Bob Chaput

In cyber risk management, miscommunication is the real vulnerability.

When IT, security, and business leaders use different risk languages, priorities get lost in translation.

Build a unified risk framework so that everyone speaks the same language of risk, impact, and value.

ICYMI !!

I was named in the Top 30 of cyber experts by Cybercrime Magazine. The other 29 are incredible industry experts who have supplied a wealth of knowledge and insights to the industry over the years.

https://www.youtube.com/watch?v=i_KisFPdGj4

End-of-Life Systems Haunt Enterprise Security Networks Windows 10 end-of-life on Oct. 14 will triple the number of vulnerable enterprise systems and create a massive attack surface for cybercriminals.

Many enterprises still rely on end-of-life systems.

8.5% of assets, in fact.

For ECRM, that’s more than an IT concern; it’s a governance issue. These systems still “work,” but without patches, they expand risk.

A few words from my course feedback stood out: invaluable, gained, and knowledge. That’s what every professor hopes for. But great learning sparks more questions, too. In cybersecurity, curiosity is key; it’s what keeps us authentic in a field that never stops changing.

A few words from my course feedback stood out: invaluable, gained, and knowledge.

That’s what every professor hopes for.

But great learning sparks more questions, too. In cybersecurity, curiosity is key; it’s what keeps us authentic in a field that never stops changing.

Leadership in cybersecurity isn’t only about owning every answer.

It’s owning the approach.

Clear priorities, smart risk decisions, and empowering teams to act fast. That’s how you turn chaos into resilience.

Healthcare Cybersecurity: The Urgency Of Now The health of patients — physical and financial — depends on how swiftly and efficiently the industry responds to the danger of increasingly sophisticated cyber threats.

Cybersecurity in healthcare = patient safety.

In 2024, 588 breaches hit 180M people—750k records daily. Breaches take 279 days to detect, worsening harm. For 15 years, healthcare has led in breach costs.

The gap is growing: leaders must act now!

Cybersecurity isn’t just spotting threats.

It’s understanding assets, vulnerabilities, and risk deeply. Mapping these connections lets teams prioritize, anticipate attacks, and protect not only their organization but also the people who rely on them.

Can AI Fully Replace Human Penetration Testers? This week in cybersecurity from the editors at Cybercrime Magazine

Cybersecurity isn’t just technology.

It’s AI plus human judgment. AI detects faster, but humans add context, strategy, and intuition. Together, they identify hidden risks, prioritize threats, and create smarter, more resilient defenses.

Cyber risk management doesn’t have to be scary.

Think of it like locking your doors, checking who’s coming in, and having a plan if things go sideways. Know your assets, control access, and be ready to respond.

That’s the basics.

#Cybersecurity #RiskManagement #SimpleTips

Why organizations need a new approach to risk management - Help Net Security To succeed in the risk environment, risk, audit, and compliance leaders need to focus on what Gartner calls “reflexive risk ownership.” This is a future

We need more than reactive risk approaches.

Gartner calls it “reflexive risk ownership."

Assurance leaders coach, design systems, and reinforce behaviors to make #RiskManagement a culture, not just a process.

ECRM hot tip: Don’t just focus on preventing breaches.

Focus on minimizing impact.

Building resilience into systems, processes, and people ensures your organization can adapt, recover, and keep delivering value even when threats strike.

Solving 5 Top CISO Challenges With concerns around AI, data privacy and overall cyber resilience growing, CISOs need to ensure operations are resilient in the event of an incident. Here are 5 ways you can respond.

CISOs today must balance preparation with resilience.

As AI reshapes both opportunity and threat, security leaders are called to be co-stewards of business goals. This means aligning protection with innovation in a boundaryless risk future.

Healthcare Data Breach Statistics Healthcare data breach statistics from 2009 to 2024 in the United States, HIPAA violation statistics, and fines and penalties.

Since 2009, nearly 847M healthcare records have been breached. That's 2.6x the U.S. population. We have frequent flyers!!

In 2024 alone, 276M records were exposed, averaging 758K per day. Protecting health data is the only solution to trust and care.

Hot Tip: ERM is survival.

Map your critical assets, tie risks to business impact, and protect where it matters most.

Security without strategy = just noise.

Here’s What CEOs Need to Tell Board Members About Cybersecurity CEOs must ensure board members are equipped to challenge and guide the organization’s cybersecurity strategy.

#Cybersecurity is now (always has been) a board-level issue.

#CEOs must lead deep, clear conversations with directors, aligning risk, resilience, and business goals. Beyond checkboxes, it’s about ownership, accountability, and building a true cybersecurity-first culture.

This #LaborDay, here’s to the people who keep our communities moving. Whether you’re building, teaching, serving, or caring. Your hard work, perseverance, and dedication make life better for all of us. Thank you for showing up, day after day.

This #LaborDay, here’s to the people who keep our communities moving.

Whether you’re building, teaching, serving, or caring. Your hard work, perseverance, and dedication make life better for all of us. Thank you for showing up, day after day.

Great #RiskManagement includes #leadership.

When leaders engage in risk decisions, they set the tone for accountability, collaboration, and resilience.

Risk managed well becomes less about fear, more about strategy.

To end data breaches, do we need to rethink data sharing? Third-party data breaches occur when personal data is stored, processed or managed not by the data owner. Are privacy-enhancing technologies the answer?

Over a third of #DataBreaches come from third parties, often when raw data is shared or stored externally.

Privacy-enhancing technologies (#PETs) change that, enabling insights and collaboration without exposing raw #data.

The result: fewer breaches, more trust.

#CyberRiskManagement is like navigating a ship through iceberg-filled waters.

You can’t avoid what you can’t see, and a solid #RiskAnalysis is your sonar. It reveals hidden dangers so you can steer safely toward your destination.

More Than Half of Healthcare Orgs Attacked with Ransomware Last Year A new report from the cybersecurity firm Semperis suggests ransomware attacks have decreased year-over-year, albeit only slightly. The ransomware risk Ransomware attacks have decreased slightly year over year, although 77% of surveyed healthcare organizations were targeted by ransomware groups in the past year, and 53% of attacks were successful.

#Ransomware attacks on healthcare are slightly down, but 60% of victims face repeat hits.

Over half pay ransoms, yet many never recover data, and threats now include direct patient targeting and physical intimidation. The evolving #CyberRisk demands stronger, smarter defenses.

#RiskManagement isn’t just about avoiding disaster.

It’s about making smarter, faster decisions with confidence. Whether you're navigating market shifts or cyber threats, a strong risk strategy turns uncertainty into opportunity.

#BusinessStrategy

How Strong Technology Infrastructure Drives Success In Hospitality For hospitality businesses that have a well-oiled technology stack, IT can become a powerful differentiator that impacts the bottom line.

In hospitality, strong #IT isn’t just behind the scenes.

It is the scene. From seamless check-ins to secure networks, modern tech drives guest satisfaction, efficiency, and revenue. Outdated systems cost more than you think.

#HospitalityTech

#CyberRisk can be more than simply a tech issue.

When security becomes part of everyday decisions, not just policies, real change happens. The strongest defense starts with empowered, informed #WorkCultures.

New Report Reveals Just 10% of Employees Drive 73% of Cyber Risk

New research from Living Security and Cyentia shows Human Risk Management programs reduce #HumanCyberRisk 60% faster than traditional methods.

Visibility is key! Mature #HRM programs see 5x more risky behavior than security awareness training alone.

One of my former students said:
“The word risk has become almost useless.”

UT Austin’s Sept course tackles that head-on:
Detect and Respond to Threats: Ransomware and Extortion
Taught by Todd Felker, ex-CISO.

🔗 https://utaustin.catalog.instructure.com/browse/lhcrm/courses/detect-and-respond

Enterprise cyber risk management is like brushing your teeth.

You can’t skip it and expect no cavities.

Skimp on the basics (like patching & access control), and small issues become root canals. Prevention isn’t flashy, but it saves you pain (and $$$) later.

#CyberRisk #ECRM

Despite Progress, Healthcare Cybersecurity Is Still Falling Short - MedCity News Healthcare providers are making cybersecurity progress, but serious vulnerabilities remain — especially when it comes to AI governance, third-party risk, and limited budgets. Fortified Health Security CEO Dan Dodson urged the industry to stop waiting for perfect conditions and act decisively to strengthen their defenses.

#HealthcareCybersecurity has improved. BUT major gaps still remain.

Many providers rushed into advanced tools without mastering basics like patching and access control. #AI, vendor risk, and tight budgets add pressure.

The time to act with clarity and urgency is....you guessed it, now.

How Medicaid cuts could endanger rural hospital cybersecurity | TechTarget Learn about the ways in which reduced Medicaid funding for rural facilities could hurt rural hospital cybersecurity.

Rural hospitals are at risk.

With $1T in #MedicaidCuts, they may lose 21¢ of every dollar, jeopardizing care, jobs, and #cybersecurity. Nearly 1 in 4 rural residents rely on Medicaid.

These cuts hurt more than health; they threaten entire communities.

🎈RISK SCENARIO #2: THE PILOT TAKES A NAP
A dozing pilot at 2,000 feet = high risk.
Asset: Pilot
Threat: Fatigue
Vulnerability: No rest policy
Risk: Navigational error

In cybersecurity, overworked people are your weakest link. Naps aren’t a control.

#CyberRisk #HumanFactors

Floating over Château de Fontainebleau in a hot-air balloon was breathtaking, until I spotted a #CyberRisk lesson in the sky. 🎈Asset: Balloon 🦅Threat: Bird strike 🪡Vulnerability: Worn fabric Risk = all three combined. Same goes for your business. See risk clearly to manage it wisely.

Floating over Château de Fontainebleau in a hot-air balloon was breathtaking, until I spotted a #CyberRisk lesson in the sky.

🎈Asset: Balloon
🦅Threat: Bird strike
🪡Vulnerability: Worn fabric

Risk = all three combined. Same goes for your business. See risk clearly to manage it wisely.