auditors.”

Tip: Ensure you make use of a GRC tool that alerts you to regulatory changes in every region your organisation operates in, allowing you act quickly and ensure compliance

Driving board engagement through actionable insights

A key challenge in cyber risk management is translating technical risks into business priorities. Parrish Gunnels, CISO of Sunflower Bank, emphasised the role of GRC dashboards in bridging this gap. “There are many assessments being done across various areas, and pulling that information together to identify common threads is difficult,” Gunnels noted. “GRC tools allow us to categorise risks into clear buckets so we can prioritise them effectively.”

Similarly, Viktor Culjak, Director of Consulting at Diligent, highlighted the importance of traceability in board reporting. “Executives and board members don’t want to wade through technical jargon — they need a clear narrative that connects cyber risks to business impact,” Culjak explained.

“One of the worst-case scenarios is when you present risk data, and a board member asks how you came up with it, and you can’t explain the delta. GRC platforms like the Diligent One Platform provide that traceability and confidence in the data.”

Tip: With your GRC platform, reporting should give your board a clear and digestible understanding of your organisation’s risk posture so that they are equipped to make informed decisions

Moving from reactive to proactive risk management

GRC technology is not just about compliance; it enables organisations to anticipate and address risks before they escalate, making cyber risk management easier. Wade described how his organisation integrates external threat intelligence into its GRC system for continuous monitoring. “We’ve been able to automate risk assessment questionnaires and integrate them into a dashboard,” he said. “It’s eye-opening how conversations started happening across different teams once they could see how their risks impacted other parts of the organisation.”

Gunnels echoed the sentiment, highlighting how automation is shifting the focus from manual data collection to strategic risk mitigation. “We’re not spending our time chasing down compliance checkboxes — we’re actively analysing trends and making decisions that reduce risk at scale,” he said. “It allows us to focus on what really matters.”

Tip: Automate tedious or manual processes to give your team the space to do the work that matters – strategizing, analysing, and future-proofing your organisation.

The future: AI and data-driven decision making

Looking ahead, artificial intelligence (AI) is expected to reshape cyber risk management. Robinson cautioned, however, that AI’s effectiveness depends on strong data governance. “AI can only be as effective as the data it processes,” she said. “Organisations need to ensure their data is clean, secure, and well-managed before relying on AI-driven insights.”

As risks evolve, so must risk management strategies. The consensus among industry leaders is clear: Organisations that invest in AI-powered GRC platforms today — both to streamline cyber risk management and to defend against an increasingly AI-driven threat landscape — will be far better equipped to navigate future challenges, strengthen security and improve decision-making.

Are you interested in how the Diligent platform can bring your organisation to the next level of compliance?

Get in Touch

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.