Risk Pulse
View all data →US Effective Tariff Rate
Highest since 1947. IEEPA ruling may reduce to 6.0% in 2026.
Suez Canal Container Traffic
Collapse since Houthi attacks. Still 49% below pre-crisis levels.
Asia-US Transit Time Increase
Cape of Good Hope rerouting extends SE Asia to US East Coast shipping.
ISSB Adopting Jurisdictions
Sustainability disclosure standards now live across 36 jurisdictions globally.
Risk, Resilience, Compliance — Without the Jargon.
Geopolitical Risk Assessment: How to Analyze, Monitor, and Mitigate Geopolitical Threats
ESGESG Risk Management: How to Identify, Assess, and Report Environmental, Social, and Governance Risks
Resilience & DORAOperational Resilience Framework: Building Resilience Beyond Business Continuity
GRCGRC Framework: How to Build an Integrated Governance, Risk, and Compliance Program
Latest Analysis
View all articles →
PESTLE vs PESTEL vs STEEPLE: Which to Use
On March 10, 2023, California regulators seized Silicon Valley Bank, the second-largest bank failure in US history at that point. The trigger was the most basic external force any strategist is supposed to watch: interest rates. The PESTLE vs PESTEL question starts right here, because the letter E for Economic is exactly the signal SVB ... <a title="PESTLE vs PESTEL vs STEEPLE: Which to Use" class="read-more" href="https://riskpublishing.com/pestle-vs-pestel-vs-steeple-which-to-use/" aria-label="Read more about PESTLE vs PESTEL vs STEEPLE: Which to Use">Read more</a>
NIST Supply Chain Risk Management: A C-SCRM Guide to SP 800-161
In December 2020, the security firm FireEye traced its own breach to an unlikely source: a routine software update from SolarWinds, a network-monitoring vendor trusted inside thousands of corporate and government networks. Attackers had hidden a backdoor, later named SUNBURST, in the Orion update itself. About 18,000 organizations installed the poisoned update, and roughly nine ... <a title="NIST Supply Chain Risk Management: A C-SCRM Guide to SP 800-161" class="read-more" href="https://riskpublishing.com/nist-supply-chain-risk-management-a-c-scrm-guid/" aria-label="Read more about NIST Supply Chain Risk Management: A C-SCRM Guide to SP 800-161">Read more</a>
Business Continuity Maturity Model: How to Score and Level Up Your BCM Program
On the morning of July 19, 2024, CrowdStrike pushed a faulty update to its Falcon sensor and crashed about 8.5 million Windows machines, the largest IT outage in history. Airlines, hospitals, banks, and broadcasters went dark at the same moment. The outage was identical for every airline, but the recovery was not. Delta cancelled more ... <a title="Business Continuity Maturity Model: How to Score and Level Up Your BCM Program" class="read-more" href="https://riskpublishing.com/business-continuity-maturity-model-how-to-score/" aria-label="Read more about Business Continuity Maturity Model: How to Score and Level Up Your BCM Program">Read more</a>
Physical Security Risk Management: A Step-by-Step Guide
On the night of December 3, 2022, gunfire disabled two Duke Energy substations about ten miles apart in Moore County, North Carolina. Roughly 45,000 customers lost power for five days, a state of emergency followed, and an 87-year-old resident who relied on medical equipment later had her death ruled a homicide tied to the outage. ... <a title="Physical Security Risk Management: A Step-by-Step Guide" class="read-more" href="https://riskpublishing.com/physical-security-risk-management-a-guide/" aria-label="Read more about Physical Security Risk Management: A Step-by-Step Guide">Read more</a>
NIST CSF Risk Assessment: How to Run One Under CSF 2.0
On February 21, 2024, UnitedHealth Group detected ransomware inside Change Healthcare, the clearinghouse that handles about a third of US medical claims. The attackers had been inside for nine days, having entered through a Citrix remote-access portal that had no multi-factor authentication. A NIST CSF risk assessment is built to surface exactly that missing control ... <a title="NIST CSF Risk Assessment: How to Run One Under CSF 2.0" class="read-more" href="https://riskpublishing.com/nist-csf-risk-assessment-how-to-run-one/" aria-label="Read more about NIST CSF Risk Assessment: How to Run One Under CSF 2.0">Read more</a>
Supplier Performance Risk Management: How to Score and Monitor Vendor Risk
On July 1, 2024, Boeing agreed to buy back Spirit AeroSystems for roughly $4.7 billion in equity, an $8.3 billion enterprise value with debt, six months after a door plug blew off a 737 MAX 9 on Alaska Airlines Flight 1282. Spirit built that fuselage. The reacquisition was supplier performance risk management in reverse: a ... <a title="Supplier Performance Risk Management: How to Score and Monitor Vendor Risk" class="read-more" href="https://riskpublishing.com/supplier-performance-risk-management-how-to/" aria-label="Read more about Supplier Performance Risk Management: How to Score and Monitor Vendor Risk">Read more</a>
Risk Heat Map Template (Excel) with Conditional Formatting
Tony Cox published “What’s Wrong with Risk Matrices?” in the journal Risk Analysis in 2008, showing that a poorly built matrix can rank risks no better than chance. Seventeen years on, the colored grid is still the most widely used risk picture in corporate America. A risk heat map template earns trust only when the ... <a title="Risk Heat Map Template (Excel) with Conditional Formatting" class="read-more" href="https://riskpublishing.com/risk-heat-map-template-excel/" aria-label="Read more about Risk Heat Map Template (Excel) with Conditional Formatting">Read more</a>
Risk Appetite Statement Examples by Sector (2026)
Michael Barr, the Federal Reserve’s Vice Chair for Supervision, published his review of Silicon Valley Bank’s failure on April 28, 2023. The report found SVB breached its own long-term interest-rate risk limits in 2022, then changed the limits instead of the balance sheet, while the chief risk officer seat sat empty for eight months. The ... <a title="Risk Appetite Statement Examples by Sector (2026)" class="read-more" href="https://riskpublishing.com/risk-appetite-statement-examples-by-sector/" aria-label="Read more about Risk Appetite Statement Examples by Sector (2026)">Read more</a>
Vendor Risk Assessment Questionnaire Template
In May 2024, UnitedHealth Group chief executive Andrew Witty told the Senate Finance Committee that the February ransomware attack on its Change Healthcare unit started with stolen credentials on a Citrix remote-access portal that had no multi-factor authentication. One unasked, unverified control question. The result: roughly 190 million Americans’ records exposed — the largest healthcare ... <a title="Vendor Risk Assessment Questionnaire Template" class="read-more" href="https://riskpublishing.com/vendor-risk-assessment-questionnaire-template/" aria-label="Read more about Vendor Risk Assessment Questionnaire Template">Read more</a>
Is a GRC Certification Worth It? (Salary Uplift Data)
On October 10, 2024, the DOJ, OCC, Federal Reserve, and FinCEN hit TD Bank with roughly $3.09 billion in penalties, the largest Bank Secrecy Act case in US history. Enforcement at that scale is why professionals keep asking whether a GRC certification is worth it. The answer comes down to the numbers. ISACA puts the ... <a title="Is a GRC Certification Worth It? (Salary Uplift Data)" class="read-more" href="https://riskpublishing.com/is-a-grc-certification-worth-it-salary/" aria-label="Read more about Is a GRC Certification Worth It? (Salary Uplift Data)">Read more</a>
Explore by Desk
Enterprise Risk Management
ERM frameworks, risk appetite, risk registers, AI risk, operational risk
Business Continuity
ISO 22301, BIA, BCP templates, DRP, exercises, crypto BCM
Cyber & InfoSec
NIST CSF, CIS Controls, CRAMM, ransomware, incident response
Risk Assessment
Methodologies, frameworks, quantitative analysis, sector-specific
ESG Risk
ISSB, CSRD, climate risk, double materiality, Scope 1-3
Geopolitical Risk
Sanctions, tariffs, trade war, country risk, supply chains
Resilience & DORA
DORA, impact tolerances, IBS mapping, resilience testing
GRC
Governance frameworks, compliance, audit, OCEG, Three Lines