Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal
〰️
Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal 〰️
The RiskTech Journal
The RiskTech Journal is your premier source for insights on cutting-edge risk management technologies. We deliver expert analysis, industry trends, and practical solutions to help professionals stay ahead in an ever-changing risk landscape. Join us to explore the innovations shaping the future of risk management.
Autonomous IRM, Investor Confidence, Cyberinsurance Risks, and Analyst Failures: Exclusive Insights from The RTJ Bridge
The landscape of risk management technology is undergoing rapid transformation, driven by advanced artificial intelligence, shifting investor priorities, and increasingly sophisticated cybersecurity threats. While many risk professionals rely on general market reports and commentary, actionable and forward-looking insights remain scarce. Subscribers to The RTJ Bridge, the premium insights platform from Wheelhouse Advisors, have early and exclusive access to proprietary analysis, data-driven recommendations, and strategic perspectives unmatched elsewhere.
How CrowdStrike’s Agentic AI Accelerates Autonomous IRM
CrowdStrike’s launch of Charlotte AI—its agentic AI architecture now embedded within the Falcon platform—marks a decisive shift in how risk is not only detected, but addressed. With its triad of capabilities (Agentic Detection Triage, Agentic Response, and Agentic Workflows), Charlotte introduces a new operating model: one where AI systems autonomously assess, act, and learn within predefined parameters.
The implication for Integrated Risk Management (IRM) is profound. These are not just smarter alerts or faster forensics. They are machine-initiated decisions with immediate governance, compliance, and operational consequences. And that demands a new framework—one that aligns autonomous action with enterprise risk oversight.
The GRC Blind Spot: What the SharePoint Cyberattack Reveals About Risk Management Vulnerabilities
This past weekend, Microsoft confirmed that attackers exploited a critical zero-day vulnerability in on-premises SharePoint servers—a breach that quickly escalated into a global cybersecurity incident. Governments, universities, energy providers, and private enterprises were affected. At least 85 servers were confirmed compromised within 48 hours, with analysts warning that tens of thousands remained at risk.
The IRM50 All-Stars Take the Field
Wheelhouse Advisors Releases 2025 Lineup on MLB's Biggest Stage
On the same day baseball's best step up to the plate at the 95th MLB All-Star Game in Atlanta, Wheelhouse Advisors has released its all-star roster: the 2025 IRM50.
And just like the Midsummer Classic, this announcement celebrates top-tier talent, position-specific excellence, and strategic versatility—only this time, the field is Integrated Risk Management (IRM), not Truist Park. Wheelhouse's IRM50 recognizes the 50 most influential technology and consulting providers driving the future of IRM. The timing isn't just symbolic—Wheelhouse Advisors is also headquartered in Atlanta, and this year's report marks the broadest, most globally representative IRM50 to date.
The Coming Wave: Why AI-Fueled Cyber Crime Demands a New Layer of Risk Management
In June 2024, a ransomware attack on Synnovis—an NHS diagnostics provider—led to thousands of canceled surgeries, long-term patient harm, and yet barely registered in the headlines. A year later, an attack on Marks & Spencer, which temporarily left Percy Pig sweets and Colin the Caterpillar cakes off supermarket shelves, wiped £600 million off the company’s market cap and triggered nationwide panic.
This juxtaposition, as Misha Glenny eloquently observes in his Financial Times Weekend article, reveals something uncomfortable about both society’s perception of cyber risk and our structural ability to respond to it. But it also points to a larger and more pressing reality: AI is about to turn every cyber threat vector into a force multiplier—and the defensive tools most organizations rely on are no longer fit for purpose.
As AI matures into autonomous, agentic forms, we’re not just dealing with more attacks—we’re dealing with smarter, faster, and more scalable ones. The solution isn’t just better cybersecurity. It’s Integrated Risk Management (IRM)—and it must evolve as rapidly as the threat landscape.
Where Autonomous IRM Begins—And Where It Must Go Next
The Quiet Rise of Autonomous IRM—From the Middle Out
Autonomous IRM is no longer theoretical. AI-powered platforms are starting to deliver tangible value: agentic systems that simulate attacker behavior, validate control effectiveness, and recommend mitigation actions—often autonomously.
The June 5 announcement from Tuskira, integrating directly with ServiceNow’s Vulnerability Response and SecOps modules, is a prime example. By embedding simulation-backed scoring and posture-aware mitigation into operational workflows, Tuskira is delivering intelligence in real time.
But there’s something missing: the announcement doesn’t mention Integrated Risk Management (IRM) at all.
That silence is a signal. Tuskira operates in what Wheelhouse Advisors defines as Layer 3: Intelligence & Validation—the middle of the risk architecture. And while this layer is where automation is gaining traction, it’s also where many organizations are managing in isolation, without input from either end of the enterprise risk stack.
Inside the Hack: Why Social Engineering Exposes the Limits of Cyber Defense and Demands Integrated Risk Management
The recent cyberattack on Marks & Spencer (M&S), perpetrated by the notorious hacking group Scattered Spider, vividly underscores the evolving sophistication of cyber threats—and the alarming vulnerability of even well-protected enterprises. Despite significant investments in cybersecurity defenses, M&S faces an estimated loss of up to £300 million in operating profits and a plunge of £600 million in market capitalization following the breach.
As detailed recently by the Financial Times, Scattered Spider’s methods illuminate a stark reality: technical cybersecurity solutions alone are not enough. The group’s expertise lies in a blend of digital deception and human manipulation, a practice known as social engineering. Unlike traditional cybercriminals reliant solely on technical exploits, Scattered Spider meticulously researches employee identities, simulates convincing interactions, and leverages human psychology to circumvent cyber defenses.
From Permit to Platform—How CTRL WRK Turns Lockout/Tagout into an Autonomous IRM Use Case
A high-risk, paper-bound safety workflow finds new life on the ServiceNow platform—signaling a broader shift toward AI-enabled operational risk intelligence.
What was once a clipboard-bound safety task has now become a signal of something larger: the acceleration of Autonomous Integrated Risk Management (Autonomous IRM) through purpose-built, domain-native micro-apps. On June 2, CTRL WRK—a GenAI-powered “Control of Work” (CoW) application focused on lockout/tagout (LOTO) permitting—launched on the ServiceNow Store. While its function is precise, the implications are far-reaching.
This is more than digitization. It’s the embodiment of a broader market shift: from static compliance toward dynamic, AI-enabled risk management embedded directly into operational workflows.
Generative AI Is Steering Banks Toward Autonomous IRM—But the Bridge Isn’t Finished Yet
When McKinsey & Company published “How generative AI can help banks manage risk and compliance” in March 2024, it put blue-chip credibility behind a growing consensus: large-language models and related GenAI tools will automate swaths of the three-lines-of-defense and up-end conventional governance, risk, and compliance (GRC) workflows. What McKinsey did not say—but unmistakably implied—is that the old compliance-first paradigm is now on borrowed time. The firm’s use-case catalogue—from virtual regulatory advisors to code-generating “risk bots”—maps neatly onto the early layers of Autonomous Integrated Risk Management (IRM): continuously sensing risk, generating controls, and feeding decision-grade insight back into the business.
Yet the report also reveals a tension. McKinsey still frames GenAI as a helper inside discrete risk silos, guarded by human-in-the-loop checkpoints. Autonomous IRM envisions something bolder: an AI-directed control fabric that dissolves those silos, embeds itself in front-line processes, and—over time—lets the machine take the first swing at routine risk decisions while humans govern the exceptions.
Beyond the Firewall - Why Integrated Risk Management Is the Missing Layer in Cyber Defense
The recent revelation that Marks & Spencer—one of Britain’s most iconic retailers—suffered a cyberattack that could cost it up to £300 million in annual operating profit is a reminder that no amount of cybersecurity spending can fully inoculate a company from human error. The attack, reportedly traced to a third-party vendor and facilitated by social engineering, underscores a hard truth: cybersecurity is necessary, but not sufficient.
Despite boosting its cyber investment by 75% and quadrupling its team over the past two years, M&S was not spared. Nor were other well-known retailers like Harrods and the Co-op grocery group. These incidents reflect a deeper problem in the digital defense playbook—one that requires a broader, integrated approach to risk.
Avatars in Armani — How AI Analysts Are Reshaping the Future of Finance & Risk Management
When UBS digitally cloned three dozen equity analysts into AI-generated avatars, it wasn’t just experimenting with client communications but sounding the opening bell on a new era in financial services. This wasn’t deepfake theatre or AI as a back-office assistant. It was artificial intelligence stepping into the polished shoes of the investment banker.
The avatars, trained to deliver short videos based on research notes—complete with facial expressions and gestures—represent a subtle but significant shift. UBS reports that clients respond to them as positively as traditional analysts, even if the result feels slightly uncanny.
The Modern Risk Stack — A Primer Explaining How IRM Integrates GRC, ERM, ORM, and TRM
Many organizations seeking a better path for risk management are often confused by multiple risk domains—GRC, ERM, ORM, TRM—each promising mastery over a specific slice of risk management. But as risks evolve, multiply, and interconnect at unprecedented speed, these isolated approaches no longer suffice. Integrated Risk Management (IRM) has emerged as the essential response, weaving together the strengths of each domain to build one cohesive, strategic narrative.
Integrated Risk Thinking: The Mindset That Unlocks the Power of the IRM Navigator™ Model
Today’s businesses face unprecedented complexity. Rapid technological advances, evolving regulatory environments, escalating cyber threats, and global operational challenges have rendered traditional risk management approaches obsolete. Siloed processes, reactive responses, and fragmented risk oversight are no longer enough to safeguard modern organizations.
Wheelhouse Advisors has identified that effective risk management in today’s landscape requires not only powerful tools and methods but, more importantly, a fundamentally new way of thinking. This strategic shift is what we call Integrated Risk Thinking (IRT)—the essential mindset that allows organizations to leverage risk as an integral part of strategy, decision-making, and competitive advantage.
McKinsey Confirms the Limits of GRC and Points Toward Integration
In its May 2025 article “Governance, Risk, and Compliance: A New Lens on Best Practices,” McKinsey & Company delivers a candid assessment of the widespread shortcomings in today’s governance, risk, and compliance (GRC) functions. Based on survey data from nearly 200 corporate leaders, the article highlights persistent underperformance across all three pillars of GRC and outlines five imperatives for reform. But what McKinsey never quite says—though it clearly suggests—is that the GRC model itself may be past its expiration date.
The findings echo what many in the risk management profession have long understood: legacy GRC frameworks are no longer adequate in a world defined by interconnected risks, real-time decisions, and strategic uncertainty. Below, we examine the key insights from the report and explain how they point—whether intentionally or not—toward Integrated Risk Management (IRM) as the future-facing alternative.
AI Insurance Emerges as Chatbot Failures Highlight New Liabilities
In a notable development reflecting AI’s increasing integration into business operations, insurers at Lloyd’s of London have launched specialized coverage for losses caused by artificial intelligence tool failures. This initiative, spearheaded by Armilla, a startup backed by Y Combinator, underscores growing corporate concerns about the unpredictable and costly errors AI-powered tools can generate, particularly chatbots and customer service platforms.
Introducing The RTJ Bridge—A Premium Subscription Delivering Strategic Insights for Risk Leaders
Wheelhouse Advisors announces the formal launch of The RTJ Bridge, the new premium subscription service from The RiskTech Journal. Positioned strategically between our daily industry commentary and comprehensive quarterly IRM Navigator™ research reports, The RTJ Bridge delivers weekly insights, executive briefings, and exclusive deep-dive editorial series.
Alongside this premium offering, the standard edition of The RiskTech Journal is now fully open-access, including unrestricted browsing of our past content library.
This tiered content strategy ensures risk leaders and senior executives receive timely and actionable insights at a fraction of the cost associated with traditional analyst firms such as Gartner and Forrester.
Cisco and ServiceNow Deepen AI Security Partnership—What Does It Mean for Integrated Risk Management?
The Cisco-ServiceNow partnership directly addresses these concerns by providing a tightly integrated solution that combines Cisco's established security expertise with ServiceNow's robust operational workflow capabilities. Customers will be able to map Cisco AI Defense controls to relevant standards in ServiceNow’s Integrated Risk Management (IRM) platform so teams can measure and demonstrate AI organizational compliance.
Operational Intelligence — How IRM Solves Connected Risk Failures
in today’s digital risk environment, agility and resilience are everything. Risk events once considered unlikely—global cyber disruptions, third-party failures, data breaches, operational breakdowns—now occur with alarming frequency. As these risks grow more interconnected, traditional Governance, Risk and Compliance (GRC) frameworks, often built around static risk registers and slow reporting cycles, are no longer sufficient.
Risk management is evolving from a reactive back-office control utility into a strategic engine of operational intelligence. Enabled by advancements in risk technology, analytics, and real-time data integration, modern Integrated Risk Management (IRM) platforms are helping organizations detect emerging operational risks earlier, connect siloed insights, and embed resilience into the core of enterprise decision-making.
This article previews that transformation—and offers a forward look at what’s coming in the IRM Navigator™ ORM Report – Q2 2025, which evaluates key trends, capabilities, and vendors shaping the future of operational risk management (ORM).
Live from RSA: Autonomous IRM Moves from Vision to Reality
The RSA Conference is renowned for highlighting significant shifts in cybersecurity and risk management. This year, alongside familiar conversations about persistent cybersecurity threats and regulatory pressures, a deeper transformation is occurring: the rise of Autonomous Integrated Risk Management (Autonomous IRM). Vendors at RSA 2025 are showcasing solutions that go beyond merely automating routine tasks, moving toward independently identifying, assessing, and mitigating risks across enterprise ecosystems without constant human intervention.
When Robots Walk, Risk Converges - Humanoids and the Future of Integrated Risk Management
For IRM professionals, the emergence of humanoids provides a rare moment of clarity: no single risk domain can manage this disruption in isolation. Humanoid robotics is where GRC, ERM, ORM, and TRM collide—and where their integration becomes essential.