Unintended technical interactions across system interfaces can lead to costly failures and rework, particularly in the early design stages of complex products. This study examines how structured risk assessment tools influence teams’ ability to identify, evaluate and mitigate risks from such indirect interactions. In a controlled experiment, 14 engineering teams (comprising professionals and graduate students) engaged in simulated design decisions across three system configurations. Tool usage – including models of direct and indirect risk propagation and value-based trade-offs – was continuously logged and linked to outcomes. Teams that engaged earlier and more deliberately with the tools identified risks sooner and selected mitigation actions with more favourable cost–benefit profiles. Results show that strategic, not merely frequent, tool use improves risk management performance, particularly when addressing cascading effects from indirect physical interactions. These findings support the use of structured supports to enhance both the efficiency of early-stage risk evaluation and the efficacy of risk treatment.

This paper examines in what way providers of specialized Large Language Models (LLM) pre-trained and/or fine-tuned on medical data, conduct risk management, define, estimate, mitigate and monitor safety risks under the EU Medical Device Regulation (MDR). Using the example of an Artificial Intelligence (AI)-based medical device for lung cancer detection, we review the current risk management process in the MDR entailing a “forward-walking” approach for providers articulating the medical device’s clear intended use, and moving on sequentially along the definition, mitigation, and monitoring of risks. We note that the forward-walking approach clashes with the MDR requirement for articulating an intended use, as well as circumvents providers reasoning around the risks of specialised LLMs. The forward-walking approach inadvertently introduces different intended users, new hazards for risk control and use cases, producing unclear and incomplete risk management for the safety of LLMs. Our contribution is that the MDR risk management framework requires a backward-walking logic. This concept, similar to the notion of “backward-reasoning” in computer science, entails sub-goals for providers to examine a system’s intended user(s), risks of new hazards and different use cases and then reason around the task-specific options, inherent risks at scale and trade-offs for risk management.

The systemic nature of climate risk is well established, but the extent may be more severe than previously understood, particularly with regard to cyber risk and economic security. Cyber security relies on the availability of insurance capital to mitigate economic security sector risks and support the reversibility of attacks. However, the cyber insurance industry is still in its infancy. Pressure on insurance capital from increasing natural disaster activity could consume the resources necessary for economic security in the cyber domain in the near term and create long-term conditions that increase the scarcity of capital to support cyber security risks. This article makes an original contribution by exploring the under-researched connection between the nexus of cyber and economic security and the climate change threat. Although the immediate pressure on economic resources for cyber security is limited, recent natural disaster activity has clearly shown that access to capital for cyber risks could come under significant pressure in the future.

This paper investigates a well-known downside protection strategy called the constant proportion portfolio insurance (CPPI) in defined contribution (DC) pension fund modeling. Under discrete time trading CPPI, an investor faces the risk of portfolio value hitting the floor which denotes the process of guaranteed portfolio values. In this paper, we question how to deal with so-called ‘gap risk’ which may appear due to uncontrollable events resulting in a sudden drop in the market. In the market model considered, the risky asset price and the labor income are assumed to be continuous-time stochastic processes, whereas trading is restricted to discrete-time. In this setting, an exotic option (namely, the ‘cushion option’) is proposed with the aim of reducing the risk that the portfolio value falls below the defined floor. We analyze the effectiveness of the proposed exotic option for a DC plan CPPI strategy through Monte Carlo simulations and sensitivity analyses with respect to the parameters reflecting different setups.

In today’s insurance market, numerous cyber insurance products provide bundled coverage for losses resulting from different cyber events, including data breaches and ransomware attacks. Every category of incident has its own specific coverage limit and deductible. Although this gives prospective cyber insurance buyers more flexibility in customizing the coverage and better manages the risk exposures of sellers, it complicates the decision-making process in determining the optimal amount of risks to retain and transfer for both parties. This article aims to build an economic foundation for these incident-specific cyber insurance products with a focus on how incident-specific indemnities should be designed for achieving Pareto optimality for both the insurance seller and the buyer. Real data on cyber incidents are used to illustrate the feasibility of this approach. Several implementation improvement methods for practicality are also discussed.

Novel methods of data collection and analysis can enhance traditional risk management practices that rely on expert engineering judgment and established safety records, specifically when key conditions are met: Analysis is linked to the decisions it is intended to support, standards and competencies remain up to date, and assurance and verification activities are performed. This article elaborates on these conditions. The reason engineers are required to perform calculations is to support decision-making. Since humans are famously weak natural statisticians, rather than ask stakeholders to implicitly assimilate data, and arrive at a decision, we can instead rely on subject matter experts to explicitly define risk management decision problems. The results of engineering calculation can then also communicate which interventions (if any) are considered to be risk-optimal. It is also proposed that the next generation of engineering standards should learn from the success of open source software development in community building. Interacting with open datasets and code can promote engagement, identification (and resolution) of errors, training and ultimately competence. Finally, the profession’s tradition of independent verification should also be applied to the complex models that will increasingly contribute to the safety of the built environment. Model assurance will be required to keep pace with model development to identify suitable use cases as adequately safe. These are considered to be increasingly important components in ensuring that methods of data-centric engineering can be safely and appropriately adopted in industry.

Written accounts suggest there were major changes in agricultural practices in Anatolia as the region switched between Roman, Byzantine, Arab and Turkic control, yet archaeological evidence of these changes is offered only on a site-by-site basis. This article presents the first synthesis of archaeobotanical, palynological and zooarchaeological evidence for changes in plant and animal husbandry in Anatolia through the first and second millennia AD. Available data indicate a minimal role of climate change in agricultural shifts but offer evidence for substantial changes towards short-term-return agricultural strategies in response to declining personal security, changing patterns of military provisioning and distinct taxation regimes.

This article discusses the EU supply chain legislation, by virtue of the recently adopted Corporate Sustainability Due Diligence Directive (CSDDD) which aims to reduce negative sustainability impacts in global supply chains with regard to a list of human rights and environmental standards specified in its Annex I of the CSDDD.

We argue that the CSDDD marks a fundamental change on the EU level, from disclosure duties to mandating prevention of, and compensation for, adverse sustainability impacts in supply chains.

We further find that the CSDDD is a legal transplant combining the principles laid down in the OECD Guidelines for Multinational Enterprises on Responsible Business and those of the UN Guiding Principles on Business and Human Rights, along with elements of French supply chain legislation from 2017 (which relies on a private enforcement model) and the German supply chain law from 2021 (which is based on a public enforcement model). Like all legal transplants, the resulting legal text generally prompts questions about consistency and specifically raises doubts as to whether combining all of the components of a private and a public enforcement model is proportionate for the purpose of the CSDDD which is to ensure that companies take effective steps to counter violations of human rights and environmental standards in global supply chains. The scope provisions (including smaller in-scope EU firms while leaving non-EU peers of a similar size aside) paired with significant high compliance burden provide grounds to argue that the CSDDD impacts on the competitiveness of these smaller in-scope EU companies, and thus the EU economy at large.

Multiple instances of safeguarding failures and criticisms of poor process and weak governance have afflicted the Church of England for many years, despite repeated assurances that ‘Lessons would be learned’. An Independent Safeguarding Board has been formed and then abolished without being replaced. A report by Professor Alexis Jay, former Chair of Independent Inquiry into Child Sexual Abuse, recommending the creation of two independent charities to oversee Church safeguarding has been passed to a Response Group and is being resisted by various groups within the Church. This article examines issues of the management of safeguarding within the overall governance of the organisation, compares issues within the Church with those which have been exposed by the Post Office Horizon scandal and considers the potential role of the audit function to concern itself with safeguarding matters as part of its oversight of risk management and corporate governance.