Is your organisation ready for Defence Cyber Certification?
Discover how to prepare for Defence Cyber Certification (DCC), the common readiness gaps organisations face and why early preparation can strengthen both compliance and resilience.
Risk Management
The gap between security on paper and security in practice
Why compliance does not always equal resilience. Explore the gap between security on paper and security in practice and how real attackers exploit operational weaknesses.
Resilience as readiness not reassurance
Senior risk, resilience and security leaders gathered at the National Liberal Club to discuss what organisational resilience looks like in practice, covering decision-making under pressure, governance, recovery planning, supply chain vulnerabilities, AI, culture and crisis preparedness.
Supply chain resilience is about managing persistent uncertainty – and needs active governance
In this piece, Gavin Wilson argues that supply chains can no longer be treated as purely commercial functions but must be managed as core risk systems. With geopolitical tension, regulation, climate disruption and hidden dependencies all shaping outcomes, disruption is now constant rather than exceptional. He highlights how many organisations remain exposed due to limited visibility and fragmented ownership, often reacting only once issues arise. His focus is on active governance, deeper supplier insight and earlier involvement of risk functions, ensuring resilience is built in before disruption hits rather than after.
Connection without closeness
In this piece, Katie Barnett argues that insider risk is often misunderstood as a problem of malicious intent when in reality it more often develops gradually through stress, fatigue, financial pressure or disengagement. Many incidents are preceded by subtle behavioural changes that go unnoticed or unaddressed, leaving organisations reacting too late. Her focus is on shifting from a purely technical or disciplinary response to one that recognises the role of wellbeing, culture and early intervention. Supporting people earlier, she suggests, is not a soft option but a more effective way to reduce risk before it escalates.
The leadership dilemma: Governing the “Agentic AI” workforce
In this piece, Peter Connolly argues that AI is no longer just a tool but an active part of the workforce. As organisations adopt more autonomous, decision-making systems, the real challenge is not deployment but governance. Without clear accountability, identity controls and behavioural guardrails, digital agents can introduce risks similar to highly privileged insiders. His message is straightforward: treat AI like part of the workforce, with defined ownership, oversight and limits, or risk letting autonomy outpace control.
When protest movements enter the workplace
In this piece, Gavin Wilson argues that workplace activism isn’t something organisations should fear but it does need to be managed. Most employee protest is lawful and often healthy but in sensitive environments strong personal convictions combined with access to systems or data can create real risk. Add in the influence of online narratives and external actors and internal tensions can escalate quickly. His focus is on getting the balance right: allowing open disagreement while tightening access, spotting early behavioural changes and making sure concerns are raised early. Ultimately resilience comes down to whether organisations are prepared for when belief, access and pressure collide.
Mythos – What it means and what to do about it
Anthropic’s Mythos highlights a shift in cybersecurity: AI can now find and exploit vulnerabilities at scale. Explore what this means for risk, remediation, and securing AI systems.
Cyber Essentials vs ISO 27001 – Which Security Certification does your business need?
Two of the most common standards UK organisations look at are Cyber Essentials and ISO 27001 – If you’re trying to decide where to focus, here is a break down of what they each are and what their main focus is.
Why a cyber security review is essential for understanding real organisational exposure
A comprehensive cyber security review evaluates governance, operational processes, user behaviour, technical controls and third-party dependencies together.
Why online monitoring has become a core element of organisational risk management
Well-structured online monitoring provides organisations with continuous visibility into how they are being referenced online.
IT managed service provider (MSP) – building resilience through smarter support
Technology sits at the heart of every modern organisation yet managing it effectively has never been more complex. For many businesses, partnering with an IT managed service provider (MSP) offers a way to keep pace with these changes.