A Surge in VPN Use Could Be Risky for Businesses: Here’s How to Respond
The Online Safety Act (OSA) is one of the longest and most complex laws on the UK’s statute books. It’s also one of the most controversial, contain...
Author: Phil Muncaster
British Companies Are Losing the Fight Against Ransomware: What Gives?
Just before the Easter bank holiday weekend, Marks & Spencer was plunged into one of the worst ransomware breaches the country has seen in rece...
DORA: Six Months on and Plenty of Work Still to Do
Security and compliance teams had a busy start to 2025. Sandwiched between the deadline for member states to implement NIS 2 into local law and the...
Supply Chains Are Complex, Opaque and Insecure: Regulators Are Demanding Better
What do Marks & Spencer and Jaguar Land Rover (JLR) have in common? They both suffered significant ransomware breaches this year after threat a...
The Most Damaging Data Breaches Are Preventable: Here’s How
We all know that many organisations could do better at data protection. The UK government’s Cyber Security Breaches Survey 2025 highlights a ...
Where AI Threats Are Heading, and What to Do About Them
When the National Cyber Security Centre (NCSC) published its first predictions around AI in 2024, it was a sobering moment for the cybersecurity co...
GDPR Update: What the Data (Use and Access) Act Means for Compliance Teams
An update to the UK’s version of the GDPR is long overdue. The previous Conservative government originally proposed it via the Data Protectio...
Verizon’s DBIR 2025 Versus Your Board: What They’re Missing
CISOs are increasingly invited to board meetings. A Splunk survey from January found that 83% participate somewhat often or most of the time, while...
Retail Under Fire: Would You Spot a Breach If It Happened Right Now?
Retailers and their suppliers are having a tough time in the UK right now. A string of major security breaches tied to ransomware actors has left s...
The Government Is Consulting on an Enterprise IoT Security Law. What Happens Next?
The Internet of Things (IoT) is often thought of as a technologically advanced ecosystem of “next-gen” devices and back-end systems. In...
The Cyber Security and Resilience Bill: What You Need to Know
The road to cyber resilience for UK critical infrastructure (CNI) has been a long and winding one. The government’s NIS Regulations 2018 is w...
A Cautionary Tale: What the Advanced Health and Care Case Tells Us About Cyber Resilience
At the end of March, Advanced Computer Software Group was fined just over £3m by the UK’s data protection regulator. Multiple security failures at ...
What’s Going Wrong with NIS 2 Compliance, and How to Put It Right
A “one and done” mindset is not the right fit for regulatory compliance—quite the reverse. Most global regulations require continuous i...
Cybersecurity Advances Have Stalled Among UK Companies: Here’s How to Fix It
Every day, we read about the damage and destruction caused by cyber-attacks. Just this month, research revealed that half of UK firms were forced t...
The Line Between Nation States and Cybercrime Is Blurring: That’s Bad News for CISOs
Everyone’s feeling more worried about geopolitical risk these days. That’s due largely to the chaos engulfing Washington, although glob...
Some Vulnerabilities Are Forgivable, But Poor Patch Management Is Not
At the start of the year, the UK’s National Cyber Security Centre (NCSC) called on the software industry to get its act together. Too many &#...
What DeepSeek Tells Us About Cyber Risk and Large Language Models
Not many companies can single-handedly wipe out $1 trillion in market capitalisation from the US stock market. Yet that’s exactly what Chines...
A Roadmap for PS21/3: Why Time is Running Out for Financial Services
Plenty has been written about the need for financial services firms to enhance operational resilience. But most of those column inches have until n...
How a New Code of Practice Could Help Mitigate AI Risk
The British government is betting big on AI. Given the state of public finances and a prolonged national productivity slump, in many ways, it has t...
Hunting RATs: How to Mitigate Remote Access Software Risks
Remote access software has been a popular tool for IT administrators, managed service providers (MSPs), SaaS firms and others for many years. It of...
Navigating Cyber Complexity in a Risky World: Lessons Learned from WEF
Cyberthreats may have dropped slightly on the list of global risks to watch over the next 2-10 years. But according to the World Economic Forum (WE...
Will the UK’s AI Growth Plans Also “Mainline” Cyber Threats?
The UK has, for over a decade, been an economic underachiever. Since the financial crisis of 2008-9, productivity has barely risen, increasing the ...
The UK’s CNI Providers Are Struggling: 2025 Will Be a Critical Year for Cyber
The UK’s critical national infrastructure (CNI) is named so for a reason. However, the large volumes of sensitive data that providers store, their ...
