Safe Harbor Review Means Business as Usual – For Now
September was a watershed month for companies in Europe wanting to share data with the US. The General Court of the European Union rejected a chall...
ISMS.online Blog
Compliance Matters
Keeping you up-to-date on the world of information security and compliance.
Jaguar Land Rover’s Travails Highlight the Need for Cyber Resilience
Manufacturers have been the most popular target for global cyber-attacks over the past four years. The sector was also number one for ransomware in...
Will the Grok Breach Create GenAI Security Concerns?
A recent incident has raised concerns about how data is handled by GenAI tools. Is it time to ensure that your data doesn’t end up in their L...
As Optus Is Sued, What Went Wrong and What Lessons Can We Learn?
The wheels of justice move slowly sometimes. So it is in Australia, where the privacy regulator has finally filed civil penalty proceedings against...
When Legacy Systems Fail: Lessons from the Federal Courts Breach
Cyber attacks happen every day, but some are especially chilling. An attack this summer on the US court system should have sent chills down every s...
Everything You Need to Know About the Data Use and Access Bill
The UK’s new Data Use and Access Bill (DUAA) received Royal Assent on 19 June 2025, marking a refresh to the country’s data protection ...
EU AI Act: The New Content Training Summary Template for GPAI Providers
What is the Content Training Summary Template? The European Commission recently released an explanatory notice and template to help providers of g...
OT Risk Could Be a $330bn Problem: How Do We Solve It?
Business leaders neglect operational technology (OT) risk at their peril. These are the systems that power some of the UK’s most critical national ...
Stay ahead of the headlines with the IO newsletter
Get a monthly round-up of all the information, privacy and cyber security news direct to your inbox.
If They Can Hit A Nuclear Agency, They Can Breach You: What the SharePoint Exploit Means For Your Business
The SharePoint exploit was used on high-profile victims including the US National Nuclear Security Administration, the Department of Homeland Secur...
What’s in the New EU AI Act General Purpose AI Code of Practice?
The EU AI Act’s first provisions, such as those on prohibited AI practices, took effect in February 2025. A phased rollout of requirements continue...
A Surge in VPN Use Could Be Risky for Businesses: Here’s How to Respond
The Online Safety Act (OSA) is one of the longest and most complex laws on the UK’s statute books. It’s also one of the most controversial, contain...
IO Retains G2 Grid® Leader Title in GRC for Fall 2025
We’re delighted to share that IO has been named a Leader in the G2 Grid® Reports for Fall 2025. This quarter, ISMS.online achieved ten badges in th...
What the US AI Action Plan Means
The White House unveiled a sweeping AI action plan in July that reshapes America’s approach to governing AI. It’s a huge pivot from the...
Qantas Data Breach: Why Vendor Oversight Must Be a Compliance Priority
A recent Qantas data breach compromising the personal information of 5.7 million customers has highlighted the ongoing cybersecurity risk that thir...
British Companies Are Losing the Fight Against Ransomware: What Gives?
Just before the Easter bank holiday weekend, Marks & Spencer was plunged into one of the worst ransomware breaches the country has seen in rece...
Beyond Representation – Why Inclusion Is a Business-Critical Risk Strategy
In cybersecurity, we talk a lot about risk, assessing it, prioritising it, and mitigating it. We measure maturity in frameworks, implement controls...
DORA: Six Months on and Plenty of Work Still to Do
Security and compliance teams had a busy start to 2025. Sandwiched between the deadline for member states to implement NIS 2 into local law and the...
