惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
Google Developers Blog
Jina AI
Jina AI
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
博客园 - 司徒正美
云风的 BLOG
云风的 BLOG
C
Cybersecurity and Infrastructure Security Agency CISA
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
S
Securelist
S
Security Affairs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
L
LINUX DO - 热门话题
博客园 - 三生石上(FineUI控件)
T
Threatpost
T
The Blog of Author Tim Ferriss
C
CERT Recently Published Vulnerability Notes
IT之家
IT之家
P
Palo Alto Networks Blog
Microsoft Azure Blog
Microsoft Azure Blog
Spread Privacy
Spread Privacy
Cyberwarzone
Cyberwarzone
腾讯CDC
L
LangChain Blog
Know Your Adversary
Know Your Adversary
C
CXSECURITY Database RSS Feed - CXSecurity.com
GbyAI
GbyAI
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
I
Intezer
T
Tor Project blog
AWS News Blog
AWS News Blog
T
Tenable Blog
NISL@THU
NISL@THU
Security Latest
Security Latest
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
H
Hackread – Cybersecurity News, Data Breaches, AI and More
人人都是产品经理
人人都是产品经理
MongoDB | Blog
MongoDB | Blog
MyScale Blog
MyScale Blog
D
DataBreaches.Net
Microsoft Security Blog
Microsoft Security Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
量子位
美团技术团队
The Cloudflare Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
罗磊的独立博客
The GitHub Blog
The GitHub Blog
阮一峰的网络日志
阮一峰的网络日志
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Stack Overflow Blog
Stack Overflow Blog

IDC

IDC On the Ground: Inside GITEX AI Europe 2026's Race to Build Sovereign AI Infrastructure IDC Quanta Launch: The 3-Minute Recap The strategy behind today's launch Dashboards Are Dead: The Future of Business Intelligence Lives in the Workflow Introducing IDC Quanta: The Intelligence Fabric of the AI-Enabled Enterprise How Wearables and AI Will Reshape Healthcare Who operates your meeting rooms now: AV, IT, or an AI agent? Beyond Check-the-Box: Choosing a Security Framework for the AI and Quantum Era DX Software in Transition: AI Investment Trends by Sector Japan's AI Supercycle Is Here — Are You Ready to Lead It? Beyond the Data Dump: Why Cybersecurity Metrics Are Failing, and How AI Fixes It From Wait-and-See to All-In: How SMBs Are Rewriting Their AI Story Your AI Platform Knows the Market. Does It Know Your Business, and Can You Trust It with Your Strategy? Start Here: Six Best Practices for Foundational AI Training Physical AI and Robotics Take Center Stage at Computex Taipei 2026 for Semiconductor Vendors Trump's Quantum EO: What It Means for the U.S. Market The sovereignty conversation vendors need to have - but rarely do Q&A: Your Pipeline Conversion Questions, Answered by IDC Analysts The Intelligence Gap Is Widening. Here's What the Data Says. Anthropic, Trump, and Fable 5: The Dispute That Makes the Case for Frontier AI Studies IDC Quanta: The Next Era of Tech Intelligence The $22.5 Trillion AI Opportunity Why the memory market is still tight: what comes next Indonesia PC Market Grows 9.4% in Q1 2026 Despite Component Pressures But Headwinds Are Building The Dawn of Just-in-Time Software Agent Supplier or Featureware: The Choice Every SaaS Vendor Faces Now SpaceX, Cursor, and the Race to Build the Best Coding LLM in the World NVIDIA Becomes #1 in Datacenter Ethernet Switching as 1Q26 Market Surges 39.8% to $15.4 Billion Wi-Fi 7 Captures 44% of Enterprise WLAN Dependent Access Point Revenue as 1Q26 Market Grows 15.9% to Nearly $2.7 Billion AI Is Ready. Enterprises Are Not. Vendors Need to Fix It. Smart Glasses Surge: The XR Market Is Rewriting Its Own Rules WWDC 2026: Apple’s AI Credibility Test AI Is Making MSPs More Efficient. Here’s How to Share in the Gains. The Dark Funnel: How Answer Engine Optimization is Reshaping B2B Brand Visibility Agentic AI Is Breaking Your ROI Model. Here’s How to Fix It When the Question Can’t Wait: How Kyndryl Delivers Enterprise Intelligence at Speed Why the Grey Market Won’t Disappear in the Middle East and Africa: The Case of Notebooks Print, AI, and the expanded buying committee: highlights from IDC’s Print Executive Dinner in London AI in telecommunications: Why it is becoming an infrastructure priority Do AI Markets Face a Circular Financing Problem? Enterprise Applications Will Determine the Answer. From AI pilots to business value: what EMEA digital leaders are doing differently in 2026 Why India’s PC Market Surged 31.1% in Q1 2026 and What Comes Next PC Market Enters Volatile Territory as Memory Shortage Persists Through 2027 Agentic AI Ecosystems: Navigating the Megatrend That’s Reshaping Enterprise Technology Markets Leaning into disruption: How Perficient delivers real outcomes in an AI-first world Google’s Fitbit Air and Google Health: The Software Platform Play That Matters More Than the Hardware Why Fast and Trustworthy Aren’t Mutually Exclusive in AI Research The Middle East Conflict Just Rewrote the Rules of Business Continuity Ecosystem strategy in 2026: turning AI disruption into partner-led growth Worldwide Smartphone Market to Decline 13.9% in 2026 as Memory Crisis and US-Iran War Constrain Growth The AI Supercycle Has Started. Where Does Asia/Pacific Stand? Devices at Google I/O 2026: Android XR Glasses, Googlebooks, and Gemini Intelligence Why Research Alone Isn’t Enough: The Delivery Problem No One Is Talking About Digital Accessibility in the Workplace: From Compliance to Competitive Advantage When Pinocchio Became a Real Boy: Security Platforms Have Grown Up Plotting a Future-Proof Course: How The Resorts Companies Turned a Decade of IDC Partnership into a Competitive Edge European CISO priorities in 2026: AI agents, platformization, and sovereignty Why IDC Directions Is Coming to Hangzhou — and Why You Should Be There Telcos’ Next AI Revenue Play: Monetizing Orchestrated Digital Infrastructure The Workforce Skills Gap That AI Can’t Solve for Itself The Agent Takeover: What Happens When AI Becomes the Primary User of Enterprise Software The AI Answer Gap: Why Fast Answers and Defensible Ones Are No Longer the Same Thing The Market Every Western Executive Should Be Watching. IDC’s CEO Already Is. Ecosystem Strategy in 2026: Why AI Is Rewriting Partner-Led Growth Anthropic, SpaceXAI, and the New Compute Race in AI Navigating a Market Where the Wrong Bet Has Real Consequences Renuka Drummond Named Top 10 Corporate Counsel Worldwide by OnCon Icon Awards From Labor Arbitrage to Platform-Led Outcomes: How Agentic AI Is Rewriting the IT Services Playbook EMEA IT Market 2026 – Q2 Updates: 5 Key Takeaways on AI, IT Spending and Market Trends Japan’s AI Infrastructure Market Is Heading for ¥1 Trillion and Here Is What Comes Next Asia Pacific IT Spending Outlook 2026: How the Middle East War Is Reshaping IT Budgets From Digital Access to Accessibility with AI Enablement From Cost Optimization to Continuity: What IT Buyers Need Now and How Suppliers Must Respond AI as an Organizational Stress Test: What Will Break First in Your Operating Model? Japan’s ¥2.1 Trillion IT Modernization Wave: The Race Has Already Begun Semiconductor Market to Surge Past the Trillion-Dollar Threshold: AI Infrastructure Drives Market Growth Most AI Investments Don’t Deliver Value – Here’s What EMEA Leaders Are Missing Hannover Messe 2026: 7 Insights and 3 Pieces of Advice on Industrial AI, Manufacturing, and the Future of the Factory IDC Directions 2026: The AI Conversation Has Shifted. Here’s How to Catch Up. Coding by Prompt Is Coming to Your Business Units: What CIOs Should Do Next FutureScape 2026: Building Trust, Resilience, and Prosperity in the Agentic Future FutureScape 2026: Charting the Path to Enterprise-Wide Orchestration From Task Execution to Value Creation: What the 2026 Humanoid Robot Half Marathon Reveals About Industry Progress Europe’s AI Story Has a New Problem: It’s Actually Working AI Infrastructure Spending Caps Historic Year at ~$90 Billion in Q4 2025; 2029 Spending to Eclipse $1 Trillion Digital Sovereignty: Why “Sovereign” Is No Longer Enough FutureScape 2026: Navigating the Crosscurrents of Disruption Huawei and Apple Support China Smartphone Market Resilience as Shipments Decline 3.3% in Q1 2026 The Dirty Secret of AI in ITSM: Why Bad Data Wins Every Time Wholesale telecommunications: How platform models are reshaping the market Beyond LLMs: Why AI Strategy Now Requires Multi-Model, Multimodal, and Multi-Agent Architectures It’s a Data Thing: Retail and Restaurant AI Investments Will Miss the Mark if Not Led by Data Modernization Inference to Overtake Training by 2027 – Why Japanese First Movers Are Betting on Sovereign AI Infrastructure The productivity plateau: Why efficiency gains no longer differentiate Why I’m Excited about IDC Directions 2026 GTC 2026: Workstations enter the sidetop era Dispelling the myth of a silver bullet in sovereign AI MacBook Neo: Apple’s strategic play to disrupt the PC market AI sovereignty risk: A five-step agenda for CIOs Data pricing for AI is being negotiated without a stable model
From cyber risk to business risk: How CISOs should engage the board in 2026
2026-03-25 · via IDC

Cyber risk is no longer just a technical issue, it is a core business concern discussed at the highest levels of the organization. Across EMEA, boards are demanding clearer visibility into risk exposure, regulatory impact, and resilience. This blog explores the latest IDC insights on how CISOs can translate cyber risk into business language, align with board expectations, and strengthen decision-making in an increasingly complex threat and regulatory landscape.

How cyber risk became a board-level business risk

IDC research confirms that cyber risk has become a top board-level concern across EMEA and globally. Boards increasingly recognize that cyber risk is synonymous with business risk, prompting them to ask CISOs to translate the risk of cyber compromise into tangible business and compliance impacts.

As highlighted in IDC’s perspectives, board members are no longer satisfied with technical metrics alone they want to understand how cyber threats could affect organizational resilience, regulatory standing, and overall business continuity.

Cyber risk appetite vs. security investment: Key EMEA trends

Cybersecurity remains the primary barrier to CIO success in Europe, with 16–18% of organizations identifying it as their top challenge. Despite ongoing economic volatility, security budgets are generally protected, though not immune to cuts. IDC’s EMEA Security Tech and Strategies Survey reveals that 33% of financial services organizations kept their security budgets flat, 29% increased them by less than 10%, and 14% decreased them by more than 10%.

Boards are demanding greater clarity on risk acceptance, transfer, and mitigation strategies. A common pitfall is treating security metrics as mere program performance indicators rather than as expressions of risk and compliance management. Boards are now asking, “What is the risk cyber presents to the organization, and how well are we positioned to address it?”

CISO best practices for communicating cyber risk to the board

IDC recommends that CISOs translate cyber risk into financial terms, expressing exposure as realistic cost-of-breach scenarios rather than relying solely on severity labels. Structured exercises should identify which risks threaten financial stability and which are critical for certification or compliance. At the board level, metrics should focus on governance, risk, and compliance trends, answering questions such as: “What are our minimal viable operations? Are we cyber crisis ready? How resilient are we? How long will our business, systems, and production be offline in the event of a severe cyber compromise?”

A robust risk management framework can address 70% of board questions by identifying mission-essential assets, evaluating threats, monitoring controls, and clarifying risk ownership. While boards seek benchmarks and industry comparisons, they are cautioned against adopting a “do $1 more than our competitor” mentality.

IDC advocates for quarterly red teaming and realistic tabletop exercises to educate boards and executives, clarify escalation policies, and better identity and assess third party risk. Boards are also increasingly interested in the impact of AI and emerging technologies such as quantum key encryption and Model Context Protocol (MCP) deployment on organizational risk posture. CISOs should review use cases, implement human-in-the-loop controls, assess data security, and continuously audit AI assets.

Cyber risk and regulation in EMEA: Key insights for CISOs

Regulatory pressure is intensifying in Europe, with frameworks like NIS2, DORA, and the EU AI Act resulting in governance, risk, and compliance (GRC) as the top security technology priority for large organizations. Over 40% of these organizations now place GRC at the forefront, with liability for infringements increasingly assigned to senior management.
In European financial services, cyber security for clients (59%) and internal cyber security (57%) are the primary drivers of risk management investment. But only 43% of CISOs in large UK enterprises report having monthly board engagement, while 48% engage on an ad-hoc basis. IDC recommends establishing regular, structured communication to align risk appetite and investment decisions.

Practical steps to improve cyber risk management and board engagement

To enhance board engagement and risk management, IDC advises quantifying risk in business terms using financial impact, loss scenarios, and regulatory exposure. Cyber risk management should be continuous, using process automation where possible.
Boards must align security investment with risk appetite, and balance resilience, compliance, and operational priorities. Regular, meaningful engagement beyond ad-hoc updates is essential, as is benchmarking against peers while avoiding herd mentality. Integrating GRC platforms to automate reporting, audit, and compliance can support board-level visibility and informed decision-making.

Key takeaways for CISOs and boards in 2026

IDC’s EMEA and worldwide research underscores that effective cyber risk assessment and CISO-board communication require translating technical risk into business impact, quantifying risk appetite, and aligning security investment with strategic objectives.
Boards seek clarity, context, and actionable insights not operational minutiae. CISOs must become influential partners, guiding risk acceptance, transfer, and mitigation in a language the board understands. As regulatory and threat landscapes evolve, disciplined, data-driven communication is essential for resilient, compliant, and secure organizations.

Join the conversation: Deep dive in our upcoming webinar

Want to go beyond the headlines and understand what these shifts mean for your organization? Join our upcoming IDC webinar on May 12 to hear directly from our analysts as they break down the latest EMEA cybersecurity trends, evolving board expectations, and what it takes to translate cyber risk into business impact. Gain practical insights, benchmark your approach, and learn how leading organizations are aligning security strategy with business priorities.

Joel Stradling - Senior Research Director, European Security - IDC

As senior research director for IDC's European Security practice, Joel Stradling leads the content and analyst team for tracking the European security segment. His main focus areas include Zero Trust Network Architecture, Managed Security Services, and Cyber Risk and Resiliency. Stradling has 22 years of experience as an analyst of cyber security, and international managed enterprise network and IT services. He is a regular speaker at major industry conferences talking about security and privacy, Digital Trust and Managed Security Services in B2B enterprise services. Joel is a well-known and highly regarded expert in the industry, offering insight and advice to C-level executives on security technology competitive landscapes and evolving security market segments including: managed security services ZTNA, cloud security, risk and compliance, end point, identity and access management, IT/OT security, secure IoT and 5G, and secure operations.

David Clemente - Research Director, European Security - IDC

Dave Clemente is a Research Director in IDC's European Security practice, with a focus on security services (including managed services and professional services). He is a research professional with more than fifteen years of experience in cyber security, including in think tanks (Chatham House and the International Institute for Strategic Studies), professional services (PwC and Deloitte), and market analysis. Dave is a regular conference speaker and media contributor, and has authored numerous publications on topics including C-suite technology and security priorities, security policy and governance, risk management, and data protection.