Tag Archives: Cyber Sectoral Analysis

Overview, Summary, Thoughts, and Recommendations on the NCSC Cyber Security Risk Management Guidance

This article evaluates the NCSC’s Cybersecurity Risk Management Guidance, highlighting its strengths in broad coverage and practical tools but identifying key weaknesses, including the lack of an integrated end-to-end framework, inconsistent depth, and limited audience-specific tailoring. It recommends strengthening the framework’s integration, providing accessible tools, addressing organisational resistance, and incorporating strategies for emerging technologies and black swan events. These enhancements could elevate the guidance to a truly comprehensive standard for diverse organisations.

Continue reading →

Driving Cyber Resilience in the Defence Supply Chain: Summary of Key Actions and Recommendations and Some Thoughts

Leave a Reply

The Ministry of Defence (MOD) has issued a call to action for Defence industry CEOs and Defence Leads, underlining the critical importance of enhancing cyber resilience across the Defence supply chain, “Letter from the Second Permanent Secretary, DG Chief Information Officer and DG Commercial to Defence industry CEOs/Defence Leads“. The letter, signed by Paul Lincoln, Second Permanent Secretary; Charles Forte, DG Chief Information Officer; and Andrew Forzani, DG Commercial, stresses the heightened global cyber threat landscape and the need for immediate and robust action to safeguard the UK’s Defence capabilities.

Continue reading →

Exploring the Link Between Cyber-Dependent Crime and Autism: A Critical Analysis

Leave a Reply

This article reviews a study exploring links between autistic-like traits, autism, and cyber-dependent crimes. Findings show autistic-like traits increase cyber-crime risk, while autism reduces it. Advanced digital skills are a key factor. The study highlights opportunities for autistic individuals in cybersecurity but is limited by self-reported data and sample representation. Further research is needed to clarify causal links and broader impacts.

Continue reading →

Cyber Governance at a Crossroads: Responding to DSIT’s Consultation

Leave a Reply

This framing article summarises a set of responses to DSIT’s Cyber Governance Code of Practice consultation in Jan/Feb 2024. It highlights practitioner and institutional submissions, alongside thematic deep dives on law, assurance, incentives, and professionalism. The message: DSIT asked the right questions, but the hardest answers were still missing.

Continue reading →

Professionalism and Accountability: Why Cyber Needs Recognition like Law and Engineering

Leave a Reply

This article argues that DSIT’s Cyber Governance Code of Practice must embed professional recognition for cyber experts, just as directors rely on lawyers, accountants, and engineers. Without a register of recognised professionals, directors risk being accountable without credible support.

Continue reading →

Incentives, Not Just Obligations: Driving Real Uptake of Cyber Governance

Leave a Reply

This article argues that obligations alone will not drive the adoption of DSIT’s Cyber Governance Code of Practice. To succeed, the Code must be backed by incentives — tax relief, insurance benefits, procurement levers, and reputational recognition — that make governance valuable to boards. Obligations can enforce compliance; incentives will create commitment.

Continue reading →

From Cyber Essentials to Corporate Governance: Raising the Bar

Leave a Reply

Cyber Essentials has value as a baseline, but reaches only 0.3% of UK organisations and says little about governance. This article argues that DSIT’s Cyber Governance Code of Practice must raise the bar, from compliance to accountability, from self-attestation to credible assurance, and from one-off certificates to continuous governance. Cyber Essentials is the floor; governance must be the ceiling.

Continue reading →

Directors and Cyber Responsibility: Towards a New Company Law

Leave a Reply

This article examines DSIT’s 2024 proposal to embed cyber responsibility into company law. It argues that directors should carry legal duties for cyber resilience, as they already do for finance and health and safety — but only if those duties are proportionate, professionalised, and practical. The consultation did not change the law, but the direction of travel is unmistakable.

Continue reading →

From Practitioner to Professional Body: The IET Response on Cyber Governance

Leave a Reply

This article examines the IET’s joint response to DSIT’s 2024 consultation on the Cyber Governance Code of Practice. Building on my practitioner-led analysis, the IET added institutional weight: emphasising professional recognition, proportionality for SMEs, broader engagement, and integration into training. It shows how practitioner insight and professional consensus can work together to shape policy.

Continue reading →

CyberASAP Pathfinder Birmingham 2024

Leave a Reply

Join me as I share my journey and insights from the CyberASAP Pathfinder event in Birmingham, where I discussed the transition from a long IT career to founding a cybersecurity startup. Discover the challenges, surprises, and rewards of turning innovative research into market-ready solutions.

Continue reading →

Securing Success: Strategic Questions for Cyber Startups Seeking Growth in the West Midlands and UK

Leave a Reply

This article outlines critical questions that cyber security startups, particularly those like Cyber Tzar after completing the NCSC’s “NCSC for Startups” Accelerator programme, should consider when seeking support from regional organizations such as the West Midlands Growth Company or Invest West Midlands. It emphasizes prioritising inquiries around funding and marketing to harness regional opportunities for development and expansion.

Continue reading →

Directors and Cyber Governance: My Practitioner’s Response to DSIT’s Consultation

Leave a Reply

This article revisits my practitioner-led response to DSIT’s 2024 consultation on the Cyber Governance Code of Practice. It highlights key issues I raised: supply chain risk, flaws in self-attestation, tool overload, lack of incentives, and the need for continuous governance. The argument is simple: cyber resilience belongs in the boardroom, but only if policy is grounded in practice.

Continue reading →

Before the DSIT Cyber Governance Code of Practice: What the Consultation Proposed

Leave a Reply

The DSIT Cyber Governance Code of Practice consultation (Jan 2024) proposed five principles for boards: risk management, strategy, people, incident response, and assurance. But it left key gaps: no incentives, little for SMEs, no professional recognition, and weak thinking on assurance. This article argues the consultation was historic, but incomplete — a foundation that required sharper, practitioner-led input.

Continue reading →

Horkan

a blog by Wayne Horkan

Tag Archives: Cyber Sectoral Analysis

Driving Cyber Resilience in the Defence Supply Chain: Summary of Key Actions and Recommendations and Some Thoughts

Cyber Governance at a Crossroads: Responding to DSIT’s Consultation

Professionalism and Accountability: Why Cyber Needs Recognition like Law and Engineering

Incentives, Not Just Obligations: Driving Real Uptake of Cyber Governance

From Cyber Essentials to Corporate Governance: Raising the Bar

Directors and Cyber Responsibility: Towards a New Company Law

From Practitioner to Professional Body: The IET Response on Cyber Governance

CyberASAP Pathfinder Birmingham 2024

Securing Success: Strategic Questions for Cyber Startups Seeking Growth in the West Midlands and UK

Directors and Cyber Governance: My Practitioner’s Response to DSIT’s Consultation

Before the DSIT Cyber Governance Code of Practice: What the Consultation Proposed