Risk Pulse
View all data →US Effective Tariff Rate
Highest since 1947. IEEPA ruling may reduce to 6.0% in 2026.
Suez Canal Container Traffic
Collapse since Houthi attacks. Still 49% below pre-crisis levels.
Asia-US Transit Time Increase
Cape of Good Hope rerouting extends SE Asia to US East Coast shipping.
ISSB Adopting Jurisdictions
Sustainability disclosure standards now live across 36 jurisdictions globally.
Risk, Resilience, Compliance — Without the Jargon.
Geopolitical Risk Assessment: How to Analyze, Monitor, and Mitigate Geopolitical Threats
ESGESG Risk Management: How to Identify, Assess, and Report Environmental, Social, and Governance Risks
Resilience & DORAOperational Resilience Framework: Building Resilience Beyond Business Continuity
GRCGRC Framework: How to Build an Integrated Governance, Risk, and Compliance Program
Latest Analysis
View all articles →
NIST Vendor Risk Assessment Questionnaire: 40 Mapped Questions
On February 21, 2024, drug distributor Cencora discovered attackers had been inside its systems stealing patient data it processed for pharmaceutical manufacturer clients. By September, Bloomberg reported the company had paid $75 million to the Dark Angels gang, the largest ransom payment on record. A NIST vendor risk assessment questionnaire exists to catch that exposure ... <a title="NIST Vendor Risk Assessment Questionnaire: 40 Mapped Questions" class="read-more" href="https://riskpublishing.com/nist-vendor-risk-assessment-questionnaire/" aria-label="Read more about NIST Vendor Risk Assessment Questionnaire: 40 Mapped Questions">Read more</a>

Risk Management KPI Dashboard: How to Build One in Excel
On July 10, 2024, the Federal Reserve fined Citigroup $60.6 million and the OCC added $75 million more, a combined $135.6 million, for failing to fix risk data and reporting weaknesses first ordered closed in October 2020. The regulators’ language was blunt: the bank had made insufficient progress on data quality management. A risk management ... <a title="Risk Management KPI Dashboard: How to Build One in Excel" class="read-more" href="https://riskpublishing.com/risk-management-kpi-dashboard/" aria-label="Read more about Risk Management KPI Dashboard: How to Build One in Excel">Read more</a>

Monthly Geopolitical Risk Report: Template, Structure and Example
General Motors booked $3.1 billion in tariff costs during 2025, close to a quarter of its earnings before interest and taxes. Ford chief executive Jim Farley summed up the year for analysts as a season of chaos, and his company’s own tariff bill still landed near $1 billion. A monthly geopolitical risk report is how ... <a title="Monthly Geopolitical Risk Report: Template, Structure and Example" class="read-more" href="https://riskpublishing.com/monthly-geopolitical-risk-report-template/" aria-label="Read more about Monthly Geopolitical Risk Report: Template, Structure and Example">Read more</a>

Sanctions Screening in Third-Party Risk Management
On November 21, 2023, OFAC announced a $968,618,825 settlement with Binance, the largest in the agency’s history, hours after chief executive Changpeng Zhao pleaded guilty in a Seattle courtroom. Across Treasury, DOJ, and CFTC, the package reached $4.3 billion. Binance failed to screen its own customers, but the same statutes reach every US company’s suppliers, ... <a title="Sanctions Screening in Third-Party Risk Management" class="read-more" href="https://riskpublishing.com/sanctions-screening-third-party-risk-management/" aria-label="Read more about Sanctions Screening in Third-Party Risk Management">Read more</a>

Critical Supplier Identification and Tiering Methodology
At 12:09 a.m. Eastern on July 19, 2024, a faulty CrowdStrike Falcon update began knocking 8.5 million Windows devices offline, and Delta Air Lines spent the next five days canceling roughly 7,000 flights. Chief executive Ed Bastian put the bill at $500 million, and Delta sued CrowdStrike that October. By procurement’s math, CrowdStrike was a ... <a title="Critical Supplier Identification and Tiering Methodology" class="read-more" href="https://riskpublishing.com/critical-supplier-identification-tiering/" aria-label="Read more about Critical Supplier Identification and Tiering Methodology">Read more</a>

SaaS Vendor Risk Assessment: Cloud-Specific Evaluation
On August 20, 2025, Salesloft and Salesforce revoked every live OAuth token for the Drift chat application after the threat group UNC6395 spent ten days exporting data from more than 700 corporate Salesforce environments. Cloudflare, Zscaler, and Palo Alto Networks all confirmed exposure, and not one of them had been breached directly. Every victim inherited ... <a title="SaaS Vendor Risk Assessment: Cloud-Specific Evaluation" class="read-more" href="https://riskpublishing.com/saas-vendor-risk-assessment/" aria-label="Read more about SaaS Vendor Risk Assessment: Cloud-Specific Evaluation">Read more</a>

Supply Chain Risk Heat Map: How to Build and Maintain One
At 1:29 a.m. on March 26, 2024, the container ship Dali lost power and brought down Baltimore’s Francis Scott Key Bridge, closing the top US auto port for 11 weeks. Maryland lost roughly $15 million a day, and almost no supply chain risk heat map in the country had that bridge on it. The gap ... <a title="Supply Chain Risk Heat Map: How to Build and Maintain One" class="read-more" href="https://riskpublishing.com/supply-chain-risk-heat-map/" aria-label="Read more about Supply Chain Risk Heat Map: How to Build and Maintain One">Read more</a>

Concentration Risk in Third-Party Relationships: Assessment Guide
At 04:09 UTC on July 19, 2024, CrowdStrike pushed a defective Falcon sensor update that crashed 8.5 million Windows devices in 78 minutes. Concentration risk in third-party relationships stopped being an abstract exam finding that morning: insurance modeler Parametrix put direct Fortune 500 losses at $5.4 billion. The failure propagated because one security vendor protected ... <a title="Concentration Risk in Third-Party Relationships: Assessment Guide" class="read-more" href="https://riskpublishing.com/concentration-risk-third-party-relationships/" aria-label="Read more about Concentration Risk in Third-Party Relationships: Assessment Guide">Read more</a>

Fourth-Party Risk Management: Assessing Your Vendors’ Vendors
In June 2023, the California Public Employees’ Retirement System told roughly 769,000 members that their personal data had been stolen. Fourth-party risk management exists for the strange part of that disclosure: CalPERS itself was never breached. The data left through PBI Research Services, a subcontractor that ran death audits on Progress Software’s MOVEit file transfer ... <a title="Fourth-Party Risk Management: Assessing Your Vendors’ Vendors" class="read-more" href="https://riskpublishing.com/fourth-party-risk-management/" aria-label="Read more about Fourth-Party Risk Management: Assessing Your Vendors’ Vendors">Read more</a>

Greenwashing Risk Assessment: How to Audit ESG Claims
In September 2024, Australia’s Federal Court ordered Vanguard Investments Australia to pay a record A$12.9 million penalty for misleading ESG claims. A greenwashing risk assessment run honestly would have caught the problem years earlier: about 74% of the securities in the fund Vanguard marketed as ethically screened were never screened at all. ASIC called it ... <a title="Greenwashing Risk Assessment: How to Audit ESG Claims" class="read-more" href="https://riskpublishing.com/greenwashing-risk-assessment/" aria-label="Read more about Greenwashing Risk Assessment: How to Audit ESG Claims">Read more</a>
Explore by Desk
Enterprise Risk Management
ERM frameworks, risk appetite, risk registers, AI risk, operational risk
Business Continuity
ISO 22301, BIA, BCP templates, DRP, exercises, crypto BCM
Cyber & InfoSec
NIST CSF, CIS Controls, CRAMM, ransomware, incident response
Risk Assessment
Methodologies, frameworks, quantitative analysis, sector-specific
ESG Risk
ISSB, CSRD, climate risk, double materiality, Scope 1-3
Geopolitical Risk
Sanctions, tariffs, trade war, country risk, supply chains
Resilience & DORA
DORA, impact tolerances, IBS mapping, resilience testing
GRC
Governance frameworks, compliance, audit, OCEG, Three Lines