Steven Schwartz

Ongoing violations can accrue up to $250,000 daily. The New York Department of Financial Services has set a clear deadline: By November 1, 2025, all covered financial institutions must enforce MFA across privileged accounts, remote access, and any system touching nonpublic information. For many organizations, this is not just a compliance challenge, it’s a major operational one. Legacy apps without MFA support, inconsistent enforcement, and vendor access are creating real gaps. At Unixi, we believe compliance shouldn’t mean complexity. Our Universal MFA ensures 100% coverage across SaaS and legacy apps, protects privileged accounts, and provides audit-ready visibility, all without integrations or vendor dependencies. If you’re a financial institution operating in New York, the clock is ticking. Don’t wait until the last minute. Read our blog to learn how to simplify NYDFS MFA compliance: https://lnkd.in/dXYa_Qww

24

1 Comment

Cyber insurers are no longer writing blank checks 🖋️ At last month’s ON2IT Cybersecurity round-table moderated by Yuri Bobbert and Davis Hake of Venable, major underwriters joined together, understanding one theme was crystal-clear: Zero Trust is becoming an underwriting requirement, not a “nice-to-have”. 3 fast takeaways for security & risk leaders: 1️⃣ Third-party breaches now drive most claims. Insurers want proof your vendors are segmented and continuously monitored. 2️⃣ Show your evidence, slash your premium. Actuarial modelling ties mature Zero Trust controls (MFA, micro-seg, real-time telemetry) to a 30-50 % premium reduction. 3️⃣ Boards, regulators and carriers finally speak the same language: measurable, verifiable security outcomes. Bottom line: when security investments translate into actuarial data, CISOs can defend budget with numbers the CFO understands. Curious how ON2IT’s AUXO™ platform collects the evidence insurers crave? 👉 Read the full article “How Zero Trust is Reshaping Cyber Insurance” (link in first comment). 👉 Or DM me to book a live demo and see how Zero Trust as a Service boosts both resilience and balance-sheet protection. #ZeroTrust #CyberInsurance #RiskManagement #SecurityROI #ON2IT #ZTaaS

9

I’ve watched firms spend six figures on compliance and still get blindsided by regulators It’s not about cutting corners. It’s about cutting waste. Too many firms throw money at consultants and manual processes, yet still scramble when regulators show up. The fix isn’t more people or more spend, it’s a smarter approach: Automate the repeatable work Stay ahead of rule changes Turn reviews into a continuous process, not a fire drill Keep humans focused where judgment matters I’ve seen RIAs save hours every week and reduce costs without sacrificing oversight. If you’re spending more and getting less from your compliance program, it’s time to rethink it. Here’s how to make RIA compliance easier and more affordable: https://lnkd.in/gWA59Yyv #RiskManagement #RegTech #ComplianceManagement #RegulatoryCompliance #AICompliance

9

Why we chose this guest: Because some policies are built to fail, and CISOs are the ones left holding the bag. Brent Arnold is a litigator who defends companies when insurers deny coverage, regulators come calling, and class actions hit. He is shaping cyber law while guiding breach response teams through the fallout. This episode brings clarity to one of cybersecurity’s most misunderstood risks.

23

2 Comments

Too many founders with compliance requirements still treat cybersecurity like a “big company problem.” You’ll hear things like: “We’re too small, people will understand.” “We don’t have the budget for that yet.” But if your business touches sensitive data—HIPAA, PCI, or anything else— you’re not just taking a risk. You’re violating an expectation. One that regulators, clients, and your future acquirer will not overlook. Cyber requirements aren't an IT line item. They are in fact a regulatory requirement. The cost of getting it wrong goes far beyond ransom payouts or downtime. You’re putting your team, your customers, and your valuation at risk. Boards need to push harder. Founders need to act sooner. Because if you’re waiting until something breaks— you’re not just behind. It is called willful neglect and it can result in much more than a slap on the wrist. #cybersecurity #founders #leadership #riskmanagement #compliance #startups #scaling

21

4 Comments

The AI vendor you approved last quarter just updated its underlying model. Did anyone tell you? Did it change your risk exposure? Does your current assessment still hold? Get the answer with Kovrr's 𝗙𝗥𝗘𝗘 AI Vendor Risk Catalog: https://lnkd.in/dfRZXvNf The risk isn't necessarily significant in one of these changes alone (although it can be). It's more so situated in how they compound. A vendor updates its underlying model. Terms and conditions shift.  A new integration is introduced. Usage expands across teams and regions. 🌐 As they happen one by one, in quick succession, if not simultaneously, they will start to reshape your entire organization's risk posture. Sooner or later, the assessment you completed no longer reflects the operational reality of today. Yet oversight largely remains a static process, built on governance programs designed for slower-moving risk. That's where the gap forms, between what leadership believes has been approved and what is actively running inside your workflows and influencing your outputs. If that doesn't change, the gap is only going to widen. Indeed, we kept hearing from executives who realized their original assessments were aging faster than their governance programs. It's why we built Kovrr's AI Vendor Risk Catalog. Teams now can get access to continuously updated intelligence across hundreds of third-party AI providers, so exposure can be evaluated based on current conditions and NOT outdated assumptions. If third-party AI is embedded in how your enterprise runs, vendor visibility cannot be a one-time exercise. Explore it for 𝗙𝗥𝗘𝗘 here: https://lnkd.in/dfRZXvNf #AIgovernance #AIthirdparty #AIthirdpartyrisk #thirdpartyrisk #AIvendor #AIrisk

18

2 Comments

We just took another major step forward in strengthening our KYB solution and expanding the value of RiskOS as the core infrastructure layer for identity, compliance, and risk decisioning. Starting today, Baselayer’s business identity and fraud signals, sourced from authoritative government databases and a network of 2,200+ financial institutions, are fully integrated into RiskOS and available to all KYB customers with the configuration of an enrichment step, which takes all of 30 seconds. No engineering lift.  No extra vendor management.  Just better signal, instantly operationalized. Why it matters: ◼️ Baselayer improves our ability to detect synthetic and high-risk business entities ◼️ It boosts auto-approval rates, especially for sole props and thin-file businesses ◼️ And it further differentiates RiskOS as the only platform with native orchestration and the flexibility to embed external best-in-class data sources and solutions We already offer the most automated and performant KYB solution in the market via RiskOS. This deepens that advantage, while reinforcing our strategy to grow the RiskOS 3rd party provider ecosystem and increase platform value for every Socure customer. We now have 85+ pre-integrated partners, adding multiple more every week, and Baselayer represents a blueprint for future integrations: ◼️ Award winning solution (our co-winner of the Liminal Award for top 20 leaders shaping the future of KYB) ◼️ Zero friction, immediate ROI ◼️ Zero integration expense to any RiskOS customer + the integration was done with AI agents and took just a few days ◼️ Extensible across sectors - from fintech and lending to marketplaces and public sector This is how we will continue to compound value for every RiskOS platform user. (Press release in comments)

222

13 Comments

AI Risk Is Becoming Uninsurable. Contracts Are Taking the Hit. Insurance has been quietly stepping away from meaningful AI coverage. Exclusions are expanding, sublimits are shrinking, and underwriting is getting tighter. Companies are still deploying AI at full speed, and the gap has to land somewhere. It is landing in contracts. Read the full article: https://lnkd.in/gRHtVEmp I wrote about this for Corporate Counsel because the shift is real and accelerating. We are watching contracts absorb functions that insurance used to perform. That change reshapes how indemnities work, how governance is drafted, and how responsibility is allocated across the AI lifecycle. Indemnities are narrowing. Broad, catch-all promises are being replaced by precise and limited obligations. The protection that many clients think they are getting often does not exist anymore. Governance obligations are expanding. They are moving upstream into how the system is built, validated, monitored, and supervised. Documentation and controls now influence liability in a way many teams have not expected. And, shared responsibility frameworks are becoming the norm because AI risk sits at the intersection of model behavior and human decisions. This is a structural shift. Contracts are functioning as underwriting instruments because the traditional backstop is pulling away. When the safety net is gone, the contract becomes the risk architecture. If you support procurement, sales, data partnerships, or AI deployments, this matters. Boilerplate AI language is no longer neutral. Internal processes now influence exposure. Many executives still assume their insurance covers AI-related risk when it does not. That disconnect shows up in negotiations every day. The article goes deeper into how these trends are playing out in real agreements and what in-house teams can do to respond with clarity and control. For more insights, check out the Contract Trust Report: https://lnkd.in/gJdXkUpJ — Olga V. Mack I build legal systems for real life.

54

15 Comments

This is lazy research disguised as insight. You’re telling me a $12B market could be anywhere from $30B to $120B in 7 years, and the best you’ve got is a chart? You don’t reconcile the divergence. You don’t tie it to profitability. You don’t ask if reinsurers will even provide capacity at scale. You’re taking the Street’s most undisciplined product—consulting slide decks—and pretending it’s truth. If Munich Re, a reinsurer with access to deep-linked risk data and capital models, says growth is just over 10%—that’s your anchor - with systemic risks that could capsize it overnight. (Swiss Re is also advising similar caution.) Yes, there’s upside from better penetration and product depth, but until you see pricing firm again or SME take-up scale meaningfully, betting on 20%+ CAGR is speculative. In real-world underwriting terms, plan for ~10–12% unless those macro trends shift. #cyberinsurance #riskmanagement #growthreality https://lnkd.in/eGSCWUsf

8

Honored to join the Bermuda Compliance Conference 2025 to discuss how AI is transforming risk management. From detecting emerging threats to strengthening compliance frameworks, AI-driven insights are redefining how organizations stay resilient in a fast-changing digital landscape. Excited to continue this effort as an Instructor with the Bermuda Compliance Academy at Bermuda College this Fall, where I’ll be teaching on AI, digital assets, and risk intelligence. 🎥 Sharing a short video on AI and risk management — let’s connect if you’d like to explore how these innovations can strengthen your compliance strategy. Cheryl-Ann Mapp Ronisa deFontes MBA, ARM Neville Grant Alexander Peeters RFS Consulting #RFSConsulting #RiskManagement #AI #Compliance #DigitalAssets #DeFi #Bermuda #Fintech #Innovation #Leadership ⸻

68

3 Comments

Recent settlements in California ($1.55M against Healthline Media for CCPA opt-out violations) and Connecticut (TicketNetwork for unreadable privacy policies) show AGs are targeting basic compliance failures. Nebraska's lawsuit against GM over driver data sales highlights risks when companies collect and monetize consumer data without proper consent. With 15 comprehensive privacy laws active today (expanding to 20 by 2026), companies must prioritize transparent data practices and functional user rights mechanisms to avoid costly enforcement actions. Read more: https://hubs.li/Q03x7MtW0 #DataPrivacy #CCPA #PrivacyCompliance #AdTech #MarketingCompliance #PrivacyLaw #DataProtection #PrivacyEnforcement

8

If insider risk isn’t on your docket for 2026, it’s a good idea to rethink your budget. Humans will always be your biggest risk - and mostly by accident: 75% of incidents in 2025 were attributed to non-malicious insiders. 55% Negligence 55% and 20% external exploitation. (Ponemon) On average, organizations reported 13.5 negligent insider events and about 6.3 malicious ones. (Syteca) Traditional approaches have failed, and recent innovations have even further widened the gap. 👨‍🏫 Awareness training has become a compliance exercise. Phishing simulations aren’t effective. 🎣 AI has given social engineering a huge leg up for the various phishing forms and at unimaginable speed. ❌ Current DLP tools don’t address the actual “insider" part of the problem. Insider risks are harder to detect because they aren’t often a single incident, they’re a story with data points from multiple sources that may look innocuous on their own. How are you addressing this in your organization?

29

1 Comment