Data Breach Investigations Report 2026
"Exploitation of vulnerabilities is now the most common initial access vector for breaches."
| japi999 |
Jari Pirhonen
- 60 Followers
- 38 Following
- 47 Posts
Security leader, risk professional, business enabler, lifelong learner. CSO, CISO.
“#AI tools are great, but only if they actually help, rather than cause unnecessary pain and pointless make-believe work. Feel free to use them, but use them in a way that is productive and makes for a better experience.”
"On paper, the #CISO owns security. In reality, the CISO does not own most of the decisions that create security risk."
https://thriveleadershipinaction.substack.com/p/why-cisos-are-held-accountable-like #infosec #cybersecurity
Why CISOs Are Held Accountable Like Executives But Still Treated Like Technicians
They want the CISO to protect revenue, preserve customer trust, brief the board, manage cyber risk, support regulatory confidence, guide AI adoption, and help the executive team understand where the company is exposed.
There are three prominent factors driving board cyber governance problem:
1) there’s a lack of #cybersecurity expertise
2) board-level conversations about AI ignore security
3) boards mistake regulatory compliance for security
https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity
Boards Are Falling Short on Cybersecurity
Despite boards placing greater emphasis on cyber risk, their ability to mitigate it is improving slowly and marginally. There are three prominent factors driving this problem: 1) there’s a lack of cybersecurity expertise; 2) board-level conversations about AI ignore security; and 3) boards mistake regulatory compliance for security. There are concrete steps boards can take to address each factor. First, rather than increasing the number of directors with cybersecurity expertise, boards should concentrate their cybersecurity responsibilities on selecting and overseeing effective cybersecurity executives. Second, boards must treat AI as both a strategic opportunity as well as a cybersecurity and governance risk. Finally, boards should view cybersecurity less as a compliance-driven regulatory issue and more as a competitive, operational resilience issue, where market incentives and organizational accountability drive stronger security outcomes than government-imposed rules.
Top CEO priorities 2026.
https://www.ibm.com/thought-leadership/institute-business-value/en-us/c-suite-study/ceo
"The official White House Android app has a cookie/paywall bypass injector, tracks your GPS every 4.5 minutes, and loads JavaScript from some guy's GitHub Pages."
https://blog.thereallo.dev/blog/decompiling-the-white-house-app #security #privacy
History as a battlefield: Russia's information war against Finland 2025.
"Russia employs narratives rooted in a distorted version of history as a strategic tool to legitimise its power ambitions and undermine neighbouring states."
"Despite the hype, #AI Security captured just 2.6% of #cybersecurity funding in 2025—not even in the top ten categories. The real story is AI being absorbed into every existing security category, not emerging as a standalone market."
https://www.returnonsecurity.com/p/2025-state-of-the-cybersecurity-market
Munich Security Index 2026:
"Respondents in all surveyed countries see the US as more threatening than last year. Yet, in absolute terms, Russia continues to be seen as considerably more of a threat than the US across all surveyed countries."
https://securityconference.org/en/publications/munich-security-report/2026/munich-security-index-2026/ #security #safety
More interesting than a single #cybersecurity prediction document is the common ground across vendors and organizations. I collected 20+ 2026 cybersecurity predictions and analyzed them with #AI tools to identify shared themes. #infosec
https://japiditto.blogspot.com/2025/12/an-ai-analysis-of-cybersecurity.html