Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal

〰️

Click here to access subscription content at The RTJ Bridge - The Premium Version of The RiskTech Journal 〰️

The RiskTech Journal

The RiskTech Journal is your premier source for insights on cutting-edge risk management technologies. We deliver expert analysis, industry trends, and practical solutions to help professionals stay ahead in an ever-changing risk landscape. Join us to explore the innovations shaping the future of risk management.

John A. Wheeler 6/11/25 John A. Wheeler 6/11/25

Where Autonomous IRM Begins—And Where It Must Go Next

The Quiet Rise of Autonomous IRM—From the Middle Out

Autonomous IRM is no longer theoretical. AI-powered platforms are starting to deliver tangible value: agentic systems that simulate attacker behavior, validate control effectiveness, and recommend mitigation actions—often autonomously.

The June 5 announcement from Tuskira, integrating directly with ServiceNow’s Vulnerability Response and SecOps modules, is a prime example. By embedding simulation-backed scoring and posture-aware mitigation into operational workflows, Tuskira is delivering intelligence in real time.

But there’s something missing: the announcement doesn’t mention Integrated Risk Management (IRM) at all.

That silence is a signal. Tuskira operates in what Wheelhouse Advisors defines as Layer 3: Intelligence & Validation—the middle of the risk architecture. And while this layer is where automation is gaining traction, it’s also where many organizations are managing in isolation, without input from either end of the enterprise risk stack.

Samantha "Sam" Jones 5/26/25 Samantha "Sam" Jones 5/26/25

Beyond the Firewall - Why Integrated Risk Management Is the Missing Layer in Cyber Defense

The recent revelation that Marks & Spencer—one of Britain’s most iconic retailers—suffered a cyberattack that could cost it up to £300 million in annual operating profit is a reminder that no amount of cybersecurity spending can fully inoculate a company from human error. The attack, reportedly traced to a third-party vendor and facilitated by social engineering, underscores a hard truth: cybersecurity is necessary, but not sufficient.

Despite boosting its cyber investment by 75% and quadrupling its team over the past two years, M&S was not spared. Nor were other well-known retailers like Harrods and the Co-op grocery group. These incidents reflect a deeper problem in the digital defense playbook—one that requires a broader, integrated approach to risk.

Samantha "Sam" Jones 4/10/25 Samantha "Sam" Jones 4/10/25

From Code to Conduct: UK Cyber Mandate and Tech Disruption Signal a Governance Reckoning

Two significant announcements this week—one from the UK government and the other from Deloitte—highlight a rapidly converging future in which cybersecurity, advanced technology, and corporate governance are no longer siloed concerns but integrated imperatives for the boardroom. While distinct in origin and focus, both developments send a clear signal: the pressure on executive leaders to govern technology risks with discipline, foresight, and accountability is mounting.

John A. Wheeler 4/7/25 John A. Wheeler 4/7/25

When Encryption Isn't Enough—A Sidewalk Interview and a Global Wake-Up Call

I was in Washington, D.C., when the story broke. Reports surfaced that U.S. officials had used Signal—a consumer-grade encrypted messaging app—to coordinate sensitive military operations in Yemen. I was finishing a dinner meeting after a full day of engagements when my phone rang. It was the BBC reaching out for immediate commentary on a fast-developing national security story.

Ori Wellington 3/26/25 Ori Wellington 3/26/25

What Happens When Risk Protocols Fail - Lessons from the Signal App Incident

When BBC News investigated a recent national security communications breach, they reached out to Wheelhouse Advisors for expert analysis. The incident highlighted a growing risk not just for governments—but for every organization managing sensitive information in a digital world.

Samantha "Sam" Jones 3/24/25 Samantha "Sam" Jones 3/24/25

HIPAA 2.0 — How Risk Management Evolves Under HIPAA’s Cybersecurity Overhaul

In the face of escalating cyber threats, the U.S. healthcare sector is on the brink of its most dramatic regulatory transformation in more than a decade. The Department of Health and Human Services’ recent Notice of Proposed Rulemaking (NPRM) for the HIPAA Security Rule doesn’t just update a long-standing framework—it signals a revolutionary shift in how organizations must guard patient data. The stakes are higher than ever, with compliance costs set to soar and the consequences of non-compliance more severe than ever imagined.

John A. Wheeler 2/28/25 John A. Wheeler 2/28/25

Security Complexity Is Strangling Your Bottom Line—IRM Platforms Can Save It

By now, it’s obvious: complexity has become the Achilles’ heel of cybersecurity and enterprise risk management (ERM). In a recent study from the IBM Institute for Business Value—Capturing the Cybersecurity Dividend: How Security Platforms Generate Business Value—researchers found that companies juggle an average of 83 different security solutions, sourced from 29 distinct vendors. Beyond the technology overload lies a crucial lesson for risk leaders: more point solutions do not necessarily translate into better protection.