Becker Business Podcast: CEO in the Spotlight – David Rajakovich of Acuity Risk Management
Date: February 16, 2026
Host: Scott Becker
Guest: David Rajakovich, CEO of Acuity Risk Management
Episode Overview
This episode spotlights David Rajakovich, CEO of Acuity Risk Management, in a deep-dive discussion on the latest trends in cybersecurity, particularly at the intersection of enterprise risk, governance, and artificial intelligence (AI). The conversation explores how company boards and executives are adapting to an evolving risk landscape characterized by continuous threats, regulatory scrutiny, and the rapidly rising importance of real-time risk intelligence.
Key Discussion Points & Insights
1. Role and Evolution of Cyber Governance, Risk, and Compliance (GRC)
- What Acuity Does
- [01:00] Rajakovich describes Acuity as a "cyber GRC software company," helping organizations manage and understand their cyber risks.
2. Current Shifts in Board and CEO Perspectives on Cyber Risk
- Increased Attention and Accountability
- [01:52] Data breaches have direct, long-lasting effects on company share prices—reputational and financial impacts that boards are acutely aware of.
- Boards want “much more evidence based” assessments—raw data, not just policies.
- The CISO role is more influential, with 80% reporting direct interaction with the CEO.
- Strategic Risk-Taking
- "Risk has become a strategic enabler. It's not just a cost center." – Rajakovich [02:47]
- 84% of business leaders have increased focus on cybersecurity, yet 58% of boards encourage more technology risk as AI advances.
3. Balancing Innovation (AI) with Exposure
- [04:52] "If you're not using AI, you're going to be left behind... The question is do you have some sort of AI governance framework in place?" – Rajakovich
- Risks of “shadow AI” and unregulated tool use; need for hard guardrails on public generative AI platforms (like ChatGPT, Claude, Gemini).
4. Benchmarking Security Posture – Keeping Up with Peers
- [06:01] Companies must monitor their risk posture continuously (not just periodic assessments) or risk becoming easier targets’ compared to industry peers.
- Peer comparisons are now a board-level priority: “Are we more or less of a target versus our competition?” – Rajakovich
5. Common Blind Spots in Cyber Preparedness
- Third-Party Risk Management
- [07:30] Third-party involvement in breaches has doubled (15% → 30%). High-profile cases: Marks & Spencer, Jaguar Land Rover, the Co Op (UK).
- "We not only need to manage our internal vulnerabilities and risks, but also those of our suppliers..." – Rajakovich
- Continuous Monitoring over Periodic Assessments
- One-off or semi-annual reviews are no longer adequate; attacks move too fast.
6. Continuous Risk Intelligence
- [09:38] Real-time, dynamic risk monitoring enables faster, more relevant decision-making and efficient resource allocation for CISOs.
- Prioritization Based on Real-Time Data
- “Continuous monitoring... allows you to focus resources on what matters right now.” – Rajakovich
- Legacy practices of addressing risk based on point-in-time audits are increasingly seen as creating "noise" and "addressing the wrong risk."
7. How AI is Changing Cyber Risk Management
- [11:38] Start not with a tool, but with a risk management framework (e.g., NIST AI Risk Management Framework).
- Advantages of “AI-native” governance tools for more dynamic and tailored risk assessments.
- Recommendations:
- Maintain an “AI bill of material” (know where AI is embedded in your systems).
- Establish clear accountability for AI usage within organizations.
8. Immediate Steps for Improving Cyber Risk Posture
- [14:01]
- Identify and categorize your 3-5 most critical business systems (“crown jewels”).
- Understand all software and third parties that have access to these systems.
- Focus patching and risk assessments on the vulnerabilities that threaten these critical systems—“don’t just go down a big list.”
- Focus third-party due diligence on those with most privileged access.
- Build in system resilience and segmentation to contain potential breaches.
9. Acuity Risk Management: Background & Rajakovich’s Journey
- [16:34]
- Acuity was founded over 20 years ago by "world class experts" in cyber GRC.
- Evolved from consultancy to software company with deployments in both public and private sectors.
- Rajakovich previously co-founded Skill Dynamics (education technology), steering it through two private equity exits before joining Acuity in late 2024.
- Acuity is now publicly traded on the AIM stock exchange.
Notable Quotes & Memorable Moments
-
On Evolving Board Priorities:
- “Risk has become a strategic enabler. It's not just a cost center.” – David Rajakovich [02:47]
-
On Evidence-Based Security:
- “It's no longer enough to have a policy about something, but it's actually seeing data coming in and being able to interpret that data and understanding where we are.” – Rajakovich [02:11]
-
On AI and Governance:
- “If you're not using AI, you're going to be left behind... The question is do you have some sort of AI governance framework in place that allows you to make decisions on what you allow users to use?” – Rajakovich [04:54]
-
On Continuous Risk Monitoring:
- “Continuous monitoring... allows you to focus resources on what matters right now.” – Rajakovich [10:21]
-
On Third Party Risk:
- “Third party involvement in breaches has doubled, rising from 15% to nearly 30%... There’s a growing recognition that we not only need to manage our internal vulnerabilities and risks, but also those of our suppliers...” – Rajakovich [07:34]
-
On Prioritization:
- “You'll focus on those vulnerabilities that impact your most critical business services or those most critical systems. You'll also focus your third party risk management…” – Rajakovich [15:02]
Important Timestamps
| Timestamp | Topic / Quote | |-----------|---------------| | 01:00 | Rajakovich introduction, what Acuity does | | 01:52 | CEO/board shifts, link between breaches and share price | | 04:52 | Dichotomy of tech risk and AI, need for AI governance | | 06:01 | Peer benchmarking and risk | | 07:30 | Underestimated risks: third-party risk, need for continuous monitoring | | 09:38 | Continuous risk intelligence and real-time monitoring | | 11:38 | AI’s impact, risk frameworks, AI bill of materials | | 14:01 | Key steps all businesses should take for better risk posture | | 16:34 | Acuity Risk Management and Rajakovich’s background |
Tone
The conversation is thoughtful, pragmatic, and refreshingly transparent about the challenges faced by business leaders in the cybersecurity space. Rajakovich’s approach is earnest, practical, and grounded in real-world examples, while Scott Becker maintains a journalistic yet approachable style.
Summary Takeaways
Cyber risk is a boardroom issue and strategic enabler in 2026.
Evidence-based, continuously updated intelligence—powered increasingly by AI—is replacing legacy approaches, and targeted action on the most critical systems and relationships has become the gold standard. For executives looking to future-proof their organizations, the clear mandate is: move beyond one-off audits, manage third-party risks, adopt a governance-first approach to AI, and focus resources where the business is most vulnerable.
