Bob Chaput Author Blog
Enabling Board Cyber Risk Oversight
Raising the Bar for HIPAA Risk Analysis and Risk Management
Introduction As my readers know, I have an affinity for risk analysis and risk management, which I often pose in the form of this question: How will you make informed, intelligent decisions about what safeguards you should invest in and implement until you understand...
Elevating the Role of the C-Suite and Board in Cybersecurity
“As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.” ― Newton Lee “And it starts with C-suite and board accountability.” ― Bob Chaput Introduction In today’s rapidly evolving digital landscape, enterprise cyber risk...
Rethinking ECRM Funding to Enhance Cybersecurity Outcomes
ignment of business strategy and risk appetite should minimize the firm's exposure to large and unexpected losses. In addition, the firm's risk management capabilities need to be commensurate with the risks it expects to take. —Jerome Powell Introduction In an era...
Comments on the Proposed HIPAA Security Rule Revisions
The Role of Risk Literacy, Accountability, and Business Value in Strengthening Healthcare Cybersecurity “The most important defense is to instill a patient safety-focused culture of cybersecurity.” – John Riggi, Senior Advisor for Cybersecurity and Risk for the...
My 2025 Non-Prognostication
Never make predictions, especially about the future. —Casey Stengel Introduction I’ll leave all the 2025 prognostications to those more qualified and those who think they are. This post is simply a reflection on Enterprise Cyber Risk Management (ECRM) and the Chief...
The Healthcare Cyber Risk Problem: A Perfect Storm of Threats and Vulnerabilities
It’s just not about patient safety. It’s also about public safety and even national security. —Errol Weiss, chief security officer, Health Information Sharing and Analysis Center (H-ISAC) Introduction In recent years, the healthcare sector has become increasingly in...
The Most Critical Cybersecurity Decision
Alignment of business strategy and risk appetite should minimize the firm’s exposure to large and unexpected losses. In addition, the firm’s risk management capabilities need to be commensurate with the risks it expects to take. —Jerome Powell Introduction In today’s...
Critical Concepts in Enterprise Cyber Risk Management and Their Importance
So difficult it is to show the various meanings and imperfections of words when we have nothing else but words to do it with. —John Locke Introduction In today’s rapidly evolving digital landscape, I cannot overstate the importance of robust enterprise cyber risk...
The Courts Are Picking Up the Cyber Pace: A New Era of Accountability for Boards of Directors
There is a higher court than courts of justice and that is the court of conscience. It supersedes all other courts. —Mahatma Gandhi Introduction In recent years, the legal landscape around cybersecurity and data breaches has shifted significantly, placing increasing...
The Strategic Value of Enterprise Cyber Risk Management (ECRM)
If you don’t invest in risk management, it doesn’t matter what business you’re in, it’s a risky business. —Gary Cohn Introduction Over the last year or so, I’ve begun to settle (at least in the recesses of my mind) on the root causes for the global mess we’re in...