Tag Archives: Cyber Resilience

Cyber Across Global Governments: International Cooperation and National Strategies

Leave a Reply

Cybersecurity has become a pillar of national security, digital economy growth, and global diplomacy. From ransomware attacks on hospitals to interference in democratic elections, governments worldwide now treat cyber threats as matters of statecraft, not just IT hygiene. While national strategies differ, a few shared patterns have emerged: defence of critical infrastructure, capacity building, and international coordination.

Continue reading

Mapping the Global Security Landscape: Where CRT Fits (and Where It Doesn’t)

Leave a Reply

This blog article critically examines the global landscape of consumer product cybersecurity standards and the proposed role of the UK’s Cyber Resilience Testing (CRT) initiative. It maps key frameworks (PSTI Act, CRA, ETSI EN 303645, IEC 62443, FCC labelling, etc.) and identifies opportunities for CRT to provide ‘above and beyond’ assurance through resilience testing and threat simulation. While acknowledging the challenges of market saturation and standard overlap, it argues that CRT can add unique value — especially in underregulated sectors and poorly enforced product classes — by validating real-world security outcomes rather than static compliance.

Continue reading

Cyber Across US Government: Agencies, Frameworks, and Innovation Pathways

Leave a Reply

The United States is arguably the most influential force in global cybersecurity, but its governance model is sprawling, federal, and often opaque to outsiders. Responsibility is distributed across military, civilian, and intelligence agencies, each with their own authorities, funding mechanisms, and strategic priorities.

Continue reading

Stakeholder Grid Example 2: Psyber Inc.

Leave a Reply

Navigating influence in a new and emerging field like cyber psychology requires clarity, confidence, and strategic alignment. As a startup working at the intersection of AI ethics, human factors, and cybersecurity resilience, Psyber Inc. operates in a diverse and sometimes opaque stakeholder landscape.

Continue reading

Cyber Across European Governments: Key Bodies, Funding, and Coordination

Leave a Reply

The European cybersecurity landscape is layered, fragmented, and fast-evolving. Unlike the centralised approaches of some governments, the EU’s model of collective sovereignty means cybersecurity is coordinated, rather than controlled by Brussels. National governments still manage their defence and digital sovereignty, but major funding, regulation, and cross-border frameworks increasingly come from the EU level.

Continue reading

Cyber Across UK Government: Departments, Programmes, and Policy Players

Leave a Reply

The definitive guide to who shapes cyber policy in Whitehall, and how to work with them.

Continue reading

Inside the UK Cyber Ecosystem: A Strategic Guide in 26 Parts

Leave a Reply

An extensive guide mapping the networks, policy engines, commercial power bases, and future-shapers of British cybersecurity.

Continue reading

The Insider’s Guide to Influencing Senior Tech and Cybersecurity Leaders in the UK

Leave a Reply

Influencing senior leaders in cybersecurity and technology is no small task, especially in the UK, where credibility, networks, and standards carry immense weight. Whether you’re a startup founder, a scale-up CISO, or a policy influencer, knowing where the key conversations happen (and who shapes them) can make the difference between being heard and being ignored.

Continue reading

Women Shaping Cyber: Reflections from Aston University

Leave a Reply

The Women Shaping Cyber event at Aston University, held during International Women’s Day, highlighted the importance of diversity in the West Midlands cyber sector. Keynote speaker Sevgi Aksoy emphasised the human factor in cybersecurity, while roundtable discussions explored barriers facing women, how to attract and retain talent, and how to leverage regional strengths. With contributions from leaders across academia, industry, and government, the event underscored that growth in cyber must also be measured in inclusivity and representation, not just economics.

Continue reading

Driving Cyber Resilience in the Defence Supply Chain: Summary of Key Actions and Recommendations and Some Thoughts

Leave a Reply

The Ministry of Defence (MOD) has issued a call to action for Defence industry CEOs and Defence Leads, underlining the critical importance of enhancing cyber resilience across the Defence supply chain, “Letter from the Second Permanent Secretary, DG Chief Information Officer and DG Commercial to Defence industry CEOs/Defence Leads“. The letter, signed by Paul Lincoln, Second Permanent Secretary; Charles Forte, DG Chief Information Officer; and Andrew Forzani, DG Commercial, stresses the heightened global cyber threat landscape and the need for immediate and robust action to safeguard the UK’s Defence capabilities.

Continue reading

Directors and Cyber Responsibility: Towards a New Company Law

Leave a Reply

This article examines DSIT’s 2024 proposal to embed cyber responsibility into company law. It argues that directors should carry legal duties for cyber resilience, as they already do for finance and health and safety — but only if those duties are proportionate, professionalised, and practical. The consultation did not change the law, but the direction of travel is unmistakable.

Continue reading

Directors and Cyber Governance: My Practitioner’s Response to DSIT’s Consultation

Leave a Reply

This article revisits my practitioner-led response to DSIT’s 2024 consultation on the Cyber Governance Code of Practice. It highlights key issues I raised: supply chain risk, flaws in self-attestation, tool overload, lack of incentives, and the need for continuous governance. The argument is simple: cyber resilience belongs in the boardroom, but only if policy is grounded in practice.

Continue reading

Before the DSIT Cyber Governance Code of Practice: What the Consultation Proposed

Leave a Reply

The DSIT Cyber Governance Code of Practice consultation (Jan 2024) proposed five principles for boards: risk management, strategy, people, incident response, and assurance. But it left key gaps: no incentives, little for SMEs, no professional recognition, and weak thinking on assurance. This article argues the consultation was historic, but incomplete — a foundation that required sharper, practitioner-led input.

Continue reading