Maman Ibrahim

expert panel

Remote and hybrid work haven’t just changed where many of us work; they have expanded the cyberattack surface and reshaped the ways risk moves through an organization. Laptops hop from kitchen tables to coffee shops. Sensitive files live in the cloud. Slack messages replace hallway conversations. While this flexibility is a win for professionals and, often, a catalyst for enhanced productivity, remote work also gives cybercriminals more chances to slip inside a company’s digital defenses. Most costly cybersecurity incidents don’t start with elite hackers battering down firewalls. They start with everyday employees making very human mistakes. Remote workers may hesitate to “bother” the IT team with questions or concerns, or asynchronous schedules may mean a wait for expert help. Home networks may not have the robust protections of those in an office setting. Cybercriminals are very aware of the vulnerabilities that come with remote work, and they’re taking advantage: In 2025, 78% of organizations with remote staff reported experiencing at least one security incident related to remote work.  Teaching all staff how to recognize threats and follow basic digital hygiene is now foundational risk management; every employee is part of the security stack, whether they know it or not. That reality leaves many leaders asking a practical question: What should every employee actually be taught—and required—to do? And how can executives without a cybersecurity background cover the essentials without killing the flexibility that makes remote work attractive and effective?  The members of the Senior Executive Cybersecurity Think Tank specialize in enterprise cybersecurity strategies, data breach prevention and risk management. Here, two of them cut through the jargon to focus on remote and hybrid cybersecurity fundamentals that scale, habits leaders can model, and simple expectations that significantly reduce risk—no computer science degree required.

expert panel

Quantum computing is poised to quickly turn a mindset of “we’re in good shape right now” into “why didn’t we start preparing sooner?” This is especially true when “now” refers to the encryption protecting customer data, intellectual property and the secrets a company’s board assumes are safe. Today’s widely used public-key systems were built for classical computers. A cryptographically relevant quantum machine could change the math fast, potentially wiping out the protections built over years of security planning. That’s why the quantum conversation is shifting from tech experts’ speculations to plain business risk management. Data has a shelf life, and for a lot of organizations, it’s a long one. Contracts, health records, financial history, M&A documents and source code don’t become innocuous just because the quarter ended. Add in the “harvest now, decrypt later” reality—adversaries collecting encrypted traffic today and unlocking it later—and the timeline to address quantum risk shrinks. The urgency is also being reinforced by credible signals that the transition is already underway, including NIST’s finalized post-quantum encryption standards. The good news is that organizations don’t need a quantum lab to start getting ready. But they do need clarity on where cryptography lives, how quickly it can be upgraded without breaking business processes, and who owns the decision-making when trade-offs emerge. Here, members of the Senior Executive Cybersecurity Think Tank weigh in on what organizations should do now to assess cryptographic vulnerabilities and build real crypto agility. 

expert panel

AI-powered browsers are quickly becoming co-pilots that can read, reason and sometimes even act on a user’s behalf. Professionals may be especially tempted to turn to AI browsers because they make work feel faster and smoother, especially when someone is juggling research, analysis or repetitive tasks. The promise of instant summaries, automated workflows and fewer clicks can be hard to resist.  However, cybersecurity experts are increasingly raising red flags concerning these tools’ security weaknesses. While their capabilities are impressive, AI browsers open up a fresh class of risks that traditional safeguards weren’t built to handle. Indeed, a recent Gartner report recommends businesses block AI browsers for the foreseeable future.  The members of the Senior Executive Cybersecurity Think Tank bring years of experience to this timely topic. With expertise in enterprise security, regulatory compliance and threat detection, they’re watching the evolution of AI browsers with a blend of anticipation and concern. Below, two of them explain the unique risks these systems introduce and the essential precautions all stakeholders—developers, regulators and end users—must take as AI-powered browsers gain traction in both enterprise and personal settings.

expert panel

Data protection rules are tightening faster than most executive teams can update their playbooks. California has approved new regulations requiring risk assessments and cybersecurity audits for many businesses, and the SEC has rolled out new cybersecurity disclosure requirements that raise the stakes for boards and C-suites. Globally, companies face tightening scrutiny, and the penalties for missteps can be steep: GDPR violation fines exceeded €3 billion in the first half of 2025 alone. For business leaders already juggling digital transformation, AI adoption and sprawling data ecosystems, managing incoming (and ongoing) waves of cybersecurity rules and regulations can feel overwhelming. But the real danger isn’t just the number or complexity of new rules—it’s the blind spots leaders don’t realize they have. From siloed security and shadow IT to hidden vendor vulnerabilities, many organizations have all the warning signs of an incoming compliance headache. As experts in enterprise cybersecurity strategies and regulatory compliance, the members of the Senior Executive Cybersecurity Think Tank know where leaders most often overlook risk—and why regulators tend to focus on those areas after a breach. Below, three of them share what executives should prioritize now to stay compliant and resilient and avoid costly surprises down the line.

expert panel

Third-party technology tools promise efficiency, scale and all the digital bells and whistles execs need to keep productivity humming and power growth—but not all tools are created equal. Cloud platforms, SaaS productivity suites, niche workflow apps and industry-specific managed services can all introduce unseen risk when they plug into core systems. However, in many companies, third-party risk management continues to fly under the radar—even though 30% of enterprise data breaches involve a third party. From misaligned encryption standards and unclear data flows to vendors that treat compliance like a box-checking exercise, there are significant risks that can come with working with third-party vendors and SaaS tools. As experts in enterprise cybersecurity strategies, data breach prevention, risk management and regulatory compliance, the members of the Senior Executive Cybersecurity Think Tank know that to operate on trust when working with tech vendors is to court disaster. Below, three of them share the details to dig into before entering into a partnership with a third-party vendor or software provider.