Tag Archives: cyber policy

Top Cybersecurity Firms and Services Shaping Europe’s Digital Defence

Cybersecurity in Europe is evolving quickly, driven by growing regulation (NIS2, Cyber Resilience Act), state-sponsored threats, and accelerating digital transformation. The result is a dynamic and diverse vendor landscape: large integrators defending entire ministries, regional champions supporting SMEs, and specialised firms leading in OT, AI security, and cyber risk quantification.

Continue reading

Cyber Resilience Testing and Facilities: Mapping, Critique, and the Path Forward

Between February and March 2025, I analysed the UK’s Cyber Resilience Testing (CRT) initiative and its associated Cyber Resilience Test Facilities (CRTFs). From that research, I developed three articles: one mapping the global standards landscape, one examining CRT’s practical challenges, and one exploring its role as a trust label. Together, they present CRT as a promising but evolving approach: not yet a standard, but under active NCSC development and consultation, with the potential to reshape product-based assurance if given clarity, support, and ecosystem alignment.

Continue reading

Major Cyber Vendors and Service Providers in the UK

The UK’s cybersecurity sector is home to thousands of providers, ranging from nimble startups and regional MSSPs to global consulting firms and homegrown risk intelligence platforms. While the National Cyber Security Centre (NCSC) sets the tone for policy and technical guidance, it’s these vendors that translate strategy into services: monitoring networks, managing risk, conducting audits, and responding to breaches in real time.

Continue reading

Trust, Labels, and the Path to Meaningful Security: Rethinking CRT Adoption in the UK

This article critically examines the UK’s Cyber Resilience Test (CRT) as a cybersecurity labelling initiative aimed at building consumer trust in connected devices. While affirming CRT’s importance, it highlights the need for clearer value propositions, stakeholder alignment, and behavioural insights to ensure meaningful adoption. Drawing on global examples like Singapore’s CLS and the EU’s CE mark, it argues that CRT must evolve from a technical standard to a culturally embedded trust signal. The piece advocates for a dynamic playbook that supports SMEs, educates consumers, aligns with procurement policy, and adapts over time — turning CRT into a living, ecosystem-wide standard.

Continue reading

The Future of Cyber Resilience Testing: Reflections on a Scheme in Transition

This blog article offers a critical yet constructive reflection on the UK’s Cyber Resilience Testing (CRT) initiative. While CRT is conceptually sound and timely, significant questions remain around cost, demand, usability, policy intent, and delivery responsibility. The article explores whether CRT is positioned to become a meaningful standard or risks being sidelined as another voluntary layer. It advocates for clearer articulation of purpose, audience targeting, and strategic alignment to unlock CRT’s full potential.

Continue reading

Cyber Across Global Governments: International Cooperation and National Strategies

Cybersecurity has become a pillar of national security, digital economy growth, and global diplomacy. From ransomware attacks on hospitals to interference in democratic elections, governments worldwide now treat cyber threats as matters of statecraft, not just IT hygiene. While national strategies differ, a few shared patterns have emerged: defence of critical infrastructure, capacity building, and international coordination.

Continue reading

Cyber Across US Government: Agencies, Frameworks, and Innovation Pathways

The United States is arguably the most influential force in global cybersecurity, but its governance model is sprawling, federal, and often opaque to outsiders. Responsibility is distributed across military, civilian, and intelligence agencies, each with their own authorities, funding mechanisms, and strategic priorities.

Continue reading

Cyber Across European Governments: Key Bodies, Funding, and Coordination

The European cybersecurity landscape is layered, fragmented, and fast-evolving. Unlike the centralised approaches of some governments, the EU’s model of collective sovereignty means cybersecurity is coordinated, rather than controlled by Brussels. National governments still manage their defence and digital sovereignty, but major funding, regulation, and cross-border frameworks increasingly come from the EU level.

Continue reading

Cyber Across UK Government: Departments, Programmes, and Policy Players

The definitive guide to who shapes cyber policy in Whitehall, and how to work with them.

Continue reading

Inside the UK Cyber Ecosystem: A Strategic Guide in 26 Parts

An extensive guide mapping the networks, policy engines, commercial power bases, and future-shapers of British cybersecurity.

Continue reading

The Insider’s Guide to Influencing Senior Tech and Cybersecurity Leaders in the UK

Influencing senior leaders in cybersecurity and technology is no small task, especially in the UK, where credibility, networks, and standards carry immense weight. Whether you’re a startup founder, a scale-up CISO, or a policy influencer, knowing where the key conversations happen (and who shapes them) can make the difference between being heard and being ignored.

Continue reading

Why Self-Attestation Doesn’t Work: Lessons for the DSIT Code

This article argues that self-attestation has failed as a credible assurance mechanism, citing Cyber Essentials’ low uptake and ISO 27001’s limits. It warns that if DSIT builds the Cyber Governance Code of Practice on self-assessment, it will fail. To succeed, the Code must mandate independent, accredited assurance that directors, investors, and regulators can trust.

Continue reading

Before the DSIT Cyber Governance Code of Practice: What the Consultation Proposed

The DSIT Cyber Governance Code of Practice consultation (Jan 2024) proposed five principles for boards: risk management, strategy, people, incident response, and assurance. But it left key gaps: no incentives, little for SMEs, no professional recognition, and weak thinking on assurance. This article argues the consultation was historic, but incomplete — a foundation that required sharper, practitioner-led input.

Continue reading