Latest news with #businessrisk
Zawya
3 days ago
- Business
- Zawya
Most organizations miss business context when assessing cyber risk, finds new research from Qualys
According to new research commissioned by Qualys and conducted by Dark Reading, despite rising investments, evolving frameworks, and more vocal boardroom interest, most organizations remain immature in their risk management programs. Nearly half of organizations (49%) surveyed for Qualys' 2025 State of Cyber-risk Assessment report, today have a formal business-focused cybersecurity risk management program. However, just 18% of organizations use integrated risk scenarios that focus on business-impacting processes, showing how investments manage the likelihood and impact of risk quantitatively, including risk transfer to insurance. This is a key deficiency, as business stakeholders expect the CISO to focus on business risk. Key findings from the research include: Formal Risk Programs are Expanding, But Business Context is Still Missing 49% of surveyed organizations report having a formal cyber risk program in place which looks like a promising statistic on the surface. But dig deeper, and the data shows otherwise: Business Alignment Gaps: Only 30% report that their risk management programs are prioritized based on business objectives Recent Implementations: 43% of existing programs have been in place for less than two years, indicating a nascent stage of maturity Future Plans: An additional 19% are still in the planning phase More Investment ≠ Less Risk: Why the Cyber ROI isn't Adding Up Cybersecurity spending has continued to grow. Yet one of the most revealing insights from the study is that a vast majority (71%) of organizations believe that their cyber risk levels are rising or holding steady. 51% say their overall cyber risk exposure is increasing 20% say it remains unchanged Only 6% have seen risk levels decrease The Missing Metric: Business Relevance in Asset Intelligence Visibility in cyber risk management is about a principle that hasn't changed in 20 years: you can't protect what you can't see. Yet even in 2025, asset visibility remains one of the biggest blind spots: 83% of organizations perform regular asset inventories, but only 13% can do so continuously 47% still rely on manual processes 41% say incomplete asset inventories are among their top barriers to managing cyber risk Risk Prioritization Needs to be a Business Conversation, Not a Technical One Another illusion that persists is the idea that all risks can and should be patched. The longstanding practice of prioritizing vulnerabilities based solely on severity is no longer sufficient. The industry looks to be grasping the fact that risk prioritization needs to go beyond single scoring methods like CVSS alone, with 68% of respondents using integrated risk scoring combining threat intelligence or using cyber risk quantification with forecasted loss estimates to prioritize risk mitigation actions. However, these next data points show that the industry still has some way to go: Nearly one in five (19%) of organizations continue to rank vulnerabilities using a single score like CVSS alone Just 18% update asset risk profiles monthly Reporting Risk in Business Terms, Not Security Jargon Executives do not want to hear how many vulnerabilities have been patched. They want to understand what the organization stands to lose, and what's being done to protect it. Yet the study finds that while 90% of organizations report cyber-risk findings to the board: Only 18% use integrated risk scenarios Just 14% tie risk reports to financial quantification Business stakeholders are only involved less than half the time (43%) And only 22% include finance teams in cyber risk discussions 'The key takeaway from the research isn't just that cyber risk is rising. It's that current methods are not effectively reducing that risk by prioritizing the actions that would make the greatest impact to risk reduction, tailored to the business. Every business is unique; hence, each risk profile and risk management program should also look unique to the organization. Static assessments, siloed telemetry, and CVSS-based prioritization have reached their limit,' commented Mayuresh Ektare, Vice President, Product Management, Enterprise TruRisk Management, Qualys. 'To address this, forward-leaning teams are adopting a Risk Operations Center (ROC) model: a technical framework that continuously correlates vulnerability data, asset context, and threat exposure under a single operational view. The ROC model provides a proven path forward for organizations ready to manage cyber risk the way the business understands it and expects it to be managed,' Ektare continued. Below are some recommendations to help businesses better align cybersecurity risk with business priorities: Business risk is all about context. In order to have a good understanding of organizational risk, a business first needs to understand what their business-critical assets are, then understand their risk factors or threats as it relates to those crown jewel assets. Without this context, vulnerabilities or threats are just information. If everything is critical, nothing is. Prioritizing risks is paramount as organizations do not have unlimited resources. In order to be capitally efficient, companies need to spend as little as possible to avoid the largest possible amount of risk. Whatever is not mitigated through technology represents risk that needs to be accepted, or transferred to cyber insurance. To get a good read of the cyber-risks across the enterprise, organizations need a diverse telemetry of risk signals. Organizations can't rely on just one — such as scanning for vulnerabilities — instead, companies need visibility into their application security, identity security stack, and more, every part of the enterprise that is exposing your attack surface. Instead of focusing on reactive incident response — for example with a SIEM or a SOC — organizations need a better system that proactively looks to predict risks and works to reduce the likelihood of an event happening by implementing a Risk Operations Center (ROC). This approach to risk management helps leaders make better, more informed decisions based on their unique business context. Organizations need to overhaul the way they are communicating cyber-risk to the board. Integrated risk scenarios that focus on business-impacting processes, such as how investments and insurance impact risk, will be the future of 'business-oriented' risk reporting, and much more effective at the purpose of communicating to board members.
Reuters
7 days ago
- Business
- Reuters
Wells Fargo suspends China travel after employee exit ban, source says
July 17 (Reuters) - Wells Fargo (WFC.N), opens new tab has suspended all travel to China after a banker was blocked from leaving the country, a person familiar with the matter told Reuters on Thursday. The U.S. banking giant's Chenyue Mao was subjected to an exit ban after she entered China in recent weeks, the Wall Street Journal reported, citing people familiar with the matter. "We are closely tracking this situation and working through the appropriate channels so our employee can return to the United States as soon as possible," Wells Fargo said in a statement emailed to Reuters. The ban could worsen concerns among multinational companies about the risks of doing business in China, particularly around employee safety and freedom of movement. The incident could also chill corporate travel to the country and complicate relations between the world's two biggest economies. Broader U.S.-China relations remain tense, shaped by deepening strategic, economic, and geopolitical rivalries. Mao was born in Shanghai and is based in Atlanta, according to a June 2025 release from FCI, where she serves as chairwoman. FCI, formerly named Factors Chain International, is a global network of companies that do business in the factoring and financing of trade receivables. Before her election as FCI chair in June, Mao served as vice chair of the body. The industry body did not immediately respond to a Reuters request for comment on the matter. Mao is a U.S. citizen, the source said. She has been a banker at Wells Fargo for over a decade, according to her LinkedIn profile. She currently serves as a managing director at the lender and spearheads its international factoring business, as well as advising multinational clients on cross-border working-capital strategies. Factoring is a financing method where companies sell their receivables to third parties, such as banks, in exchange for immediate cash. The third party, known as the factor, profits by purchasing the receivables at a discount and collecting the full amount later. The Wall Street Journal reported that it could not be determined precisely when Mao entered China, or what prompted the travel restriction. She has worked and interacted with Chinese companies and industry groups on trade financing and international factoring matters, the Journal reported, adding that she also sometimes traveled to China for business. Beijing has increasingly used exit bans on both Chinese and foreign nationals, often in connection with civil disputes, regulatory investigations or criminal probes. Many affected individuals are unaware of the restrictions until they attempt to leave the country. Mao did not immediately respond to a Reuters request for comment on LinkedIn. The White House and China's foreign ministry did not immediately respond to requests for comment. In September 2023, authorities in China ordered a senior Nomura banker overseeing the firm's investment banking operations there not to leave the mainland. Some companies have canceled or delayed trips to China in recent years, while others have introduced safeguards such as advising staff to enter the country in groups rather than alone. Human-rights groups say, opens new tab China is using exit bans more frequently, often targeting individuals under investigation or those asked to cooperate with government inquiries.
Yahoo
7 days ago
- Business
- Yahoo
U.S.-based Wells Fargo banker barred from exiting China, WSJ reports
(Reuters) -A U.S.-based Wells Fargo banker who works in trade financing has been blocked from leaving China after traveling there recently, the Wall Street Journal reported on Thursday. Chenyue Mao was subjected to an exit ban after she entered China sometime in recent weeks, the report said, citing people familiar with the matter. The U.S. banking giant has suspended all travel to China following Mao's exit ban, according to the report. Reuters was unable to independently verify the suspension. "We are closely tracking this situation and working through the appropriate channels so our employee can return to the United States as soon as possible," Wells Fargo said in a statement emailed to Reuters. The ban could worsen concerns among multinational companies about the risks of doing business in China, particularly around employee safety and freedom of movement. The incident could also chill corporate travel to the country and complicate relations between the world's two biggest economies. Broader U.S.-China relations also remain tense, shaped by deepening strategic, economic, and geopolitical rivalries. Mao was born in Shanghai and is based in Atlanta, according to a June 2025 release from FCI, where she serves as chairwoman. Before her election as FCI chair in June, Mao served as vice chair of the body. She has been a banker at Wells Fargo for over a decade, according to her LinkedIn profile. She currently serves as a managing director at the lender and spearheads its international factoring business, as well as advising multinational clients on cross-border working-capital strategies. Factoring is a financing method where companies sell their receivables to third parties, such as banks, in exchange for immediate cash. The third party, known as the factor, profits by purchasing the receivables at a discount and collecting the full amount later. The Wall Street Journal reported that it could not be determined precisely when Mao entered China, or what prompted the travel restriction. Beijing has increasingly used exit bans on both Chinese and foreign nationals, often in connection with civil disputes, regulatory investigations or criminal probes. Many affected individuals are unaware of the restrictions until they attempt to leave the country. Mao did not immediately respond to a Reuters request for comment on LinkedIn. The White House and China's foreign ministry did not immediately respond to requests for comment. Wells Fargo, which has a limited presence in China, did not immediately respond to a Reuters request for comment about Mao's citizenship status. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
15-07-2025
- Business
- Yahoo
Michelin: Scope Ratings and Moody's both affirm Michelin's strong credit ratings
Clermont-Ferrand, July 15, 2025 COMPAGNIE GÉNÉRALE DES ÉTABLISSEMENTS MICHELIN Scope Ratings and Moody's both affirm Michelin's strong credit ratings On July 11, 2025, Scope affirmed Michelin's (Compagnie Générale des Etablissements Michelin and its main financial subsidiaries) solicited Long-Term Issuer Default Rating (IDR) of 'A', with a Stable outlook. According to the agency, this 'reflects a solid business risk profile coupled with very strong and further improving credit metrics'. On July 9, 2025, Moody's (unsolicited rating) also published its Long-Term rating affirmation of 'A2' with a Stable outlook. The agency underlined that 'Michelin's attractive margins further reflect its unique position, (…) helped by its strong brand recognition and innovation capabilities'. Contact details Investor Relationsinvestor-relations@ Media Relations+33 (0) 1 45 66 22 Shareholders+33 (0) 4 73 32 23 05Muriel Elisabete Attachment 20250715_PR_Michelin Credit Rating Scope & Moodys
Forbes
23-06-2025
- Business
- Forbes
The Successful CEO In A World Of Uncertainty
Concept for success. Given today's global economic and geostrategic uncertainty, its small wonder CEO turnover, which reached record heights in 2024, continues into 2025*. Managing company and industry risk effectively is increasingly difficult in the midst of major exogenous forces destabilizing the business environment critical to success. As Peter Drucker used to say, the root cause of crisis in every organization is when the assumptions on which the enterprise was built and run no longer fit reality. Surely those assumptions about markets, customers, competitors, and technology are now compounded by greater geopolitical and macroeconomic uncertainty than at any time in the last half century. It would be hard to argue that the assumptions on which most business were built and run are not today in a major state of flux. So the need for CEOs to have dynamic strategic foresight tools to help discern these changes and, to the extent possible, get out ahead of them, is critical to their success. From my extensive interaction with CEOs around the world these days I see three fundamentally different ways CEOs are reacting to these changing assumptions. These different ways of responding to the new global business environment will in large measure, determine whether or not they can succeed, and hence, their longevity. The first group of CEOs I would call 'delusional'. They are clinging on to old realities because that's what they know, are comfortable with, and require the least amount of change. I recall vividly delivering a paper in Davos in 2016 in which I asserted that we were moving from 'globalization to islandization'. But most in the audience clung onto the notion that at best, globalization and integration had reached a bump in the road, believing that globalization was inevitable, immutable and irreversible. Now, nine years later, we know nothing could be further from reality. The second group of CEOs I would call 'mesmerized'. They see dramatic change, challenges and complexity, but they are content to admire the fire. They are either unwilling to change or are frozen in place waiting for the proverbial fog of war to lift and hoping for a return to the status quo ante. The third group of CEOs, and the ones most likely to succeed in a world of continuous, convulsive change, I would call the 'agile'. They are willing to ask the critical questions and put in place strategic foresight and risk management capabilities, as well as rely on a network of informed advisors (which should include their Board of Directors), to provide the peripheral vision needed to be competitive. They establish a dynamic strategy around which they improvise guided by a sophisticated system to monitor early warning signs for changes in their planning assumptions compelling a change in direction. The successful CEO, able to navigate in these chronically uncertain waters, needs also to double down on developing a corporate culture at all levels of the enterprise able to keep their collective ears to the railroad track, monitoring new forces of change potentially affecting corporate operations and competitiveness. As Peter Drucker would say, 'culture eats strategy for breakfast every morning'. Too much attention, often understandably driven by shareholder and financial analyst anxiety, is being placed on the lagging indicators of current performance. Surely good current performance is an indicator of corporate health but largely tells us what a company did six months or even years before that which has yielded current financial performance. More importantly, the successful CEO focuses corporate attention on the leading indicators of likely future performance. This future-focused attention is critically important when the future business conditions are evolving and shifting rapidly. Finally, in this chronically complex and volatile world the temptation in the C-suite is to avoid communicating with stakeholders in the absence of certainty. But some degree of volatility and uncertainty is likely to be steady state as far as the eye can see. This is not an excuse to fail to communicate. In fact, in this environment, the successful CEO communicates more frequently and broadly than ever, authentically sharing their own anxiety, but importantly also informing their stakeholders that corporate strategy is well-tuned to changing direction as conditions might demand. Rather than unsettling employees, shareholders, financial analysts, the CEO who demonstrates an appreciation for business environment volatility accompanied by agile planning and risk management protocols will reassure key stakeholders. In this world of uncertainty, the agile CEO is more likely to succeed than their delusional or mesmerized competitors.
