ISMS.online Blog
Keeping you up-to-date on the world of information security and compliance.
Organisations have long understood the challenge of translating cyber into business risk. The CISO-boardroom communication breakdown is real and well documented. But are there deeper problems? For ...
Nation states are ramping up destructive attacks utilising ransomware and wipers. What can be done to manage the risk? In 2017, Russia-linked adver...
Insider risk was until recently largely considered to be limited to isolated incidents. Dangerous, yes. But usually, the result of negligent employ...
Catch up with the stories that have caught our eye this month
What does the 700Credit breach show about the financial data system and supply chain risks, and what lessons can be learned? By Kate O’Flaherty In ...
Organizations fret about security and privacy risk. And more recently, they’ve paid attention to AI risk. But how often do they think of all ...
The GDPR was always meant to be vague. By not listing prescriptive technical controls – as, for example, PCI DSS does – the regulation does a bette...
The EU AI Act is already in force, penalties are already active, and most enterprises cannot classify their own AI systems. The governance gap is n...
Cyber resilience has emerged as one of the key areas of focus for the cyber-industry of the past few years. Even the government has cited it in a c...
ISMS.online (IO) has been named a Leader in the G2 Grid® Reports for Summer 2026. We achieved eleven badges in the Summer Report! G2, a leading pee...
Old social engineering attackers never die; they just evolve and get better. Here’s a story of an attack group audacious enough to keep compr...
What can be done to regain control as the financial industry’s shadow AI issue gets worse? As tools such as OpenAI’s ChatGPT become ubiquitous, sha...
Get a monthly round-up of all the information, privacy and cyber security news direct to your inbox.
The state opening of parliament is an occasion filled with the kind of pomp and ceremony Britain still does better than any other country. What it’...
How can healthcare organisations resolve gaps in trust and data governance to realise the full benefits of AI? By Kate O’Flaherty The healthcare s...
Cybersecurity and compliance have always been good at one thing: taking uncertainty and forcing it into structure. We take something abstract, thre...
Organisations have long understood the challenge of translating cyber into business risk. The CISO-boardroom communication breakdown is real and we...
Nation states are ramping up destructive attacks utilising ransomware and wipers. What can be done to manage the risk? In 2017, Russia-linked adver...
Insider risk was until recently largely considered to be limited to isolated incidents. Dangerous, yes. But usually, the result of negligent employ...
The Cyber Security and Resilience Bill (CSRB) continues to make its way through parliament. But the end of a lengthy legislative process is slowly ...
The EU AI Act deadline for mandatory compliance for high-risk AI of August 2nd, 2026, has been postponed. Measures in the newly passed EU Digital O...
The cybersecurity industry may have just had its “ChatGPT moment”. Unveiled in early April, Anthropic’s new Claude Mythos Preview model has apparen...
Organisations have spent years focusing on securing themselves. But as the Cyber Resilience Act (CRA) looms, the spotlight is shifting to the produ...
After ShinyHunters hacking collective took advantage of “overly permissive” Salesforce guest user configurations to access data from up to 400 orga...
Artificial systems that can think and make decisions with little human input show both incredible promise – and concern – for cybersecu...
Company number: 04922343
Nile House, Nile Street, Brighton, England, BN1 1HW
