Privacy Matters: What Compliance Teams Can Expect in 2026
January 28 is Global Privacy Day – an occasion to celebrate the right to data privacy and protection that many of us take for granted today. It was...
Author: Phil Muncaster
Closing the AI Governance Gap with ISO 42001
The UK has an AI governance problem. This might not have been an issue a few years ago, when projects were piecemeal in most organisations. But tod...
Five Security and Compliance Trends to Look Out for in 2026
What might the coming 12 months look like for cybersecurity and compliance professionals? We’ve scoured the news, absorbed the predictions of indus...
Is an Agentic AI Security Breach Inevitable in 2026?
It might be three years since the launch of ChatGPT kicked off a new technology arms race, but all eyes are now on agentic AI. Boosters claim it wi...
A Year in Compliance: Five Things We Learned in 2025
The past 12 months have once again proven that the cybersecurity landscape is rarely short on incident. Major security breaches cost organisations ...
What the Cyber Security and Resilience Bill Means for Critical Infrastructure
It’s been a long time coming. Having been trailed as far back as the King’s Speech in 2024, the Cyber Security and Resilience Bill (CSRB) has final...
When it Comes to OT, Visibility Is the Foundation of Effective Security
IT often grabs the headlines, especially now we’re embarking on a new age of AI-powered everything. But it is operational technology (OT) that stil...
What the Deloitte Australia Saga Says About the Risks of Managing AI
Generative AI (GenAI) has scaled the heady heights of industry hype since it burst onto the scene in late 2022. Now it is entering what Gartner cal...
The NCSC Says “It Is Time to Act”, But How?
It’s unusual to see an open letter from a business leader at the start of a government cybersecurity report. Especially someone whose company has j...
What an npm Attack Says About the Risks of Open-Source Software
The history of open-source security is littered with examples of catastrophic failings and near misses. A crypto-malware campaign discovered in ear...
Can the UK Create a Multibillion-Pound AI Assurance Sector?
The government is going all-in on AI. Announced in January, its AI Opportunities Action Plan seeks to drive economic growth, improve the quality of...
Jaguar Land Rover’s Travails Highlight the Need for Cyber Resilience
Manufacturers have been the most popular target for global cyber-attacks over the past four years. The sector was also number one for ransomware in...
As Optus Is Sued, What Went Wrong and What Lessons Can We Learn?
The wheels of justice move slowly sometimes. So it is in Australia, where the privacy regulator has finally filed civil penalty proceedings against...
OT Risk Could Be a $330bn Problem: How Do We Solve It?
Business leaders neglect operational technology (OT) risk at their peril. These are the systems that power some of the UK’s most critical national ...
A Surge in VPN Use Could Be Risky for Businesses: Here’s How to Respond
The Online Safety Act (OSA) is one of the longest and most complex laws on the UK’s statute books. It’s also one of the most controversial, contain...
British Companies Are Losing the Fight Against Ransomware: What Gives?
Just before the Easter bank holiday weekend, Marks & Spencer was plunged into one of the worst ransomware breaches the country has seen in rece...
DORA: Six Months on and Plenty of Work Still to Do
Security and compliance teams had a busy start to 2025. Sandwiched between the deadline for member states to implement NIS 2 into local law and the...
Supply Chains Are Complex, Opaque and Insecure: Regulators Are Demanding Better
What do Marks & Spencer and Jaguar Land Rover (JLR) have in common? They both suffered significant ransomware breaches this year after threat a...
The Most Damaging Data Breaches Are Preventable: Here’s How
We all know that many organisations could do better at data protection. The UK government’s Cyber Security Breaches Survey 2025 highlights a ...
Where AI Threats Are Heading, and What to Do About Them
When the National Cyber Security Centre (NCSC) published its first predictions around AI in 2024, it was a sobering moment for the cybersecurity co...
GDPR Update: What the Data (Use and Access) Act Means for Compliance Teams
An update to the UK’s version of the GDPR is long overdue. The previous Conservative government originally proposed it via the Data Protectio...
Verizon’s DBIR 2025 Versus Your Board: What They’re Missing
CISOs are increasingly invited to board meetings. A Splunk survey from January found that 83% participate somewhat often or most of the time, while...
Retail Under Fire: Would You Spot a Breach If It Happened Right Now?
Retailers and their suppliers are having a tough time in the UK right now. A string of major security breaches tied to ransomware actors has left s...
