Tag Archives: Cyber Risk Management

When a Parking Permit Becomes a Cyber Risk: Understanding Indirect Supply Chain Threats

While applying for a parking permit, I discovered an expired SSL certificate on a council website, highlighting how small oversights in public services can expose broader cybersecurity risks. This real-world example shows why organisations must take indirect supply chain risk seriously, particularly in regions critical to national security.

Continue reading

The Role of Cyber Insurance in Risk Management

Cyber insurance has become a vital component of organisational risk management, offering financial protection against cyber incidents such as data breaches, ransomware attacks, and business interruptions. As the frequency and impact of cyberattacks grow, insurance policies have evolved to address the unique challenges of digital risks.

Continue reading

The Ides of March: Reflections on Cyber, Startups, and Scaling Innovation

The Ides of March is a fitting time to reflect on betrayal, resilience, and the realities of UK cybersecurity. In the past two weeks, I’ve balanced DSIT’s Cyber Local funding process, chaired the West Midlands Cyber Working Group (WM CWG), led two funding bids, scaled one startup in a brutal funding climate, and booted up a second from scratch. Along the way, I’ve won the Pitch Battle at Cyber Runway Live, launched the UK’s first dedicated universal cyber risk score and comparison site, and tackled everything from weaponised AI threats to Kafka-powered scalability, all while navigating the messy, unpredictable, and often painful journey of building something that lasts.

Continue reading

Overview, Summary, Thoughts, and Recommendations on the NCSC Cyber Security Risk Management Guidance

This article evaluates the NCSC’s Cybersecurity Risk Management Guidance, highlighting its strengths in broad coverage and practical tools but identifying key weaknesses, including the lack of an integrated end-to-end framework, inconsistent depth, and limited audience-specific tailoring. It recommends strengthening the framework’s integration, providing accessible tools, addressing organisational resistance, and incorporating strategies for emerging technologies and black swan events. These enhancements could elevate the guidance to a truly comprehensive standard for diverse organisations.

Continue reading

Driving Cyber Resilience in the Defence Supply Chain: Summary of Key Actions and Recommendations and Some Thoughts

The Ministry of Defence (MOD) has issued a call to action for Defence industry CEOs and Defence Leads, underlining the critical importance of enhancing cyber resilience across the Defence supply chain, “Letter from the Second Permanent Secretary, DG Chief Information Officer and DG Commercial to Defence industry CEOs/Defence Leads“. The letter, signed by Paul Lincoln, Second Permanent Secretary; Charles Forte, DG Chief Information Officer; and Andrew Forzani, DG Commercial, stresses the heightened global cyber threat landscape and the need for immediate and robust action to safeguard the UK’s Defence capabilities.

Continue reading