Tag Archives: Cyber Sectoral Analysis

Cyber Sectoral Analysis

Cyber Sectoral Analysis examines how cyber risk, regulation, skills and capability actually land in specific sectors and regions, not in theory, but in practice.
This series looks across defence, critical infrastructure, supply chains, SMEs, regional clusters and public policy to understand where resilience is working, where it isn’t, and why. The focus is on real dependencies, delivery capacity, regulatory impact and economic consequences, connecting national strategy to operational reality and regional execution.

If cyber is economic infrastructure, this is where the weak points, and the leverage, really are.

From Practitioner to Professional Body: The IET Response on Cyber Governance

Leave a Reply

This article examines the IET’s joint response to DSIT’s 2024 consultation on the Cyber Governance Code of Practice. Building on my practitioner-led analysis, the IET added institutional weight: emphasising professional recognition, proportionality for SMEs, broader engagement, and integration into training. It shows how practitioner insight and professional consensus can work together to shape policy.

Continue reading

Securing Success: Strategic Questions for Cyber Startups Seeking Growth in the West Midlands and UK

Leave a Reply

This article outlines critical questions that cyber security startups, particularly those like Cyber Tzar after completing the NCSC’s “NCSC for Startups” Accelerator programme, should consider when seeking support from regional organizations such as the West Midlands Growth Company or Invest West Midlands. It emphasizes prioritising inquiries around funding and marketing to harness regional opportunities for development and expansion.

Continue reading

Directors and Cyber Governance: My Practitioner’s Response to DSIT’s Consultation

Leave a Reply

This article revisits my practitioner-led response to DSIT’s 2024 consultation on the Cyber Governance Code of Practice. It highlights key issues I raised: supply chain risk, flaws in self-attestation, tool overload, lack of incentives, and the need for continuous governance. The argument is simple: cyber resilience belongs in the boardroom, but only if policy is grounded in practice.

Continue reading

Before the DSIT Cyber Governance Code of Practice: What the Consultation Proposed

Leave a Reply

The DSIT Cyber Governance Code of Practice consultation (Jan 2024) proposed five principles for boards: risk management, strategy, people, incident response, and assurance. But it left key gaps: no incentives, little for SMEs, no professional recognition, and weak thinking on assurance. This article argues the consultation was historic, but incomplete — a foundation that required sharper, practitioner-led input.

Continue reading