disclosure

Breach Impact Without a Single Archetype: Vendor, Insider, and Nation-State Pressure

John Z Black Mar 20, 2026

Incidents & Breaches #breach-response #insider-threat #nation-state #incident-governance #disclosure #board-risk

Navia, Aura, an insider ransomware conviction, and Lazarus attribution show why breach readiness should be built around resilient process, not assumptions about attacker type.

Breach Disclosure Lag Is Becoming the Real Story in Financial Supply Chains

John Z Black Mar 18, 2026

Incidents & Breaches #breach #financial-services #third-party-risk #disclosure #ransomware #governance #incident-response

The Marquis breach started with a ransomware attack. The damage is still accumulating months later -- not because of what happened technically, but because of how disclosure was handled.

Four Major Companies Still Won't Talk About the Oracle EBS Breach

John Z Black Mar 17, 2026

Policy, Law & Governance #oracle #cl0p #breach #disclosure #governance #sec #enterprise-risk

Broadcom, Bechtel, Estee Lauder, and Abbott Technologies got named in the Cl0p Oracle EBS breach. None have said a word. The silence is becoming its own problem.