ISMS.online Blog
Keeping you up-to-date on the world of information security and compliance.
Cybersecurity and compliance have always been good at one thing: taking uncertainty and forcing it into structure. We take something abstract, threat, and make it governable. We assign likelihood a...
The Cyber Security and Resilience Bill (CSRB) continues to make its way through parliament. But the end of a lengthy legislative process is slowly ...
The EU AI Act deadline for mandatory compliance for high-risk AI of August 2nd, 2026, has been postponed. Measures in the newly passed EU Digital O...
Catch up with the stories that have caught our eye this month
What does the 700Credit breach show about the financial data system and supply chain risks, and what lessons can be learned? By Kate O’Flaherty In ...
Organizations fret about security and privacy risk. And more recently, they’ve paid attention to AI risk. But how often do they think of all ...
The GDPR was always meant to be vague. By not listing prescriptive technical controls – as, for example, PCI DSS does – the regulation does a bette...
The cybersecurity industry may have just had its “ChatGPT moment”. Unveiled in early April, Anthropic’s new Claude Mythos Preview model has apparen...
Organisations have spent years focusing on securing themselves. But as the Cyber Resilience Act (CRA) looms, the spotlight is shifting to the produ...
After ShinyHunters hacking collective took advantage of “overly permissive” Salesforce guest user configurations to access data from up to 400 orga...
Artificial systems that can think and make decisions with little human input show both incredible promise – and concern – for cybersecu...
Many of the final provisions of the EU AI Act are set to come into effect in 2026. On August 2nd, the majority of the EU AI Act will apply to opera...
Get a monthly round-up of all the information, privacy and cyber security news direct to your inbox.
Ransomware group Everest’s claims it breached Atlas Air and its supplier Tsunami Tsolutions show how modern ransomware attacks are exploiting suppl...
Customers, boards and regulators are all in agreement. If cybersecurity breaches are impossible to prevent 100% of the time, the focus must be on i...
The Trump administration’s release of a National AI Policy Framework in March strives to replace a tangle of state-level rules with a single ...
Cybersecurity and compliance have always been good at one thing: taking uncertainty and forcing it into structure. We take something abstract, thre...
The Cyber Security and Resilience Bill (CSRB) continues to make its way through parliament. But the end of a lengthy legislative process is slowly ...
The EU AI Act deadline for mandatory compliance for high-risk AI of August 2nd, 2026, has been postponed. Measures in the newly passed EU Digital O...
Threat actors are nothing if not resourceful. When they find that a particular pathway is blocked, they don’t give up. Instead, they simply search ...
When the UK introduced the Data Use and Access Act (DUAA), much of the early commentary focused on the divergence it introduced. Was this a softeni...
As worst-case scenarios go, they don’t get much worse than a company-wide wipe of all connected devices. Yet that’s the reality that US medtech fir...
Operational shutdown is the last thing any business wants, but it is a very real risk during a ransomware attack. This is a lesson US payment gatew...
The EU AI Act’s high-risk rules are legally slated for August 2026, but proposed amendments could push them to late 2027. For the unprepared, this ...
The new European Union Aviation Safety Agency’s Part-IS rules have come into place, expanding cybersecurity obligations across the civil avia...
Company number: 04922343
Nile House, Nile Street, Brighton, England, BN1 1HW
