CHECKBOX assessments are criticised for being unable to measure risk effectively in today’s rapidly evolving threat landscape, with industry voices calling for continuous, evidence-based models rather than annual questionnaires. According to Sravish Sridhar, TrustCloud CEO and founder, the current “light security questionnaire” is “not a predictor of risk whatsoever,” and CISOs are moving away from questionnaire-driven approaches toward continuous assurance.
TrustCloud, launched to address these gaps, has built a platform described as a continuous monitoring engine that maps interdependencies, validates operation, and translates complex data for board communication, aided by AI to automate evidence collection and gap identification. The firm cites three main platform challenges encountered over more than four years: integration with diverse enterprise rules, scale given vast asset inventories, and enabling CISOs to tell clear risk stories to leadership.
Industry experts, including Lamont Atkins of McKinsey, emphasise shifting toward ongoing visibility into attack surfaces and incident signals rather than static checklists, with vendors such as UpGuard, BitSight, and OneTrust noted for their work in this space. The piece, dated 13 May 2026, argues that trust between security teams and stakeholders remains essential as risk and breach signals continue to evolve.