Mind The Gap: The Salesforce Incident And The Evolving Nature Of Cloud Risk
After ShinyHunters hacking collective took advantage of “overly permissive” Salesforce guest user configurations to access data from up to 400 orga...
Category: Data Privacy
Meeting the Data Use and Access Act with Confidence: Why the ISO 27001, 27701 and 42001 Loop Delivers
When the UK introduced the Data Use and Access Act (DUAA), much of the early commentary focused on the divergence it introduced. Was this a softeni...
Cyber Threats in a Time of Heightened Middle East Tensions: What UK CISOs Can Expect
As worst-case scenarios go, they don’t get much worse than a company-wide wipe of all connected devices. Yet that’s the reality that US medtech fir...
US Cyber Agreements Withdrawal Signals Corporate Risk
Recent actions by the US administration make multilateral cybersecurity coordination between that government and others less certain in the future....
UK Financial Services Firms Are Still Failing the Basics, the BoE Warns
The UK’s financial services sector punches well above its weight. London is a close second to New York as the world’s preeminent financial hub and ...
EU Digital Omnibus Bill: Joined-up Compliance on the Agenda
The EU has introduced a new Digital Omnibus Bill designed to streamline data protection, cybersecurity and AI regulation. How can organisations ens...
DXS International Breach: Lessons Learned for Healthcare
As high-stakes incidents in the healthcare sector surge, organisations must learn to manage information security, data protection and AI risk as a ...
What the LastPass Breach Tells Us About Compliance in 2026
The GDPR was always meant to be vague. By not listing prescriptive technical controls – as, for example, PCI DSS does – the regulation does a bette...
Why Regulators And Investors Expect Companies To Address a Triple Risk
Organizations fret about security and privacy risk. And more recently, they’ve paid attention to AI risk. But how often do they think of all ...
700Credit Breach: API Risks Put Financial Supply Chain Governance Under the Spotlight
What does the 700Credit breach show about the financial data system and supply chain risks, and what lessons can be learned? By Kate O’Flaherty In ...
Privacy Matters: What Compliance Teams Can Expect in 2026
January 28 is Global Privacy Day – an occasion to celebrate the right to data privacy and protection that many of us take for granted today. It was...
Five Security and Compliance Trends to Look Out for in 2026
What might the coming 12 months look like for cybersecurity and compliance professionals? We’ve scoured the news, absorbed the predictions of indus...
Introducing a New Enhanced Navigation: A Faster, Cleaner Way to Work in IO
IO is evolving again, this time with a major upgrade you’ll feel the moment you log in. We’re introducing a brand-new, enhanced navigat...
Everything You Need to Know About the ISO 27701:2025 Standard Update
The International Organization for Standardization (ISO) released the updated ISO/IEC 27701 standard for privacy information management in October ...
What the Salesforce Breaches Teach Us About Shared Accountability
2025 hasn’t been a good year for Salesforce clients. A shady criminal group mounted a series of attacks on its customers, ultimately affectin...
More Than Checkboxes – Why Standards Are Now a Business Imperative
Every October, World Standards Day passes with little fanfare. Perhaps it’s because for many, it evokes images of bureaucratic paperwork, dry...
Safe Harbor Review Means Business as Usual – For Now
September was a watershed month for companies in Europe wanting to share data with the US. The General Court of the European Union rejected a chall...
Will the Grok Breach Create GenAI Security Concerns?
A recent incident has raised concerns about how data is handled by GenAI tools. Is it time to ensure that your data doesn’t end up in their L...
As Optus Is Sued, What Went Wrong and What Lessons Can We Learn?
The wheels of justice move slowly sometimes. So it is in Australia, where the privacy regulator has finally filed civil penalty proceedings against...
Everything You Need to Know About the Data Use and Access Bill
The UK’s new Data Use and Access Bill (DUAA) received Royal Assent on 19 June 2025, marking a refresh to the country’s data protection ...
EU AI Act: The New Content Training Summary Template for GPAI Providers
What is the Content Training Summary Template? The European Commission recently released an explanatory notice and template to help providers of g...
If They Can Hit A Nuclear Agency, They Can Breach You: What the SharePoint Exploit Means For Your Business
The SharePoint exploit was used on high-profile victims including the US National Nuclear Security Administration, the Department of Homeland Secur...
Qantas Data Breach: Why Vendor Oversight Must Be a Compliance Priority
A recent Qantas data breach compromising the personal information of 5.7 million customers has highlighted the ongoing cybersecurity risk that thir...
