Proactive Resilience and Holistic Risk Management

💡 The Advantages of Proactive Risk Management Strategies

Building resilience doesn’t have to feel like disaster planning; in fact, a proactive approach empowers your team, strengthens relationships with customers and suppliers, and actually makes daily operations smoother and more predictable. When you prioritize preparedness, unexpected events become opportunities to demonstrate reliability and agility.

In this article, we look at how to shift toward a proactive stance, starting with a simple but essential habit: seeing risk early and clearly.

📖 Read the Article from NTM Advisory: Proactive, Not Reactive: Elevating Resilience with Preparedness

Compliance Updates

⏹️ New Federal Cybersecurity Guidance for Software Providers

By August 1, 2025, the Department of Commerce and the National Institute of Standards and Technology (NIST) will launch an industry consortium at the National Cybersecurity Center of Excellence to develop new guidance for secure software development and operations. This effort — part of a recent Executive Order — means federal contractors, technology vendors, and SMBs providing software or digital services to the government will soon need to align their practices with NIST’s Secure Software Development Framework (SSDF).

⏹️ Major State Privacy Laws Take Effect in Summer and Fall 2025

2025 marks a turning point for data privacy compliance as five new state privacy laws went into effect earlier this year, and three more — including Minnesota (July 15), Tennessee (July 1), and Maryland (October 1) — are rolling out through fall. Organizations collecting personal data on state residents must now provide broader disclosure, support new consumer rights, and adapt opt-out processes to match more complex rules. Businesses operating nationally or in these states should map their compliance measures to each law to avoid enforcement issues as state regulators ramp up audits and penalties.

🧭 What is Holistic Risk Management?

Continuing this week’s theme of proactive approaches to risk, I want to give a quick mention to holistic resilience and planning. Embracing holistic risk management means seeing risk as a source of business value rather than just a checklist. Instead of treating risk management as an isolated, compliance-driven task, we look to weave it directly into strategy, investment, and resource allocation. This approach helps companies make smarter decisions and outperform those who rely on piecemeal or purely reactive methods.

What does this entail? Generally speaking:

• Organization-wide Scope: Takes risk mitigation out of silos and makes it part of the big picture.

• Interdependency Awareness: Understands how one risk can impact multiple areas or processes.

• Integrated Governance & Culture: Embeds risk thinking into decision-making at every level.

• Continuous Risk Identification & Assessment: Uses data-driven tools and regular risk assessments to keep the risk picture current.

• Unified Risk Measurement & Reporting: Provides a clear view of the organization’s overall risk profile.

• Cross-functional Collaboration: Involves diverse stakeholders from different business units in risk discussions, planning, and exercises.

• People and Culture Focus: Prioritizes training, awareness, and empowerment at all organizational levels.

Of course, we’ll get into these topics more in upcoming feature articles. In the meantime, you can check out Riskonnect’s live webcast on the topic in September! ⬇️

👇 Free Compliance Week and Riskonnect Webcast 👇

How to Build Holistic Risk and Resilience Management: Join John Verdi and Courtney Ferguson as they dive into how you can bring your GRC and business continuity efforts under one roof to create a more connected, resilient organization. They’ll unpack what integration looks like in practice, from aligning risk data and reporting to streamlining response plans when things go sideways.

Whether you’re just starting to bridge these functions or looking to level up a more mature program, you’ll get a fresh look at how to shift from compliance-focused to resilience-ready.

September 11, 2025 @ 11 a.m. ET

🤔 Questions or Concerns?

We’re happy to listen! Just reply to this email and we’ll be in touch!