If an organization is not able to thrive, let alone survive, no other stated objective or lofty goal matters. You cannot offer the best coffee or media entertainment experience if your company fails. Starting point for thriving is implementing a sound business strategy. We would call this 'offense'. Appropriate management of the business risks is also essential to thriving, and, for that matter, to surviving, and should be an integrated part of the strategic considerations and operational activities. The topic of risk management we call 'defense'.2Unless of course risk management activities form the core business of an organization, as applies to for example forensic experts and certain other advisory firms. Risk Management helps organizations to prepare for and respond to risk that the organization faces, or may face. This requires risk management to cover a very broad range of subjects. Most of these subjects need a thorough understanding, not only on the topic itself, but also on external influence and effects, the interplay within the organization, juxtaposition with other risks and opportunities, and so on. With the increasing attention for risk management, especially larger, established organizations address many of the recognized strategic, operational, compliance and reporting risk subjects. One subject, however, is both elusive and quickly growing in complexity: technology. We believe the speed and impact of technological developments are significantly underestimated and so is the related risk. Although the idea amongst many seems to be that technological changes and their impact are unforeseeable, unpredictable and almost impossible to anticipate, we believe that a lot can be done to be prepared. We also believe that too little preparation would be very unwise. In this article we shall delve into this and what it means. In view of the theme of this edition of CE&S, we focus on the defensive element of thriving and surviving of organizations: risk management in relation to technological change.3We will nevertheless be making several strategy related remarks throughout the article to provide essential context. In short, we argue that the focus, horizon and setup of risk management needs an overhaul in order to deal with the many 'sudden' technology driven paradigm shifts that will happen in the decades to come. The article first and foremost applies to large commercial listed companies and organizations.4Throughout the article we will be using the words 'organization' and 'company' mostly interchangeable. It should go without saying that a large part of the content is also applicable to non-listed or smaller organizations, governments, and even individuals.