How can the risk management function be strengthened to counterbalance overly aggressive executive decisions?

One way to do this is to design a framework for making decisions, scoring outcomes and assign a risk level.  Then based on the risk profile they can vote on if they are still wanting to pursue a certain decision.  I believe a standard process that includes a framework should help.   It is similar to change management in IT, evaluate the impact and stakeholders and risk associated with the change (and/or decision)

Have a tabletop exercise. Show the executives how the enterprise would be impacted in case of a cyber attack. Have a coach come in and take the leadership team through a cyber event, pencil out what they do not have access to, and what timelines, for instance, you in IT would be dealing with restoring their access, systems, and data - even cloud-based data.

In another enterprise, the CCO said to the coach, "We will just take sales orders by phone and put them into a spreadsheet..." - They were doing thousands of orders every month, and had a monthly revenue north of $1B. The coach, the CIO, and several others on the leadership team reminded him of that... Not an option...