Five Signs Your Organisation Is Ready For Red Team Testing
Discover the indicators that your organisation is ready for Red Team testing and how realistic adversary simulations can help strengthen resilience across cyber, physical and human security.
Cyber Security
Why your email account is the most valuable target you are overlooking
Your email account is more than just a messaging platform – it’s the control layer for your digital life. Learn why compromised inboxes lead to wider breaches and discover practical steps to secure your accounts, reduce exposure and protect sensitive information.
Connection without closeness
In this piece, Katie Barnett argues that insider risk is often misunderstood as a problem of malicious intent when in reality it more often develops gradually through stress, fatigue, financial pressure or disengagement. Many incidents are preceded by subtle behavioural changes that go unnoticed or unaddressed, leaving organisations reacting too late. Her focus is on shifting from a purely technical or disciplinary response to one that recognises the role of wellbeing, culture and early intervention. Supporting people earlier, she suggests, is not a soft option but a more effective way to reduce risk before it escalates.
The leadership dilemma: Governing the “Agentic AI” workforce
In this piece, Peter Connolly argues that AI is no longer just a tool but an active part of the workforce. As organisations adopt more autonomous, decision-making systems, the real challenge is not deployment but governance. Without clear accountability, identity controls and behavioural guardrails, digital agents can introduce risks similar to highly privileged insiders. His message is straightforward: treat AI like part of the workforce, with defined ownership, oversight and limits, or risk letting autonomy outpace control.
FCA CP24/28: What’s changing and why security teams should act now
FCA CP24/28 will change how firms report operational incidents and manage critical third parties. What’s changing and why security teams should act now.
Cyber security in 2026 – What security and risk leaders need to prepare for now
Cyber security in 2026 is shaped by AI-driven attacks, identity-based risk, deepfakes, and fragile supply chains. Discover what security and risk leaders must prioritise now to strengthen resilience and recovery.
Physical security training that actually changes behaviour
At Toro, physical security training is about behaviour, not just rules. We teach people how real incidents start, how attackers exploit politeness and routine, and how small actions by ordinary staff prevent serious harm.
Why real resilience happens when teams actually talk to each other
Resilience isn’t built on plans alone. Learn how breaking down silos, improving communication and connecting people strengthens real organisational resilience.
What to do if your company laptop or mobile device is lost or stolen
Lost or stolen devices are a common cause of security incidents. A calm, methodical response in the first few minutes helps contain the situation and protects both personal and organisational information.
What should you do if you suspect you have been vished (voice phished)?
Vishing, or voice phishing, uses impersonation, urgency and confidence to manipulate people over the phone. A calm and structured response in the first few minutes can prevent account compromise, data loss or financial harm.
Cyber security consulting that makes security practical again
Every organisation runs on technology. It keeps teams connected, systems running and data flowing but that reliance on IT and cloud services comes with risk. That is why more organisations are turning to cyber security consulting.
Third party risk management – strengthening trust in a connected world
If one supplier experiences a security breach or operational failure, the impact can spread quickly through your business. That is why third party risk management is now a critical part of building organisational resilience.