Appian: Why AI is Putting Better Business Within Every Organisation’s Reach
Our cover story highlights how AI is putting better business within everyone’s reach.Mark Talbot, Director – CS AI Initiatives at Appian, reasons that as organisations grow more capable with AI, the challenge shifts from proving its value to expanding access to it. “Instead of concentrating control and decision rights in a small, central group, modern AI tools give more agency to the people closest to the work. They can see what is not working, imagine better approaches, and use AI to help redesign and improve the processes they rely on every day.”
CPL Aromas: How a Leading Fragrance House is Using AI to Amplify Creativity
In the world of retail, a leading fragrance house uses AI to amplify creativity. Alfred Muthunathan, CIO at CPL Aromas, explains how the family-owned business is using AI as a strategic capability to support creativity and accelerate innovation. “We didn’t bolt AI onto our systems; we redesigned the organisation, so AI is native to how we operate… Our new system takes away the workload from perfumers and has allowed us to create something that always keeps the nuances of our industry at its core.”
Vibrant Capital: Scaling AI on Main Street
Shadman Zafar, Founder & CEO of Vibrant Capital, is building a CIO-led model for enterprise transformation. Vibrant Capital is an operator-led investment and company-building platform focused on scaling AI in the real economy. “We don’t spray investments across hundreds of AI startups. We curate a portfolio with purpose – selecting companies that solve the real mission-critical problems CIOs face in scaling AI adoption.”
Also in this issue, we learn about the supply chain transformation journey at Swiss sportswear brand On, unpack the latest AI readiness research from Snowflake and hear from Hitachi Vantara about the importance of strong data foundations for the best utilisation of AI.
Andrew Power, Head of UK&I at Tricentis, on why the right approach to AI can deliver the foundation for more resilient, predictable systems
SHARE THIS STORY
Artificial intelligence is reshaping software delivery in financial services. Code that once took teams weeks to develop can now be generated and deployed in a matter of hours. This isn’t just about faster delivery; it changes the fundamentals of how software is built and how it behaves in production.
Financial institutions have moved quickly to integrate AI across core systems, from customer operations to anti-money laundering (AML) and software development to capture efficiency and innovation gains. UK parliamentary evidence shows adoption is already widespread, with the majority of firms using AI, and more planning to follow.
But as adoption spreads and becomes more embedded within key systems, so does exposure. Risk is no longer confined to individual defects, but shaped by how quickly those defects can spread across interconnected environments.
AI has removed the limits on how quickly software can be created, but not on how confidently it can be trusted, and financial institutions can now generate and deploy code faster than they can safely validate it.
This creates a new paradox: AI is both accelerating the pace of software change and increasing the speed and scale at which failures can materialise.
Machine-Speed Failure
AI-driven development shortens the distance between change and consequence. Software updates can move through the pipeline from creation to production with significantly less friction. However, this also reduces the time available to identify, flag and contain any issues before they have an impact.
AI-driven software changes don’t just move fast, they scale fast. Unlike traditional failures, these are systemic risks. A single misstep in an AI-generated update can propagate unpredictably.
For financial services, this is especially significant when key systems are deeply interconnected, spanning complex layers of infrastructure, integrations, and third-party services. Even a minor defect can propagate quickly across systems, amplifying its impact.
What would once have been contained can now escalate, cascading across systems and causing wider disruption that affects customers, operations and, in some cases, market activity. In financial services, this is not just a technical issue but a business risk with direct implications for customer trust, regulatory compliance and financial stability. The challenge is no longer simply identifying defects but maintaining confidence in what is being deployed.
This risk is already being felt across the sector. Institutions are accelerating delivery to meet customer expectations and competitive pressures, but often without corresponding advances in validation. Tricentis’ research shows 68% of financial services organisations anticipate outages or serious incidents due to poor software quality.
Regulatory Pressure for AI is Increasing
The issue is also drawing attention from regulators. Earlier this year, the UK Treasury Committee warned that current approaches to AI in financial services are inadequate and could expose customers and the wider system to “serious harm”, highlighting the need for stronger guardrails, clearer accountability and more robust oversight to deploy it safely.
Traditional resilience frameworks were never designed for systems evolving in real time, and AI can no longer be treated as a marginal technology risk. It must become central to how organisations manage and assess resilience.
This marks a shift from software quality being an engineering concern to a board-level issue of operational resilience. If machine-speed change is the new operational hazard, then failure to address it becomes a strategic issue rather than a technical one. With that in mind, financial leaders must acknowledge AI’s dual role as both a driver of risk and a mechanism for preventing it.
AI as Both a Safeguard & Source of Risk
AI also offers the most effective and scalable way to manage the risks it introduces. Advanced AI-driven validation, continuous monitoring and risk-prioritised testing can identify issues earlier than any manual process, helping reduce the likelihood they reach production.
In effect, the same AI that accelerates software creation must now be applied to validation and governance – operating at the same speed and scale.
The same capabilities that facilitate rapid software production can be applied to validation and governance, continuously evaluating system behaviour, detecting anomalies and prioritising testing based on potential business impact, rather than volume. This allows organisations to move beyond rigid approaches and towards more adaptive, responsive quality models that more accurately reflect the way AI behaves.
Instead of relying on standard periodic testing cycles, systems can be validated on an ongoing basis. This enables earlier intervention before issues escalate.
AI can also help organisations better understand the complexity of their own systems. By analysing dependencies across applications and infrastructure, it becomes possible to identify which processes are most critical and where failures would have the greatest impact.
From Acceleration to Control
There is a clear mismatch in how financial organisations approach AI. While many are leveraging AI to accelerate development, far fewer are evolving their validation and governance to keep pace, and it’s in this gap that risk emerges.
This is the “confidence gap”, where organisations can create software faster than they can safely deploy it.
To address this imbalance, firms must treat software quality as a core component of their AI strategy. Development and validation must move forward together. Governance must adapt to continuous, AI-driven change. This requires a move from static testing and coverage metrics to continuous, risk-based validation, where software is assessed in real time based on potential business impact.
If AI is the engine driving software creation, validation must act as the braking system – built in, not bolted on at the end. At machine speed, gaps in control become points of failure. The aim is not to slow innovation, but to ensure it progresses in a way that is sustainable and safe. When validation keeps pace with development, firms can move quickly and competitively, whilst maintaining control over how risk is introduced and managed.
This is a change we are seeing across large enterprises adopting AI-driven quality approaches, where validation, monitoring and governance are increasingly orchestrated together rather than treated as separate processes.
Preventing the Next Outage
The financial sector has already seen how quickly failures can escalate in complex, interconnected environments. In March, an IT error at Lloyds Banking Group exposed the private financial information of nearly half a million customers, prompting the bank to issue £139,000 in compensation.
Such incidents aren’t isolated: over the last two years, more than 33 days of unplanned banking outages have been reported to Parliament, underlining the scale of the issue.
As AI increases the velocity of change, it also raises the stakes for getting it wrong. But the irony is that it also provides the tools needed to prevent these failures from happening in the first place. AI is both contributing to the risk of outages and becoming the most effective way to prevent them.
By applying AI to continuous validation, monitoring and risk detection, organisations can spot issues earlier, understand their potential impact and intervene before disruption occurs. This shifts the focus from reacting to outages to preventing them, and it’s where the paradox becomes constructive. AI doesn’t have to be a source of instability.
With the right approach, it can become the foundation for more resilient, predictable systems. Those that fail risk trading innovation for instability. In the AI era, speed without confidence is simply another form of risk.
ZeroThreat co-founder Dharmesh Acharya on why the only way to know if your defences actually hold is to challenge them with continuous penetration testing and exploit validation
SHARE THIS STORY
Your security dashboard is green. No alerts. No critical flags. Everything looks fine. That feeling of calm is exactly what you should be worried about. A clean dashboard does not mean your application is secure. It often means you are measuring the wrong things.
If a threat operates outside those parameters, it stays invisible. Your logs look normal, your vulnerability scanner reads low risk and your compliance status says passing. And somewhere in your environment, an attacker could be moving quietly through systems your dashboard never touches.
Let’s take a look at why green dashboards can be misleading, what they are not showing you, and what real security validation actually looks like.
The False Comfort of a Green Dashboard
There is something deeply reassuring about a green dashboard. No alerts. No red flags. And no critical vulnerabilities screaming for attention. For most security teams, that view signals control. It signals safety. But here is the uncomfortable truth: a clean security dashboard does not mean your environment is secure. It often just means your tools are not seeing the full picture.
Most monitoring systems only report what they are configured to detect. If a threat operates outside those parameters, it stays invisible. Your SIEM logs look normal. Your vulnerability scanner shows low risk and your compliance status reads “passing.” Meanwhile, an attacker could be sitting inside your network, moving quietly, and your dashboard would never know.
According to IBM’s Cost of a Data Breach Report, the average breach takes 168 days to identify and 51 days to contain it in the finance industry. That is over six months of green dashboards while real damage is being done. False confidence in security metrics is not a minor issue. It is one of the most exploited gaps in enterprise security posture today.
5 Problems with Traditional Security Metrics
Traditional security metrics were built for a different era. They measure what is easy to measure, not what actually matters. And when security decisions are based on incomplete or misleading data, the entire security program becomes vulnerable, even when everything looks fine on paper.
1. Visibility Without Context
Knowing that 10,000 events were logged means nothing without understanding what those events represent. Traditional metrics track volume, not relevance. Security teams end up drowning in data while the actual threats, the ones that matter, go unnoticed. Coverage without context is just noise.
2. Compliance Masking Risk
Passing a compliance audit does not mean you are secure. It means you met a checklist. Many organizations confuse regulatory compliance with actual cyber resilience. Attackers do not care about your audit results. They look for gaps, and compliance-focused metrics rarely surface those gaps in time.
3. Perimeter-Focused Thinking
Most traditional security metrics are built around the perimeter. But the perimeter does not exist the way it once did. Remote work, cloud environments, and third-party integrations have dissolved those boundaries. Metrics that still prioritize perimeter health give a dangerously narrow view of your actual attack surface.
4. Lagging Indicator Dependency
Traditional metrics tend to be reactive. They tell you what already happened, not what is happening right now. Mean time to detect, incident counts, patch rates, these are all lagging indicators. By the time they show a problem, the damage is often already in motion. Real security needs leading indicators too.
5. Ignoring Unknown Assets
You cannot protect what you cannot see. Shadow IT, unmanaged endpoints, forgotten cloud instances, these assets rarely show up in traditional security dashboards. Yet they are among the most targeted entry points for attackers. Metrics that only account for known assets create a false sense of complete coverage.
Hidden Risks Your Dashboard Doesn’t Show
Your dashboard reflects what your tools are configured to monitor. Nothing more. Unmanaged devices, misconfigured cloud storage, dormant user accounts with excessive privileges, these risks exist outside the monitoring boundary. They do not trigger alerts. They do not show up in reports. But they are real, and attackers know exactly how to find them.
Lateral movement is one of the most dangerous and least detected attack behaviors. Once an attacker gains initial access, they move quietly across your environment using legitimate credentials and trusted pathways. Traditional security monitoring tools rarely flag this activity because it does not look like an attack. It looks like normal user behavior. That is precisely what makes it so effective.
Third-party risk is another blind spot most dashboards completely ignore. According to Verizon’s Data Breach Investigations Report, 15% of breaches involve a third party. Vendor access, supply chain integrations, and API connections create exposure points that sit entirely outside your visibility. If your dashboard is not showing you that, it is not showing you everything.
What a Genuinely Healthy Security Posture Looks Like
A healthy security posture is not about having zero alerts. It is about having full visibility, fast response capability, and continuous validation. Organisations with mature security programs do not chase green dashboards. They build systems that surface the right information at the right time.
According to IBM, organizations with a fully deployed security AI and automation program contained breaches 108 days faster than those without. Speed of detection and response is one of the clearest indicators of a strong security posture. That cannot be measured by looking at how calm your dashboard appears.
Real security health includes knowing your complete asset inventory, including cloud workloads, third-party connections, and unmanaged endpoints. It means having continuous monitoring that goes beyond compliance checkboxes. It means your team runs regular adversarial testing to find gaps before attackers do.
And it also means your security metrics are tied to business risk, not just technical thresholds. When a CISO can clearly explain what is protected, what is exposed, and why, that is what a genuinely healthy security posture actually looks like.
How to Ensure Real Security: Exploit Validation
Knowing you have vulnerabilities is not enough. You need to know which ones can actually be exploited, and how far an attacker could get if they tried. That is what continuous exploit validation delivers. It moves security testing from a scheduled event to an ongoing process that reflects your real-world risk exposure.
AI-driven automated penetration testing makes this possible at scale. Instead of waiting for an annual pentest, these tools continuously simulate real attacker behavior across your environment. They test your controls, validate your detections, and surface exploitable paths before a real threat actor finds them. Your security team gets evidence, not assumptions.
The result is a security program that is grounded in reality. You stop relying on what your dashboard says and start relying on what has actually been tested and verified. Continuous exploit validation closes the gap between perceived security and actual security, and that gap is exactly where breaches happen.
Conclusion: Stop Trusting Your Dashboards and Start Validating
A green dashboard does not mean you are secure. It means nothing alarming has been detected within the boundaries your tools are configured to monitor. That is a very different thing. Real security is not about how calm your dashboard looks. It is about how thoroughly your environment has been tested and validated.
The only way to know if your defences actually hold is to challenge them. Continuous penetration testing and exploit validation give you evidence, not assumptions. They show you what an attacker would find before an attacker actually finds it. That shift, from monitoring to validating, is what separates a false sense of security from a real one.
Vincent Guillevic, Director of Fraud Labs at Entrust, argues companies that treat identity as a continuous thread rather than a single checkpoint will be better positioned to reduce losses and protect customers
SHARE THIS STORY
Identity verification and tackling fraud began as a face-to-face process, built on human trust. Opening a bank account involved meeting a banker in person and from there, trust was established because both parties could see and interact with each other directly in branch.
Fast forward to the digital age and a lot of services have moved online. Identity verification has therefore shifted from in-person checks to remote identity verification. Today, we’re in an era where identity is now central to every interaction we have online.
Fraud has followed the same trajectory. Much like a burglar would test every possible entry point rather than just the front door, fraudsters probe every stage of the customer journey. They look for weaknesses at onboarding, during login, and throughout ongoing transactions and data requests.
That challenge has intensified in recent years. AI has given fraudsters faster, sophisticated and scalable tools. Deepfakes can bypass checks, AI‑generated documents can appear real, and phishing and impersonation attacks can now be automated at scale.
Once a fraudster gains access to a legitimate account, the damage escalates quickly. Global losses from account takeover (ATO) fraud were projected to reach $17 billion in 2025, up from $13 billion in 2024. While the underlying intent of fraudsters seeking the weakest point of entry, the breadth, speed and sophistication of modern attacks have.
Identity Fraud Patterns Across the Customer Lifecycle
Fraud can occur at any stage of the customer journey. From verifying identity at onboarding to securing connections and fighting fraud in everyday transactions. Each stage introduces its own risks, and attackers adapt their tactics based on where value can be extracted most efficiently.
In 2025, patterns showed a clear distinction between industries targeted for new account fraud and those targeted for account takeover fraud. Businesses that offer immediate incentives such as promotional offers or sign-up bonuses are primarily targeted for new account fraud. In contrast, businesses where accounts accumulate long-term financial or data value face higher levels of ATO.
Industries built around sign-up incentives or instance access experience most fraud at onboarding. For instance, in crypto, 67% of fraud attempts occur during account creation, largely driven by sign-up incentives. Vehicle rental follows a similar pattern, with 67% of fraud taking place at onboarding as attackers use fake identities to gain short-term access to high-value assets. In these sectors, low-friction onboarding creates opportunities to harvest incentives or establish accounts that later become avenues for future money laundering.
Account takeover fraud reflects a different strategy. Rather than creating fake accounts, attackers focus on compromising established accounts using tactics such as stolen credentials, phishing, malware, or social engineering. Entrust data shows this is most common in industries where accounts hold enduring value. In payments, 82% of fraud attempts occur after onboarding, while in professional services the figure is 62%. High-value, long-standing accounts are attractive because they enable fund transfers, loans, and access to identity-rich data, making them more valuable than newly created accounts.
These patterns highlight two critical realities. First, organisations can no longer optimise for one type of risk at the expense of another. Defending a single point in the journey inevitably leaves gaps elsewhere. Second, fraud has become highly professionalised. Modern fraud operations are organised, strategic, and adaptive, moving toward the highest rewards and the weakest controls.
Prevention Must Span the Entire Journey
If fraud can occur at any stage, prevention must operate at every stage. Organisations that implement robust, lifecycle-wide identity strategies save an average of $8 million per year in fraud-related costs. These savings come from detecting threats earlier, more accurately, and beyond a single checkpoint.
There are three areas where that lifecycle approach needs to be strongest.
Get onboarding right
Onboarding is the first opportunity to establish genuine trust. Strong Know Your Customer (KYC) or Know Your Employee (KYE) processes combine document verification with biometric checks such as face recognition or fingerprint scanning to confirm that the person applying is who they claim to be. Liveness detection adds a further layer by distinguishing real users from synthetic identities and deepfakes, which are linked to approximately one in five biometric fraud attempts.
With strong identity verification at onboarding not only reduces immediate fraud, but also limits the downstream damage caused with fraudulent accounts.
Secure existing accounts with continuous authentication
Verifying identity once is no longer sufficient. Continuous authentication, combining multi-factor authentication with biometric re-verification like facial recognition, allows businesses to protect established accounts without creating unnecessary friction for legitimate users.
Crucially, it enables authentication requirements to adapt dynamically as risk levels change, rather than applying the same static check regardless of context. In payments businesses, where most fraud targets the authentication process itself, this adaptability is key to mitigating attacks before losses occur.
Monitor behaviour in real time, not just identity
Device intelligence and behavioural signals make it possible to assess risk based on how users interact with services, flagging unusual login patterns, device anomalies, or out-of-character transactions.
As AI-driven fraud becomes more sophisticated and convincing, behavioural indicators provide another layer of ongoing fraud detection. Focusing monitoring on high-risk actions, rather than only high-risk identities closes a critical gap in traditional defences.
The Window of Opportunity
Fraud has always followed the customer journey. What has changed is the availability of advanced technology capable of tracking, analysing, and responding to threats at every stage. The key question for organisations is whether these capabilities are deployed as a connected strategy or left as isolated controls with gaps in between.
Companies that treat identity as a continuous thread rather than a single checkpoint will be better positioned to reduce losses and protect customers, and preserve the trust that underpins long-term digital relationships.
Michele Centemero, EVP Services, Mastercard Europe on why promoting awareness, stronger collaboration and data-sharing, and continued innovation of payments ecosystems, will be critical in reducing the impact of scams and protecting trust in the digital economy
SHARE THIS STORY
As our world becomes faster, smarter and more interconnected, scammers are evolving in parallel, developing increasingly sophisticated ways to exploit people’s trust. By harnessing new technologies and behavioural insights, they are refining their methods to appear ever more credible and convincing.
While attacks on systems continue, today’s fraudsters are increasingly targeting people, often relying on psychological manipulation to achieve their goals.
Understanding Social Engineering
Many modern scams fall under the umbrella of social engineering,which isthe use of deception and emotional manipulation to influence a person’s behaviour.
In the digital world, cybercriminals use these tactics to build false trust, create urgency or fear, and ultimately trick people into sharing confidential information or taking actions that can cause financial harm to themselves or their employer.
Recent European industry data indicates that social engineering-related fraud and authorised push payments (APPs) – where victims are tricked into sending money to fraudsters posing as legitimate payees – now account for a growing share of overall scam losses[1].
This is directly impacting a growing number of consumers, with the majority of people saying they’ve experienced some form of scam or fraudulent attempt to capture their personal information highlighting why awareness and vigilance are critical for people of all ages.
Education is the First Line of Defence
Protecting consumers and businesses from malicious activity is a priority, and it starts with awareness. When people understand how scams work, they’re more likely to spot the warning signs before it’s too late and be empowered to protect themselves against fraudsters.
Three of the most common social engineering scams to watch out for are:
Imposter fraud – Criminals pose as trusted organisations (such as banks, retailers, or government bodies) to pressure victims into sharing personal or financial details. Research indicates over half (53%) of European consumers have been targeted via phone or voice call scams, with social media scams affecting around two in five people, and tech support impersonation tricking roughly one in three.*
Phishing – Fraudulent emails, texts, or messages that are designed to look legitimate, often urging immediate action like clicking a link or resetting a password, leading victims to disclose sensitive information or install malicious software. Nearly three in five (58%) have received phishing emails or fraudulent text messages (63%) and QR code scams are on the rise, impacting nearly a quarter of Europeans.*
Romance or honeypot scams – Scammers build emotional relationships over time, gaining trust before exploiting it for financial gain. These types of attacks are also widespread, with one in four people (24%) encountering fake profiles, requests for money, or online relationships that lead to financial exploitation. These scams hit younger generations hardest, with 40% of Gen Z and 35% of Millennials affected, compared with 21% of Gen X and 11% of Boomers.*
How Businesses Can Protect Consumers from Scams
With fraudsters increasingly using AI to commit more sophisticated, larger scale attacks, businesses and banks should also consider how they deploy technology to protect customers from bad actors.
The combination of AI, robust identity controls and open banking can help protect consumers from scams, whether across card and account‑to‑account payments or in fraudulent account openings.
Looking at identity controls specifically – take the example of continuous identity verification, a fraud prevention measure that verifies the user is who they claim to be throughout the entire lifecycle journey. This helps to prevent scammers from opening or taking over accounts to apply for credit, create ‘mule’ accounts or impersonate others.
Behavioural biometric data is often used as part of this and can be used to analyse how a user interacts with their device – from typing patterns to on‑screen movements – to flag unusual behaviour.
More in depth, AI powered transaction analysis can also help banks and financial institutions to stay ahead of payment threats. It provides banks with the intelligence needed to detect and stop payments to scammers, using AI and a network-level view of account‑to‑account transactions to enable intervention before funds leave an account.
Staying Ahead of an Ever-Evolving Threat
As social engineering tactics continue to evolve, staying ahead requires a combination of intelligent technology, consumer education, and proactive action from businesses and financial institutions.
While no single measure can eliminate risk entirely, greater awareness, stronger collaboration and data-sharing, and continued innovation of payments ecosystems will be critical in reducing the impact of scams and protecting trust in the digital economy.
*Source: This study was conducted by The Harris Poll on behalf of Mastercard from September 8 to September 25, 2025, among 5000+ consumers in the following European markets: EUR: France (n=1,005), Germany (n=1,002), Italy (n=1,016), Spain (n=1,005), UK (n=1,004)
Mastercard: Transforming the Fight Against Scams
Innovation – Our advanced AI-powered Identity insights examine digital footprints and assess unique patterns to detect risk and flag suspicious activity indicative of scams.
Collaboration – We collaborate across industries, partners and organizations worldwide to secure the digital ecosystem, ensuring payments are safe for all. Combating the growing threat of scams demands a collective effort.
Education – We work with and through our collaborators to provide knowledge and tools that help people protect themselves and their loved ones from scams, while also working to destigmatise the experience of being a victim.
$12.5bn in losses from U.S. consumer reported online scams in 2023
$486bn in global losses from scams and bank fraud schemes in 2023
22% YoY growth in U.S. consumer scam losses suffered in 2023
From sender to recipient, we vigilantly monitor accounts and transactions for any elevated scam risk
Identity insights – Provides actionable identity insights and risk scores for businesses to improve identifying their good customers from the scammers creating “mule” accounts or impersonating someone else with a false identity.
Transaction patterns – Flags suspicious activity across the money movement flow to prevent payments to scammers before it is sent through the real-time analysis of transaction elements.
Account confirmation – Enables account validation to confirm account ownership and validate identity details in real-time through our open banking capability, which draws on the safe exchange of consumer-permissioned data to facilitate frictionless and secure payments.
Richard Ford, Chief Technology Officer at Integrity360, on why cybersecurity must move beyond control and embrace trust
SHARE THIS STORY
Cybersecurity has long been focused on building walls, but the biggest threat is already inside. Today, insider risk accounts for nearly half of all data breaches. This isn’t just about malicious actors, it’s about regular employees and trusted contractors who make simple, costly mistakes.
Remote and hybrid working has only intensified the problem. With teams distributed and work happening across cloud platforms and collaboration tools, it’s harder than ever to track what’s happening, let alone why. Although AI tools promise efficiency, they also introduce new vulnerabilities. Employees pasting code into chatbots or bypassing corporate tools to meet deadlines. All seemingly innocent, but highly risky.
Insider Risk
Ransomware gangs know this and are now skipping the technical breach altogether and going straight to the source – a company’s insiders. Whether through bribery or social engineering, attackers are finding that humans can be the weakest link in even the most well-defended environments. Despite this, most security budgets still focus outward.
Traditional tools like data loss prevention (DLP) struggle to keep up with today’s dynamic and unpredictable user behaviour. Meanwhile, simulated phishing tests and punitive training schemes often breed resentment, not resilience. It’s time to rethink the model.
Human Error, Human Fix
We need to stop treating employees as the problem and start making them part of the solution. Enter Human Risk Management (HRM), a behavioural approach to cybersecurity that recognises the complexity of modern work. HRM tools monitor real-world user behaviour, detect anomalies in context, and deliver just-in-time nudges to prevent risky actions before they happen. Instead of punishing mistakes, they help users avoid them in the first place.
Of course, technology alone won’t fix the issue, culture is key. Leadership must champion security as a shared responsibility, not an IT rulebook. Success should be measured by how quickly employees improve, not how often they slip up. Awareness campaigns need to be practical and rooted in real-world behaviour.
Organisations also need to understand how digital transformation has changed the risk landscape. Shadow IT is no longer a fringe issue, it’s how work gets done. Whether it’s a developer using an AI plugin or a marketer sharing files via a personal drive, employees will always find the fastest path to productivity. Security must meet them there, not block the way.
Cybersecurity Built on Trust
The smartest businesses are those that treat identity like infrastructure, and behaviour like a vital data stream. They invest in tools that adapt to people, not the other way around. This means a move away from a surveillance approach and embracing the nuance of human error and design systems that support.
In a world where threats are increasingly internal and AI is both a risk and a tool, cybersecurity can no longer be about control. It must be about trust, and that starts with understanding the humans behind the keyboards.
Pierre Noel, Field Chief Information Security Officer at Expel, on why security with community-based governance is a key business pillar that better positions organisations to become more resilient and target growth
SHARE THIS STORY
It’s been a particularly rocky start to 2026 for the global cybersecurity landscape. From the Substack data breach to PayPal credential-stuffing attacks in February, we are not looking at IT failures alone. These attacks are balance-sheet events: direct assaults on business value, triggering remediation costs and long-term impacts on financial health. Compounded with the conflict with Iran, leading to potential ramifications in the cyber realm, it’s more important than ever for the C-suite to be aligned on cybersecurity priorities.
Despite this, a glaring disconnect remains in planning and execution. Expel’s research found that while 85% of finance leaders view cybersecurity as a key component of business planning, only 40% express full confidence in security’s ability to align with business strategy. To bridge this gap, CISOs must move from reporting on activity and start reporting on resilience and unit cost.
Translating Alert Volume Into Unit Cost
CISOs must change how they present the value of their operations. CFOs are largely indifferent to technical metrics like the ‘millions of blocks pings’ or ‘SOC alert volume’ – to a finance leader, an alert is simply another form of disruption to daily operations.
To fix this, CISOs should introduce the ‘unit of cost protection’. By breaking down security spend into the cost required for a single transaction or business unit, CFOs can understand and manage it from experience. A tiered approach works best here: high-risk business units justify higher protection costs than low-risk ones. This allows CFOs to treat security as a scalable operational expense rather than a black hole of additional tooling – the kind of framing that also resonates in a boardroom.
Mapping Investment to Business Risk Exposure
Expel’s research shows that while 43% of finance decision-makers are confident that security can prioritise investments based on risk, only 46% are confident that security can deliver cost-efficient solutions. To move in the right direction, CISOs should shift from ‘vulnerability management’ to thinking about ‘business risk exposure’, requiring a different view of how threats unfold over time.
It’s all about asking the right questions. Instead of requesting more firewalls to protect a specific timeframe, start asking for the cost of securing diverse digital ecosystems across an extended risk window. The 2026 Winter Olympics is a good example: Russian-led cyber campaigns began raising concerns months before a single athlete arrived in Italy, proving that risk isn’t a one-day event but an ongoing operational cost.
For European organisations, this framing is increasingly non-negotiable. While NIS2 and DORA help make the cost of under-investment concrete and quantifiable, the upcoming Cyber Resilience Act (CRA), with key reporting requirements starting in September 2026, extends this pressure to anyone manufacturing or selling digital products in the EU. Even for purely domestic UK entities, the new UK Cyber Security and Resilience Bill is moving the goalposts toward these same high standards. Ultimately, CFOs must understand that cybersecurity isn’t just about preventing loss; it’s a prerequisite for safe and secure growth.
The Reputational Multiplier
So those are the questions to ask, but how do CISOs deal with the ‘unknown unknowns’, specifically long-term brand damage? While compliance fines under NIS2 or DORA may be straightforward (and important) to model, they rarely represent the full scope of the potential damage. In such scenarios, CISOs should propose a reputation multiplier: a framework for quantifying the financial fallout of brand damage in a language CFOs know and trust, looking past immediate recovery costs to factor in the long-term implications of re-establishing market trust.
The 2026 CarGurus breach illustrates this well. Impacting 12 million users, the cost wasn’t purely technical; it also came from the stock price dip and marketing spend required to repair the brand. For UK companies, where regulatory scrutiny is heightened, that multiplier effect is even more pronounced. This is the language of a CFO, and it helps CISOs better translate the urgency and relevance of a strong cybersecurity posture.
Standardising the Language of ROI
Closing the gap between CFOs and CISOs needs more than just better data; it needs a shared vocabulary. By standardising the language of ROI, CISOs transform cybersecurity from a vague insurance policy into a transparent value driver fully trusted by finance teams. Move away from complicated defensive jargon toward a unified framework of unit costs, and the gap between the CISO and CFO starts to close.
Security has become a key pillar of business operations, and in the current threat environment, it’s genuinely a community-based governance issue. The organisations that get this right aren’t just more resilient. They’re better positioned to grow.
Dr. Yvonne Bernard, CTO at Hornetsecurity, on meeting the challenge of managing the speed of AI adoption and harnessing its defensive capabilities while mitigating the risk of uncontrolled adoption
SHARE THIS STORY
The past year has been defined by acceleration. Threat actors rapidly embraced automation, AI, and social engineering. Scaling their tactics at unprecedented speed, while defenders raced to keep pace. Historically, defensive resilience evolves in step with attacker innovation, but in 2025 that balance began to falter.
In an analysis of over 6 billion monthly emails, Hornetsecurity’s Security Labs found that the volume of sophisticated threats grew faster than most security teams could adapt to. Malware-infected emails soared by 131%, scams increased by nearly 35%, and phishing attempts – powered by access to advanced AI – rose by 21% from the previous year.
Typically, attacks, even at volume, are easily filtered by good firewalls and secure email gateways. But the sophistication and AI-led nature of 2025’s boom made it even harder for organisations to defend themselves. The question now is: can security teams and businesses wrestle back control?
Evolving Cyberattack Landscape
AI enhances efficiency and precision. As such, cybercriminals use it to launch faster, more convincing and adaptive attacks, ranging from deepfakes to credential stuffing. As an example, there is a concerning trend of attackers increasingly using ‘MFA bypass kits’ to create deceptive login pages. These pages capture not only the user’s credentials but also have logic built in to handle MFA prompts as well. The unsuspecting user is then passed to the real login page for the target service and meanwhile the ‘kit’ grabs a copy of the user’s session token. This allows the attacker to impersonate the person and access their data.
Examples of such kits include Evilginx (open source) and the W3LL panel. Protecting against these attacks can be challenging, as they are adept at bypassing MFA safeguards. Threat actors often use compromised LinkedIn accounts, for example, to gain access to substantial information and connections. This enables them to impersonate trusted business connections. Paired with the weaponisation of Agentic AI, this will magnify existing vulnerabilities within an organisation, while introducing new ones that defy traditional containment models.
As it stands, the lack of oversight within organisations on the extent of AI’s adoption by cybercriminals has enabled the emergence of ‘Ransomware 3.0.’ Ransomware has evolved past simple encryption and exfiltration, with this next phase focusing on LLM-driven orchestration and a shift to data integrity manipulation.
To counter AI-accelerated compromises and ‘Ransomware 3.0’ in 2026, organisations must adopt a Zero Trust-based cyber resiliency strategy. This requires businesses to implement strong, non-phishable machine authentication, strict least-privilege access, and constant monitoring to protect the integrity of the data that users and AI agents can access. It should become the baseline expectations rather than aspirational goals for this year.
The Secret Value of ‘Least Privilege’ Access
Another strategy to proactively improve cybersecurity defences in 2026 is to enforce the principle of ‘least privilege’ access. This tactic grants users access only to the data that’s needed for their role. Limiting excessive access is important for preventing the potential for widespread data exposure and damage in the case of an account compromise.
Businesses, however, must strike a balance over access; if it’s too strict, it can hinder productivity and lead to shadow IT issues. Getting this balance right when it comes to privileged access is where sophisticated permission managers are invaluable tools to work with. They streamline the process and remove the guessing game of who and what to grant access to, thereby ensuring, in the case of an attack, that the entire organisation won’t be brought to its knees.
How CISOs are Adopting ‘Resilience, not Perfection’
The rate at which AI is advancing means not every organisation will be equipped with the tools or the know-how to tackle every AI-inspired attack. But as the saying goes, ‘prevention is better than cure’. It’s better to create a strong security culture than to continually chase after the next best tool.
Organisations can’t strengthen their resilience without involving every single person under their umbrella. That’s why CISOs must continue to invest in cybersecurity awareness programs.
These should include simulated AI-phishing attacks (phishing remains the number one attack vector) to test users and enable them to apply learnings from the modules.
If any user clicks on a phishing email, they should receive additional training at that very moment, to cement the learning. Over time, a good training system should automatically identify users who rarely fall for such attacks and reduce the training they receive while making the simulations they do receive more difficult. Conversely, giving persistent offenders additional bite-sized training and simulations can help improve security outcomes over time.
The key challenge for 2026 is managing the speed of AI adoption and harnessing its defensive capabilities while mitigating the risk of uncontrolled adoption. But with excellent training, cyberattack practice runs, and the adoption of Zero Trust principles, organisations will find themselves in a strong position.
About Dr. Yvonne Bernard
Dr. Yvonne Bernard is the CTO of Hornetsecurity by Proofpoint, Proofpoint’s business unit leveraging the Hornetsecurity product suite dedicated to managed service providers (MSPs) and small to mid-sized businesses (SMBs), providing next-generation cloud-based security, compliance, backup, and security awareness solutions that help companies and organisations of all sizes around the world.
Nicole Reader, Head of Technology Solutions & Delivery at The Bunker (part of the Cyberfort Group), on finding a measured path forward for the future of cloud
SHARE THIS STORY
For more than two decades, UK organisations have embraced the cloud as the default model for digital growth. Hyperscale platforms have offered flexibility, speed and a route to innovation that would once have required years of capital investment. Cloud first became the business mantra. Cloud native became the ambition. Few stopped to ask what this meant for long term control. Today that question is becoming unavoidable.
Geopolitical relationships are shifting at pace. Trade tensions, regulatory divergence and new data access laws are reshaping the digital landscape as quickly as any technological change. At the same time, businesses are generating and storing more information than ever before. AI tools, collaboration platforms and SaaS applications are accelerating data creation at a rate that is testing infrastructures, supply chains and budgets alike.
In that context, many UK organisations are starting to ask a difficult question. When we moved to the cloud, did we quietly export more control over our data than we realised? The uncomfortable answer in many cases is yes.
The Assumption of Cloud Control
A significant proportion of UK businesses rely on global services, whether hyperscalers such as Amazon Web Services and Microsoft Azure or SaaS platforms headquartered overseas. These providers are sophisticated, resilient and often highly secure. However, their global footprint means that data is frequently stored, processed or managed beyond UK borders.
The challenge is that many boards assume that if data is accessible from the UK, or if a provider has a UK presence, it remains firmly under UK control. This assumption is often incorrect.
There is a crucial difference between data location and legal jurisdiction. Data residency refers to where data is physically stored. Data sovereignty refers to which who ultimately governs access to that data. Those two concepts are not interchangeable.
Legislation such as the US Cloud Act demonstrates why this matters. Under certain circumstances, US authorities can compel US headquartered providers to provide access to data, even if that data is stored outside the United States. The geographic location of a data centre does not automatically determine who can lawfully demand access.
Boards often conflate these terms, believing that selecting a UK service resolves sovereignty concerns. In reality, the corporate structure of the provider, contractual arrangements and cross border processing activities can all shape the legal framework that applies.
This is not an abstract legal debate. It is a question of operational control, regulatory exposure and risk appetite.
The Convenience Compromise
The rise of public cloud was driven by many compelling advantages. Flexibility, scalability and rapid deployment transformed how businesses launched products and expanded into new markets. For many organisations, the cost of building and maintaining their own infrastructure was prohibitive and the hyperscalers offered an attractive alternative at a great price.
However, that convenience came with trade-offs that were not always fully understood at the time. Cloud contracts can be complex. Consumption based pricing models include ingress and egress charges. Including API calls and a range of ancillary costs that can quickly exceed initial forecasts. It is not uncommon for organisations to reach the midpoint of their financial year and discover their cloud budget has already been used.
Meanwhile, operational design decisions made years ago may not have been stress tested against today’s regulatory expectations or geopolitical realities. Many mid-market IT teams have spent the past decade maintaining estates rather than redesigning them. In some cases, institutional knowledge has not kept pace with the evolution of cloud services and their associated risks.
The result is a landscape in which data has been distributed widely, often for operational reasons, but without a holistic understanding of the sovereignty implications.
Repatriation is Not a Silver Bullet
In response, there has been a growing push towards data return and sovereign cloud offerings. European initiatives are seeking to create regional alternatives to US dominated platforms. In the UK, there have been calls by government to expand domestic data centre capacity to retain greater control over national data assets.
The instinct is understandable, particularly for government, defence and heavily regulated sectors where sovereignty can become a non-negotiable requirement. However, it would be naïve to assume that bringing data back to the UK automatically makes it secure or resilient.
Local does not necessarily mean safe. High profile breaches over the past year have affected organisations across multiple jurisdictions, regardless of where their infrastructure is hosted. Security is not guaranteed by postcode.
There are also practical constraints. Data volumes are expanding rapidly, fuelled by AI workloads and increasing digitalisation. Hardware supply chains are under pressure, with significant demand driven by hyperscale AI investments. Price volatility is already evident, with some organisations seeing substantial cost increases within weeks.
Simply building more UK data centres does not eliminate capacity constraints or environmental considerations, particularly around power and cooling.
Furthermore, many businesses rely on global platforms to serve international customers and partners. A purely national approach can undermine interoperability and performance. For most organisations, the right answer will involve a hybrid strategy rather than wholesale repatriation.
From Technical Detail to Board Level Risk
What has changed is not simply the technology, but the level at which these decisions must be made.
Data sovereignty is no longer a technical footnote for the IT department. It is a board level risk issue. Directors must understand where critical data is stored, where it is processed and which legal regimes can assert authority over it. They must assess whether current arrangements align with the organisation’s risk appetite and regulatory obligations.
This is particularly acute in sectors such as financial services, healthcare and defence, where the sensitivity of data and the scrutiny of regulators are intensifying. For these organisations, sovereignty and security are intertwined. Compromises made for convenience or short-term cost savings can carry significant long-term consequences.
Security itself must be treated as a foundational approach rather than an add on. Too often, security controls are bolted on after operational decisions have been made. Minimum standards are implemented, arbitrary certificates are obtained and compliance boxes are ticked. While certifications can provide useful benchmarks, they do not replace rigorous design and ongoing validation.
If data is brought back onshore, but not properly segregated, monitored and protected, the sovereignty objective is completely undermined. There is little value in regaining geographic control if the underlying environment remains vulnerable.
The Business Case Reality
It would be unrealistic to ignore commercial pressures. For many mid-market organisations, cost remains a primary driver of decision making. Risk appetite is frequently calibrated against budget constraints. The perfect solution is rarely affordable.
That is why compromise becomes central. The critical question is not whether to compromise, but where. Does an organisation prioritise flexibility over jurisdictional control? Does it accept higher costs to secure local hosting? Does it rely on hyperscale security capabilities while accepting overseas governance frameworks?
There is no universal answer. The correct balance depends on the nature of the data, the regulatory environment and the strategic objectives of the business. A small retail operation will have different requirements from a growing fintech or a defence contractor. Supplier selection must reflect that risk profile. Not all cloud or data centre providers are equal in capability, assurance or sector expertise.
Boards should therefore ask their providers some direct questions. Where exactly is our data stored and where is it processed? Which legal jurisdictions apply, and under what circumstances could external authorities demand access? Who within your organisation has access to data, and how is it segregated from other customers? What is the exit plan, and how do we ensure data is fully returned and deleted at the end of a contract?
These are not confrontational questions. They are governance essentials.
A Measured Path Forward
As a result the UK should not retreat from global cloud ecosystems, nor should it blindly assume that everything must be deported. The objective is not isolation, but informed control.
Where sovereignty is genuinely critical, particularly in government and national security contexts, local hosting and specialist providers may be essential. In other scenarios, public cloud may remain the most effective platform, provided its legal and operational implications are fully understood and managed.
The most significant risk today is not that UK businesses have embraced the cloud. It is that many have done so without fully mapping the sovereignty, jurisdictional and security consequences that come with relinquishing control of data.
As data volumes grow and geopolitical uncertainty continues, that gap in understanding becomes a strategic vulnerability. The cloud has delivered extraordinary value. Now all these years later, it demands a more mature conversation.
Convenience built the digital economy. Control will define its resilience.
Chris Gunner, vCSO at Thrive – a leading NextGen MSP/MSSP, delivering global AI, cybersecurity, cloud, compliance, and digital transformation managed services – on how CISOs can position their cyber strategy to to become part of how a business navigates uncertainty
SHARE THIS STORY
Quantification of cyber risk is a growing trend. While this can be genuinely useful, in practice it is often misunderstood or over-applied by security leaders. It can range from an arbitrary figure to attempting to model every possible risk on the register in a Monte Carlo simulation. The focus can fall on the mechanics of quantification, rather than how financial decision-makers actually use the information.
Think of the CFO – they don’t walk through every penny in the budget. Instead, they usually focus on the board-level levers that can materially affect the business. These often include three key areas: strategic optionality, removing friction from capital events and avoiding shocks and smoothing operating costs. Security conversations should be anchored the same way.
The Importance of Strategic Optionality
If faced with a credible one-year growth plan, CFOs may recommend a one-year office lease despite a 20% premium. This is because it maintains the option later of moving or re-contracting once the growth trajectory becomes more visible. Like most strategic decisions, it is about preserving flexibility in the face of uncertainty, even if that flexibility comes at a short-term cost.
If we apply this to a cyber context, there are often businesses that have taken a calculated gamble with their existing business strategies. While the plan is sound, there is a chance it might not land as expected. When they require security services, the choice between a ‘standard’ and ‘premium’ SOC frames the decision as one of optionality rather than security spend. Paying more now to preserve the ability to adapt later down the line. A simple illustration is incident response. An on-call retainer with defined response times can look more expensive than ad hoc support. Until an incident occurs and procurement becomes the bottleneck. In those moments, flexibility is often far more valuable than marginal savings achieved earlier.
Removing Friction from Capital Events
For CFOs, especially those operating in the alternative investment space, the focus is on structuring capital events. As opposed to managing day-to-day operational costs. One of the most painful points in that process is due diligence. The careful exchange between acquirer and target that aims to provide enough information for each to price risk, without giving the entire game away.
CISOs can materially influence how smooth or painful that process becomes. The most effective support often comes from understanding upfront what the diligence process will look like and preparing accordingly.
For example, they might develop executive-level ‘Security at ACME’ overviews to sit alongside more detailed trust centre or technical reports. Being available to diligence teams for interviews, and for example clearly articulating which services are outsourced to an MSSP, and why, builds credibility between those executive teams.
Decision-makers often don’t look at penetration test reports at a deal level. They are assessing whether the organisation understands its own control environment. A well-prepared CISO who can clearly explain why certain controls exist acts as a trust amplifier during transactions.
It is often the difference between a diligence process that closes cleanly and one that drifts. Two organisations can have similar maturity. Yet the one that can respond within a day with clear, consistent evidence reduces follow-up questions, avoids uncertainty premiums in pricing discussions and prevents security from becoming a late-stage negotiation point.
Avoiding Shocks and Smoothing Operating Costs
For any individual who has worked with a finance partner to define a departmental budget will know that predictability often takes precedence over absolute cost. Contract value can be secondary to payment terms, renewal timing or the ability to forecast spend with confidence.
CISOs can align with this by looking to reduce unplanned operating expenditure. In addition to understanding the cost structure of their controls by communicating with the technical pre-sales engineer, procurement and account teams.
A good example is cyber insurance. While often purchased directly by finance teams, many policies are relatively off-the-shelf and provide access to services the security team already operates or has under contract. Other policies include notable exclusions for the events most likely to occur. Such as a ransomware incident without business interruption cover. In many cases, these gaps can be addressed in-policy with a flat fee or a more predictable cost model.
The value here extends beyond risk transfer and into more predictable costs: replacing reactive spend with planned expenditure.
Aligning Cyber Conversations to Board Priorities
Across all of the above examples, the common thread is that the board is rarely asking security to prove its value in isolation, and is surprisingly comfortable with uncertainty. But they are asking whether the cyber papers support better decisions, fewer constraints and more predictable outcomes for the business as a whole.
CISOs who frame their priorities in those terms will find their conversations move away from justifying individual controls and towards understanding how security choices shape the organisation’s ability to respond to change. In that context, cyber becomes part of how the business navigates uncertainty, rather than a specialist function defending its budget. Speaking the board’s language, ultimately, is less about converting cyber risk into pounds and pence. It is more about understanding which levers matter at that level and showing how security choices influence them.
Dr. George Papamargaritis & Dr. Konstantia Barmpatsalou
Published
26 February 2026
Estimated Read time
4Mins
Obrela’s Dr. George Papamargaritis (EVP MSS) and Dr. Konstantia Barmpatsalou, (Blue Team Support Manager) on why embracing a risk-led cybersecurity model will leave financial organisations better positioned not just to meet regulatory requirements but to strengthen resilience, protect customers and uphold the trust that is so essential to the future of financial systems
SHARE THIS STORY
Cybersecurity in the financial sector was once viewed as a compliance-driven discipline. But as attackers have increasingly targeted institutions with sophisticated, persistent and often internally driven campaigns, it has become a strategic priority.
According to the Digital Universe Report H1 2025, financial services were the second most targeted industry globally, accounting for 19% of all observed cyberattacks. This reflects both the sector’s value to adversaries and the complexity of the digital ecosystems it now operates within.
Regulatory frameworks such as the FCA and PRA’s operational resilience rules, the EU’s Digital Operational Resilience Act (DORA) and NIS2 have strengthened baseline protections. However, the report’s findings demonstrate that regulation alone cannot deliver true cyber resilience. Institutions must adopt a strategic, risk-led approach that looks beyond compliance to understand real threats, behaviours and operational dependencies.
Tailored, Internal and Stealthier Threats
One of the most striking insights from the report is how targeted financial sector attacks have become. Industry-specific security risks now represent 32% of all incidents in the sector. This is an indication that adversaries are designing attacks using detailed knowledge of financial operations, from trading workflows to payment systems.
Internal activity is also a major concern. Suspicious internal activity accounts for 26% of detections across financial services, reflecting the frequency of compromised accounts, misused privileges and lateral movement. For a sector historically focused on defending the perimeter, this shift highlights the need for deeper visibility into user behaviour and identity-driven risks.
The wider threat landscape reveals adversaries are moving away from overt, signature-based attacks. In H1 2025, brute force activity made up 27% of global alerts, while vulnerability scanning accounted for 22% and known malicious indicators for 20%. Notably, direct malware payloads dropped to 0% of trending alerts, replaced by fileless techniques and living-off-the-land methods that bypass traditional defences.
For financial institutions, this is a challenge. Many compliance requirements still centre on endpoint protection, patching and malware controls. These will of course, remain important, but they cannot address threats that are increasingly behavioural, stealth-driven and identity-focused.
Operational Complexity
The financial sector’s cyber risk is intensified by its expanding operational footprint. Cloud adoption, open banking, digital identity models and extensive third-party ecosystems have all created new points of exposure. Financial services operate within a global digital infrastructure that is both vast and increasingly interconnected. This level of complexity cannot be effectively protected through compliance checklists alone.
Regulators are recognising these realities. DORA’s emphasis on ICT third-party risk, operational resilience testing and continuous oversight reflects the need for more proactive, intelligence-driven approaches. But DORA still only sets a minimum standard. True resilience requires institutions to move beyond regulatory expectations and embed cybersecurity into broader business strategy.
Strategic, Risk-Led Cybersecurity
A risk-led approach begins with understanding the threats that pose the greatest risk to operations and customers. Financial institutions remain priority targets for groups such as FIN7, TA505, Cobalt Group and various state-backed actors. Their tactics, such as credential harvesting, remote access tools, web-injection frameworks and lateral movement, are specifically designed to exploit the digital fabric of financial services.
This evolving threat profile puts identity and behaviour at the heart of cyber defence. With credential-driven and internal threats so prevalent, institutions must prioritise behavioural analytics, continuous authentication and zero-trust models that verify users and devices contextually rather than relying on static controls.
Strategic cyber resilience also needs to have continuous assurance. Traditional audits, annual testing and scheduled penetration exercises cannot keep pace with rapidly evolving threats. Leading institutions are shifting toward continuous control monitoring, automated attack simulation and persistent adversarial testing. These practices align with the Bank of England’s CBEST framework and demonstrate a sector-wide move toward ongoing, intelligence-led assurance.
Crucially, cyber risk must be treated as an operational issue, not just a technical one. Embedding cybersecurity into enterprise risk management, financial planning, product development and board oversight is essential. This integrated approach also mirrors the direction of FCA and PRA regulation, which increasingly emphasises governance, accountability, and resilience across the entire organisation.
Beyond Compliance
Financial services underpin national economies and public confidence. As digital ecosystems grow and adversaries become more sophisticated, the sector faces a dual challenge: meeting rising regulatory expectations while defending against complex, targeted attacks. It is clear that cybersecurity must evolve from compliance-driven activity to a strategic capability built on intelligence, continuous assurance and behavioural insight.
Institutions that embrace this risk-led model will be better positioned not just to meet regulatory requirements but to strengthen resilience, protect customers and uphold the trust that is so essential to the future of financial systems.
Children’s Mental Health Week 2026 spotlights the theme ‘This is My Place’. Tech charity founder James Tweed is calling on…
SHARE THIS STORY
Children’s Mental Health Week 2026 spotlights the theme ‘This is My Place’. Tech charity founder James Tweed is calling on the UK’s IT departments to donate surplus laptops and devices to help some of the country’s most overlooked vulnerable children.
Rebooted
Tweed founded Rebooted to support the children of prisoners and provides laptops so they can learn at home.
“Having a parent in prison can be traumatic and often leads to a child struggling at school,” says Tweed. “If that child then falls behind digitally or is excluded from education, their long-term prospects narrow dramatically. It’s a vicious circle and we need to break it early.
“For many of these children, school is already unstable. If they also lack access to reliable technology at home, they’re starting from behind. In 2026, digital access isn’t a luxury, it’s foundational.”
A Practical Solution
With businesses refreshing hardware on regular cycles, Tweed believes IT leaders are sitting on a practical solution.
“Across the UK, thousands of perfectly usable laptops are sitting in storage cupboards or heading for recycling. Those devices could transform a child’s ability to learn, revise and stay connected to school.”
Crucially for IT heads, data security is central to the model. All donated devices are securely wiped and processed by Rebooted’s technology partner, GeTech, using certified data erasure procedures.
“Security is non-negotiable,” assures Tweed. “Every device is professionally wiped to recognised standards before it’s redeployed. IT teams can donate with complete confidence.”
Children’s Mental Health Week
Children’s Mental Health Week, launched in 2015, focuses this year on belonging and ensuring young people feel they have a place in their communities. Tweed argues that digital access plays a direct role in that sense of inclusion.
“We talk a lot about wellbeing and belonging,” he says. “But if a child can’t access homework platforms, revision tools or basic digital resources, they quickly feel excluded. Technology can either widen the gap — or help close it.”
Rebooted is now urging CIOs, IT directors and managed service providers to review surplus stock and consider structured donation programmes as part of their ESG and sustainability strategies.
“This is practical, measurable impact,” Tweed adds. “Instead of gathering dust, those devices can help ensure a vulnerable child can genuinely say, ‘This is my place.’”
IT leaders interested in donating surplus equipment can find more information at:rebooted.me
JP Cavanna, Director of Cybersecurity at Six Degrees, on balancing the risks and benefits of AI in cyber defence strategies
SHARE THIS STORY
Undeniably, AI is here to stay. Having become part of day-to-day life, it’s hard to remember what life was like without it. But when it comes to cybersecurity, is it causing more harm than good?
Recent research outlines that 73% of organisations have already integrated AI into their security posture. The technology is clearly becoming a cornerstone of modern cybersecurity. Organisations are turning to AI not just as a tool, but as a partner in security operations, leveraging its capabilities to identify malicious activity faster, guide investigations, and automate repetitive tasks.
For it to be truly effective, though, AI must be paired with human expertise – but this is where organisations are starting to become complacent. Given the growing sophistication of cyber-attacks, and even AI-powered attacks, many are removing the human element while expecting AI tools to do all the work for them, leaving them even more vulnerable to threats. This overreliance risks creating blind spots, where critical thinking, contextual understanding, and instinct are overlooked. Without the balance of human judgement, AI can amplify mistakes at scale, turning efficiency into exposure.
The Cybersecurity Paradox
This situation puts many organisations in a potentially difficult position. On the one hand, AI can significantly improve the efficiency of security operations. In the typical SOC, for example, AI technologies can process alerts in around 10-15 minutes. This represents a significant improvement over human analysts, who can easily require twice as long for the same task.
Aside from the obvious efficiency gains, applying AI to these repetitive, time-pressured processes can also significantly reduce the scope for human error. And in turn, take considerable pressure off security analysts. Going some way to battling alert fatigue, an increasingly well-documented and persistent problem. In these circumstances, valuable human experience and specialist expertise can instead be more effectively applied to complex investigations, strategic decision-making, and other higher-value priorities.
On the flipside, however, AI remains prone to generating inaccurate or misleading insights, and users may not realise they are applying the wrong information to potentially serious security issues. Similarly, habitual blind trust in AI outputs can easily erode performance levels and even introduce new vulnerabilities. There is also scope for sensitive data to enter public environments, with the potential to cause compliance issues. This kind of information can also reappear in future versions of the AI model in question, therefore resulting in further data exposure risks.
Parallels with IoT Adoption
The situation mirrors that seen in the early days of IoT adoption, where the rush to innovate would often override security considerations. In this current context, therefore, human oversight and vigilance are extremely important. Clear governance frameworks, defined accountability, and continuous monitoring must underpin any AI deployment. Therefore ensuring that innovation does not outpace risk management or compromise long-term resilience.
A Growing Arms Race
If that wasn’t challenging enough, threat actors are also in on the AI boom in what has already been described as an ‘arms race’. In practical terms, AI tools are already widely used to create more convincing phishing attacks free from some of the more obvious traditional tell-tale signs of criminal intent, such as imperfect grammar or a suspicious tone.
Deepfake technology has also raised the stakes. We’ve all seen how convincing AI-generated video has already become. This is now finding its way into real-world examples, with one fake video reportedly causing a CFO to authorise a large financial transfer as a result.
At the same time, technology infrastructure is constantly under attack by AI-powered tools. They can be used to analyse defensive systems and identify weaknesses faster than humans. The net result of these developments is that defenders constantly play catch-up, as they can only respond to new attack vectors once discovered. The underlying takeaway is that at present, AI cannot be trusted to operate autonomously. Instead, human intuition, scepticism and contextual understanding remain essential to spotting emerging tactics.
As attackers refine their methods at machine speed, organisations need to resist the temptation to match automation with automation alone. They must double down on strategic thinking and continuous skills development.
Balancing Benefits and Risk
So, where does this leave security leaders who are looking to balance the benefits and risks? Firstly, and to underline a fundamental point, while AI offers scale and speed, it cannot replace critical human oversight. Organisations should view AI as an enhancer, not a replacer. Success lies in promoting partnership, not substitution.
Strong governance is vital. This should start with clear AI usage policies that define what can and cannot be shared with AI tools, while proper data classification and access control ensure that sensitive information is protected. In addition, regular validation of AI outputs can help to prevent inaccurate or misleading results from being unnecessarily acted upon.
Then there are the perennial challenges associated with employee awareness training, which is vital for avoiding complacency and understanding the limitations of generative AI tools. Cyber leaders should also monitor how AI is being used inside and outside the corporate environment, as staff often experiment with tools on personal devices.
Get this all right, and security teams can put themselves in a very strong position to embrace AI, safe in the knowledge that they have the guardrails and processes in place to balance innovation and efficiency with effective human-led oversight. Ultimately, success will depend not on how much AI is deployed, but on how intelligently it is governed and refined alongside the people responsible for securing an organisation.
Dan Nichols, Chief Technology Officer at virtualDCS, on why cloud resilience in the financial services sector hinges on shared accountability and an assume-breach philosophy
SHARE THIS STORY
A powerful catalyst for transformation, the cloud is reshaping how organisations compete in the financial services sector. Beyond significant cost savings and flexibility, leaders are eager to unlock the potential of AI-driven insights, intelligent automation, and real-time business modelling. And, in a space governed so strictly by data sovereignty and privacy policies, the cloud’s ability to localise, encrypt, and control data has made it a key enabler of compliance and customer confidence.
But as threats become more frequent and sophisticated – with attackers now targeting shared platforms and partner supply chains – organisations can no longer rely on their own defences alone. For true digital resilience, shared accountability, collective readiness, and clear governance across every cloud touchpoint are equally non-negotiable.
All Eyes on the Money
The industry sits at a valuable intersection of data, technology, and finance. A combination that makes it uniquely attractive to attackers. It holds some of the world’s most sensitive data, directly underpins the flow of global capital, and operates through deeply complex and interconnected systems. With every integration increasing the risk of exposure. Ultimately, the attack motivation is as simple and relentless as it is in most sectors: monetary gain. Cybercriminals target institutions precisely because of the value at stake and the speed at which disruption translates to loss.
How the Threat Landscape is Evolving
Ransomware groups may see insurers and payment providers as high-yield targets. They understand even seconds of downtime can induce multi-million pound losses. Under pressure to protect customer trust and avoid regulatory penalties, some firms may choose to pay in order to restore their service quickly. This dangerous perception only encourages repeat targeting and paves the way for damage to spread even further. Yet it remains a common response tactic among many.
At the same time, the rise of supply chain and third-party attacks has made it possible for criminals to bypass even the most well-defended cloud environments. By exploiting shared platforms, managed service providers, and cloud-hosted applications, perpetrators can move laterally across multiple organisations at once, amplifying both the reach and impact of their attacks. In other words, infiltrating one vendor’s weakness can cripple an entire network in one carefully coordinated strike. And, since some firms may overlook the cloud’s shared responsibility model – presuming end-to-end security sits solely with their cloud provider – multiple blind spots can inevitably emerge, creating easy openings to exploit.
In an environment where boundaries blur and dependencies multiply, traditional perimeter-based defences are no longer enough. Hybrid and multi-cloud infrastructures demand continuous visibility, faster detection, and coordinated response across every partner and provider. The goal is not simply to prevent breaches, but to withstand and recover from them collectively. It’s about recognising that in today’s ecosystem, no financial institution is secure in isolation.
Inside the Ransomware Economy
Evolving beyond the scattergun attacks of the past, ransomware now operates as a professionalised, profit-driven ecosystem, where malicious actors collaborate, trade intelligence, and lease attack tools much like legitimate software vendors. The rise of ransomware-as-a-service (RaaS) has even lowered the barrier to entry, giving less skilled affiliates access to ready-made payloads and automated encryption kits in exchange for a percentage of the ransom.
What makes it especially destructive is the precision and psychology behind the attacks. Rather than randomly striking, attackers conduct weeks of reconnaissance – learning behaviours, studying employee hierarchies, and identifying systems most critical to operations. They often infiltrate through phishing emails or compromised credentials, quietly moving laterally through the network to gain elevated access. Once embedded, they disable defences, exfiltrate sensitive data, and target backup repositories before finally encrypting production systems.
At that point, the goal shifts from technical control to financial coercion. Victims are locked out of their systems and presented with a ransom note demanding payment, sometimes in cryptocurrency, in exchange for a decryption key. Increasingly, the threat includes public exposure of stolen data – a tactic designed to pressure leadership into paying to protect their reputation and customer trust. Even when ransoms are paid, recovery is rarely clean: data may be incomplete, corrupted, or resold on the dark web, and repeat targeting is common once an organisation is identified as a payer.
It’s this blend of stealth, strategy, and human manipulation that makes ransomware so difficult to defend against. By the time the encryption begins, attackers have already spent weeks ensuring recovery options are limited. This background isn’t designed to scaremonger, but to highlight why resilience must start long before an attack ever reaches the endpoint.
The Foundations of Ransomware Resilience
Ransomware resilience isn’t achieved through a single product or policy – it’s the outcome of strategic, technical, and cultural alignment. Financial institutions, in particular, must approach it as a continuous process of readiness: Anticipating compromise, containing impact, and restoring normality quickly and transparently:
Assume-Breach Philosophy
The first step is shifting from a defensive mindset to an assume-breach philosophy. In practice, this means recognising that even the most sophisticated systems can and will be breached – and building architectures and response strategies designed to limit damage when this happens. It’s a pragmatic approach, grounded in the reality that attackers are increasingly sector agnostic. No organisation is too small or too secure to be targeted, but the financial sector remains a favourite because it offers both high disruption value and potentially significant monetary reward.
Building meaningful resilience, therefore, demands layered defence and disciplined execution. The goal is to slow attackers down at every stage – detecting them early, limiting lateral movement, and ensuring business continuity when systems are disrupted. Behavioural analytics and continuous monitoring can surface and neutralise subtle anomalies that would otherwise go unnoticed – such as phishing, spear phishing, and malware, with email still the number one entry point for ransomware.
Zero Trust & MFA
Meanwhile, zero trust policies and multi-factor authentication methods add a second layer of protection, blocking unauthorised access even if credentials are compromised.
When incidents do occur, a well-practised response framework ensures action is fast and coordinated, minimising disruption across critical systems, with the ability to switch to secure replica environments to keep operations running while remediation takes place. Secure, immutable, air-gapped backups underpin it all, providing a safety net that guarantees recovery can begin from a clean and uncompromised state.
Human readiness is equally critical. Technology can contain an attack, but only people can recover from one effectively. Regular simulation exercises, incident rehearsals, and cybersecurity awareness training help teams respond calmly and cohesively, transforming response from reactive to instinctive. This operational maturity is reinforced by strong governance. Frameworks such as DORA, NIST, and ISO 27001 provide the structure to align technical teams, compliance leads, and executive decision-makers around shared resilience goals. When combined with skilled practitioners and clear accountability, they embed security into ‘business as usual’ – moving resilience from a strategy to a sustained organisational capability.
Why Multi-Layered Backup is Critical
When ransomware strikes, the speed and integrity of data recovery determine whether disruption lasts minutes or days – and whether the impact cascades through wider global markets. As the last and most decisive line of defence when every other control fails, it’s also fundamental to customer trust and compliance. Yet too often, backup is treated as a static safeguard rather than a dynamic resilience layer.
Since modern ransomware often seeks out and encrypts traditional backups first, a single backup copy or centralised repository is no longer sufficient. True resilience today depends on a multi-layered approach – combining offsite or cloud-diverse storage, immutable data copies that cannot be altered or deleted, and isolated environments to protect against lateral movement.
How frequently these backups are tested is equally important. Too often, financial institutions only discover weaknesses when recovery is already underway, at which point strategies can’t be magically strengthened, and it becomes a race against the clock to minimise downtime and reputational fallout. Regular, automated recovery testing changes that dynamic. It not only confirms that files can be restored, but provides verifiable assurance that systems come back online in the correct order, data dependencies remain intact, and teams have the muscle memory to act quickly and confidently when the worst happens.
The Power of Shared Accountability
In a digital economy so deeply interconnected, no organisation operates in isolation. This is especially true in financial services, where supply chains and service providers form the backbone of day-to-day operations. While this interdependence is a strength in many ways, it also means resilience is no longer defined by how well a single institution can defend itself, but by how effectively every partner in its ecosystem upholds their part of the security chain.
This is where shared accountability becomes critical. It recognises that cloud providers, managed service partners, and financial institutions each have distinct but complementary roles to play in securing data, systems, and infrastructure. When accountability is clearly defined – and when partners collaborate rather than operate in silos – visibility improves, incident response accelerates, and the risk of systemic failure decreases.
Shared accountability also extends beyond contractual obligation. It’s about building a culture of collective readiness: sharing intelligence, rehearsing joint incident scenarios, and supporting smaller or less-resourced partners to raise their security baseline. The result is a unified entity capable of anticipating, absorbing, and recovering from disruption together.
Looking Ahead
To view cyberattacks as inevitable might seem pessimistic to some, but it’s an unfortunate truth that no amount of investment can eliminate risk entirely. In an era where threats are growing in both scale and sophistication, readiness becomes the true differentiator – particularly in such a high-stakes sector. For financial institutions, that means embedding security into culture, strengthening connections across supply chains, and continually testing their ability to withstand and recover as a united ecosystem. Only then can resilience become a strategic advantage rather than a defensive necessity, and unlock the cloud’s transformative potential with absolute confidence.
Katja Hakoneva, Product Manager at Tuxera, on delivering tomorrow’s data storage security today
SHARE THIS STORY
Smart meters are no longer just data endpoints. They’re intelligent, connected nodes embedded into the national infrastructure. As energy networks undergo rapid digital transformation, the focus has largely been on secure communications and real-time data transmission. But beneath the surface lies the local data storage, which often becomes a critical blind spot.
Smart meters store large volumes of sensitive data from energy usage profiles to firmware logs and grid event histories on embedded memory. If this information is accessed, altered, or deleted, it can trigger billing inaccuracies, regulatory breaches, and customer mistrust. With meters expected to operate in the field for up to 20 years, data-at-rest security is a critical requirement.
Storage Vulnerabilities: The Silent Cyber Threat
These embedded systems face multifaceted risks. Attackers may gain access to stored data by physically tampering with a meter or exploiting software vulnerabilities that bypass weak authentication. Malicious actors could manipulate logs to alter billing records, mislead consumption analytics, or mask larger cyberattacks on grid infrastructure.
In many cases, such intrusions go undetected until tangible damage, such as lost revenue or reputational fallout. With increasing dependence on smart infrastructure, utilities can no longer afford to treat embedded storage as a passive component.
Counting the Real Costs of Cybersecurity
Securing smart meters comes with technical requirements, as well as, operational and resourcing demands. For many UK manufacturers and utilities, managing cybersecurity internally means building and retaining specialist teams, often requiring three to five full-time professionals to handle vulnerability monitoring, patch management, and threat response throughout the year.
Aligning with regulatory frameworks frequently demands hardware upgrades to handle stronger encryption and secure configurations, impacting Bill of Materials (BOM) costs and development timelines. Many existing software stacks require optimisation to support modern security protocols within resource-constrained devices. These efforts are necessary, with a single undetected cyberattack costing companies an average of $8,851 (≈£6,900) per minute, and the consequences extending beyond financial loss to potential regulatory fines and service disruptions.
The CRA and the new Era of Cyber Regulation
The Cyber Resilience Act (CRA), set to come into force across the EU by 2027, will reshape how connected devices are designed, developed, and supported. For UK-based vendors serving the European market, or collaborating with EU counterparts, compliance with CRA is becoming a strategic imperative.
Key CRA requirements include:
Security by design: Devices must be secure from the outset, not retrofitted post-deployment.
No known vulnerabilities at market launch: Products must undergo security validation prior to release.
Default secure configurations: Devices should avoid insecure settings out of the box.
Lifecycle management: Vendors must support patching and vulnerability resolution throughout the device’s operational lifespan.
For smart meters, which often run in the field for two decades or more, the CRA introduces accountability that extends well beyond product launch. Compliance with the CRA will become part of the CE marking process, meaning global manufacturers must align if they wish to sell into the EU energy market.
Engineering Security: Confidentiality, Integrity, and Authenticity
Designing resilient smart meters starts with three pillars:
Confidentiality protects sensitive user data from unauthorised access. This includes encrypting both data and encryption keys, restricting user access levels, and securing communication channels.
Integrity ensures stored data remains unaltered and trustworthy. Power failures, for instance, can corrupt memory. Using flash-optimised file systems and secure boot processes can prevent such vulnerabilities.
Authenticity confirms that firmware and data updates come from trusted sources. Techniques like digital signatures and update validation prevent attackers from injecting malicious code into meters.
Together, these pillars enable smart meters to meet regulatory expectations while protecting both users and grid operations.
Future-proofing Data Storage
Cybersecurity for smart meters is not just a feature; it requires organisational readiness. Frameworks like the CRA, NIST, and IEC 62443 emphasise secure processes, documentation, and people alongside secure products.
For companies looking to prepare, it is smart to start with common pillars such as maintaining up-to-date Software Bills of Materials (SBOMs), conducting regular supply chain and risk assessments, keeping detailed test reports, and establishing clear incident response plans. Internally, training staff on cybersecurity best practices, setting clear data retention policies, and defining access controls and responsibilities are critical steps to ensure cybersecurity is embedded within the culture of the organisation. This approach ensures security is not a one-off compliance task but a sustainable practice that protects smart infrastructure long-term.
Smart meters deployed today could still be operating in the 2040s. This timeline intersects with the anticipated emergence of quantum computing, which may break today’s encryption standards. Though post-quantum cryptography is still evolving, vendors must prepare now to ensure systems remain secure in a post-quantum world. Smart meter software should be designed with cryptographic agility to allow it to adapt and upgrade algorithms as threats evolve.
Lessons from Long-Term Deployment
Smart meters are designed for longevity, but memory wear remains a primary failure point. Meters that lack flash-aware storage systems face early data loss, increasing the cost of maintenance, replacements, and warranty claims.
Utilities and OEMs that embed file systems capable of wear levelling, garbage collection, and secure boot processes have extended meter lifespans by more than 50%, even in challenging conditions. One example showed meters surviving over 15,000 power interruptions without any data loss.
Integrating secure storage delivers operational and commercial benefits. It ensures compliance with CRA and other evolving global frameworks, reduces maintenance and warranty costs, minimises carbon impact through fewer replacements, enhances brand credibility and trust with procurement teams, strengthens the business case for longer-term contracts and partnerships. As the smart energy market matures, these benefits are becoming differentiators, especially as digital infrastructure grows in complexity.
Delivering Tomorrow’s Data Storage Security Today
The next generation of smart infrastructure will be fast and connected, as well as, secure, resilient, and regulation-ready. For vendors and utilities alike, embedding data protection deep into the meter architecture is a business-critical move.
By preparing for the CRA today, smart meter manufacturers will position themselves as forward-thinking, trustworthy partners in tomorrow’s energy ecosystem, delivering technology that’s not only built to last but built to protect today and tomorrow.
Robert Cottrill, Technology Director at digital transformation company ANS, explores how businesses can harness the potential of AI while mitigating the growing risks to cybersecurity and privacy
SHARE THIS STORY
AI can transform businesses, but is it also opening the door to cyber risks? Fuelled by competitive pressure and rising government support through the UK’s Industrial Strategy, it’s no surprise that more and more businesses are racing to adopt AI.
But there’s a catch. The more businesses scale their AI adoption, the bigger their attack surface becomes. Without a proactive and structured approach to securing AI systems, organisations risk trading short-term efficiencies for long-term vulnerabilities.
The AI Boom
AI investment is skyrocketing. Businesses are deploying generative AI tools, machine learning models, and intelligent automation across nearly every function, from customer service and fraud detection to supply chain optimisation. Platforms like DeepSeek and open-source AI models are now part of the mainstream tech stack.
Initiatives like the UK’s AI Opportunities Action Plan are fuelling experimentation and adoption. AI is now seen not just as a productivity tool, but as a critical lever for digital transformation.
However, the rapid pace of AI deployment is outpacing the development of the security frameworks required to protect it. When integrated with sensitive data or critical infrastructure, AI systems can introduce serious risks if not properly secured. These risks include data leakage through AI prompts or model training, as well as AI-generated phishing and social engineering attacks
While technical threats often take centre stage, businesses also can’t forget the increasing regulatory requirements surrounding AI. As AI systems become more powerful, enabling businesses to extract valuable insights from vast datasets, they also raise serious ethical and legal challenges.
Regulatory frameworks like the EU AI Act and GDPR aim to provide guardrails for responsible AI use. But these regulations often struggle to keep up with the rapid advancements in AI technology, leaving businesses exposed to potential breaches and misuse of personal data.
The Need for Responsible AI Adoption
To build resilience while embracing AI, businesses need a dual approach:
1. Prioritise AI-specific training across the workforce
Cybersecurity teams are already stretched. Introducing AI into the mix raises the stakes. Organisations must prioritise upskilling their cybersecurity professionals to understand how AI can both protect and threaten systems.
But this isn’t just a job for the security team. As AI tools become embedded in daily workflows, employees across functions must also be trained to spot risks. Whether it’s uploading sensitive data into a chatbot or blindly trusting algorithms, human error remains a major weak point.
A well-trained workforce is the first and most crucial line of defence.
2. Adopt open-source AI responsibly
Another key strategy for reducing AI-related risks is the responsible adoption of open-source AI platforms. Open-source AI enhances transparency by making AI algorithms and tools available for broader scrutiny. This openness fosters collaboration and collective innovation, allowing developers and security experts worldwide to identify and address potential vulnerabilities more efficiently.
The transparency of open-source AI demystifies AI technologies for businesses, giving them the confidence to adopt AI solutions while ensuring they stay alert about potential security flaws. When AI systems are subject to global review, organisations can tap into the expertise of a diverse and engaged tech community to build more secure, reliable AI applications.
To adopt responsibly, businesses need to ensure that the AI they are using aligns with security best practices, complies with regulations, and is ethically sound. By using open-source AI responsibly, organisations can create more secure digital environments and strengthen trust with stakeholders.
Securing the Future of AI
AI is a transformative force that will redefine cybersecurity. We’re already seeing AI being used to automate threat detection and response. But it’s also powering more advanced attacks, from deepfake impersonation to large-scale automated exploits.
Organisations that succeed will be those that embed cybersecurity into every stage of their AI journey, from innovation to implementation. That means making risk management part of the innovation conversation, not a downstream fix.
By taking a responsible approach, investing in training, leveraging open-source AI wisely, and embedding cybersecurity into every layer of the business, organisations can unlock AI’s potential while defending against its risks.
AI is a double-edged sword, but with thoughtful adoption, businesses can confidently navigate the complex landscape of AI and cybersecurity.
Joe Logan, CIO at iManage, on the need to avoid the hype, manage cybersecurity, focus on ROI and balance change management to get the best results with AI
SHARE THIS STORY
Across the enterprise, AI promises transformational power – however, it’s not as simple as just plugging it into the organisation and instantly reaping the benefits. What are some of the top things CIOs need to focus on to avoid any pitfalls, unlock its value, and best position themselves for success with AI?
1) Separate the Hype from Reality
Here’s what hype looks like: using AI to “radically transform the way you do business” or to “accelerate comprehensive digital transformation” or – heaven forbid – to “completely change our industry.” These are big statements – and absolutely dripping with hype.
Getting real with AI requires identifying specific use cases within the organisation where a particular type of AI can be deployed to achieve a specific goal. For example, maybe you want to reduce customer churn by 20% and have identified an opportunity to use chatbots powered by large language models to provide more effective customer service. That’s what reality looks like.
In separating the hype from reality, organisations gain the added benefit of clearing up any misconceptions – at any level of the organisation – about what AI can and can’t do, thus performing an important “level set” around expectations.
2) Understand the Implications for Cybersecurity
On one side, any AI tool you’re using has access to data, and that means that access needs to be controlled like any other system within your tech stack. The data needs to be secured and governed, and issues around privacy, sovereignty, and any other regulatory requirements need to be thoroughly addressed.
As part of this effort, organisations also need to be aware of the security measures required to protect the AI model itself from bad actors trying to manipulate that model. For example: prompt injection – inputs that prompt the model to perform unintended actions – can affect the model and its responses if not carefully guarded against.
Securing your AI system is one side of the coin; the other side is understanding how to apply AI to cybersecurity. There are a growing number of use cases here where AI can help identify risks or vulnerabilities by analysing large amounts of data, helping organisations to prioritise the areas they need to focus on for risk mitigation.
In summary? While any usage of AI will require you to “play defence” on the security front, it will also enable you to “play offence” more effectively. In that sense, AI has multiple implications for cybersecurity.
3) Focus on the Right Kind of ROI
When it comes to ROI for any AI investments, don’t narrowly focus on absolute numbers when it comes to metrics like time savings or cost savings. While well-suited to industrial workplaces that are churning out widgets every day, absolute numbers can be an awkward fit when applied to a knowledge work setting.
The advice here for any knowledge-centric enterprise is: Don’t get hung up on the idea of actual dollars and cents or a specific number – instead, look for a relative improvement from a baseline. So, rather than saying “We’re going to reduce our customer acquisition costs by $100,000 this year”, it’d be more appropriate to focus on reducing existing customer acquisition costs by 10%. Likewise, don’t focus on each junior associate in the organisation completing five more due diligence projects per calendar year; look to complete due diligence projects in 30% less time.
4) Give Change Management its due
Change management has always mattered when it comes to introducing new technology into the enterprise. AI is no different: Successful adoption requires a focus on people, process, and technology – with a particular emphasis on those first two items.
A major challenge is educating the workforce with an eye towards improving their AI literacy – essentially, enabling them to understand what’s possible and how they can apply AI to their daily workflows.
Know that a centralised model of control that dictates “this is how you can experiment with AI” is probably going to be ineffective. It will be too stifling for innovative individuals in the organisation. Far better to provide centres of excellence or educational resources to those people who are most inclined to take the initiative and move forward with AI experiments in their team or department.
One caveat here: It’s essential to have guardrails in place as teams and individuals experiment with AI, to prevent misuse of the technology. That’s the tightrope that CIOs need to walk when introducing AI into the organisation. Striking the right balance between “total control” and “freedom to explore, but with appropriate oversight and guardrails”.
The Future of AI Depends on what CIOs do next
The promise of AI is massive, but only if CIOs adopting the technology focus on the right areas. And that means filtering out the hype, keeping security implications top of mind, redefining ROI, and guiding change with a steady hand. By paying attention to these areas, CIOs can safely navigate a path forward with AI. And ensure that it isn’t just a technology with promise and potential, but one that delivers actual enterprise-wide impact.
Ben Francis, Insurance Lead at Risk Ledger, on navigating cyber threats by reinforcing security from the inside out
SHARE THIS STORY
Cyber insurance has evolved from a straightforward risk transfer mechanism into an integral component of enterprise risk strategy. As a result, the conversation has shifted beyond simply securing coverage to embracing three foundational elements: transparency in risk exposure, accountability for security measures, and active collaboration throughout the digital ecosystem.
Rather than asking ‘are you covered?’, the more pertinent question has become ‘can you demonstrate measurable risk reduction?’. Insurers and insureds alike are recognising that what matters now is how well an organisation understands and manages its digital exposure, especially across its extended supply chain. Recent data reveals that 46% of organisations experienced at least two separate supply chain-related cyber incidents in the past year, a clear sign that exposure often lies beyond direct control.
From Risk Transfer to Risk Visibility
In recent years, the cyber insurance market has matured significantly. Once viewed as a reactive safety net to cushion the financial impact of attacks, it is now becoming a proactive tool for managing and mitigating risk. This shift is partly driven by insurers, who increasingly expect and work with organisations to demonstrate strong security practices and a nuanced understanding of their threat landscape, including risks deep within their digital supply chains; an area where many businesses still fall short.
At the same time, the industry faces a growing challenge from systemic cyber risk within their portfolios, as many businesses rely on the same cloud providers, payment systems and digital platforms, increasing the chance of a single point of failure. Insurers must gain visibility into how policyholders are connected, not only to suppliers but to each other. Tools and frameworks that map and monitor these interconnections will be essential to avoid underestimating the wider impact of seemingly isolated cyber events.
Mapping Beyond Third Parties
It is no secret that cyber attackers often target the weakest link in a supply chain. These are not always direct suppliers, but fourth, fifth or even sixth-tier vendors that have indirect but critical access to systems and data. Unfortunately, many organisations lack visibility beyond their first tier, creating blind spots that attackers can easily exploit. From an insurance perspective, this presents a clear challenge. If an organisation cannot account for who it is connected to, it cannot adequately quantify its risk and neither can its insurer. Mapping these extended connections is more than just a technical exercise; it means actively practiced risk governance and responsibility. Insurers increasingly want to know how their policyholders are identifying and managing indirect dependencies, particularly in sectors like financial services and retail where disruption can ripple across entire markets.
Collaboration as a Risk Strategy
One of the more underappreciated aspects of cyber resilience is the role of peer collaboration. Unlike physical incidents, cyber threats rarely exist in isolation. A single compromised vendor can impact multiple organisations simultaneously, a fact that has been highlighted by high-profile supply chain attacks such as SolarWinds and MOVEit.
As a result, businesses need to think beyond their own perimeters and adopt a more collective mindset. This includes building relationships with industry peers, sharing threat intelligence and participating in sector-wide initiatives aimed at improving visibility and preparedness.
In highly regulated sectors, such as insurance, this collaboration is increasingly being encouraged by oversight bodies. Frameworks like the Digital Operational Resilience Act (DORA) in the EU and initiatives from the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) in the UK are pushing for more transparency around third-party risk. In this context, openness is no longer optional; it will be a regulatory expectation.
For insurance providers, greater collaboration between policyholders also means better data on emerging threats and more accurate portfolio management. For businesses, it offers a chance to anticipate vulnerabilities that may not yet have hit their own networks but are affecting others in their industry.
Proactive Transparency Builds Trust
Organisations that take a proactive, transparent approach to cyber risk management are more likely to secure cover and potentially favourable terms, not just in terms of premiums, but also in access to additional services such as forensic support, incident response sources and legal counsel.
Demonstrating a mature cyber posture is not about claiming perfection. No organisation is immune to breaches. What insurers are looking for is evidence of a structured approach: the existence of incident response plans, robust governance, effective supply chain risk management, and above all, an honest view of risk.
A Shift in Mindset
Ultimately, our understanding of cyber insurance must keep evolving. It should not be treated as a simple checkbox exercise, but as a collaborative relationship between insurers and the organisations they support – one built on shared insight, clear communication, and a drive for continuous improvement.
The organisations best equipped to navigate today’s threats will be those that prioritise transparency. Not only does it lead to stronger protection, but it also builds a culture of accountability that reinforces security from the inside out.
Robert Cottrill, Technology Director at digital transformation company ANS, explores how businesses can harness the potential of AI while mitigating the growing risks to cybersecurity and privacy
SHARE THIS STORY
AI can transform businesses, but is it also opening the door to cybersecurity risks?
Fuelled by competitive pressure and rising government support through the UK’s Industrial Strategy, it’s no surprise that more and more businesses are racing to adopt AI.
But there’s a catch. The more businesses scale their AI adoption, the bigger their attack surface becomes. Without a proactive and structured approach to securing AI systems, organisations risk trading short-term efficiencies for long-term vulnerabilities.
The AI Boom
AI investment is skyrocketing. Businesses are deploying generative AI tools, machine learning models, and intelligent automation across nearly every function, from customer service and fraud detection to supply chain optimisation. Platforms like DeepSeek and open-source AI models are now part of the mainstream tech stack.
Initiatives like the UK’s AI Opportunities Action Plan are fuelling experimentation and adoption. AI is now seen not just as a productivity tool, but as a critical lever for digital transformation.
However, the rapid pace of AI deployment is outpacing the development of the security frameworks required to protect it. When integrated with sensitive data or critical infrastructure, AI systems can introduce serious risks if not properly secured. These risks include data leakage through AI prompts or model training, as well as AI-generated phishing and social engineering attacks
While technical threats often take centre stage, businesses also can’t forget the increasing regulatory requirements surrounding AI.
As AI systems become more powerful, enabling businesses to extract valuable insights from vast datasets, they also raise serious ethical and legal challenges.
Regulatory frameworks like the EU AI Act and GDPR aim to provide guardrails for responsible AI use. But these regulations often struggle to keep up with the rapid advancements in AI technology, leaving businesses exposed to potential breaches and misuse of personal data.
The Need for Responsible AI Adoption with Cybersecurity
To build resilience while embracing AI, businesses need a dual approach:
1. Prioritise AI-specific training across the workforce
Cybersecurity teams are already stretched. Introducing AI into the mix raises the stakes. Organisations must prioritise upskilling their cybersecurity professionals to understand how AI can both protect and threaten systems.
But this isn’t just a job for the security team. As AI tools become embedded in daily workflows, employees across functions must also be trained to spot risks. Whether it’s uploading sensitive data into a chatbot or blindly trusting algorithms, human error remains a major weak point.
A well-trained workforce is the first and most crucial line of defence.
2. Adopt open-source AI responsibly
Another key strategy for reducing AI-related risks is the responsible adoption of open-source AI platforms. Open-source AI enhances transparency by making AI algorithms and tools available for broader scrutiny. This openness fosters collaboration and collective innovation, allowing developers and security experts worldwide to identify and address potential vulnerabilities more efficiently.
The transparency of open-source AI demystifies AI technologies for businesses, giving them the confidence to adopt AI solutions while ensuring they stay alert about potential security flaws. When AI systems are subject to global review, organisations can tap into the expertise of a diverse and engaged tech community to build more secure, reliable AI applications.
To adopt responsibly, businesses need to ensure that the AI they are using aligns with security best practices, complies with regulations, and is ethically sound. By using open-source AI responsibly, organisations can create more secure digital environments and strengthen trust with stakeholders.
Securing the Future of AI
AI is a transformative force that will redefine cybersecurity. We’re already seeing AI being used to automate threat detection and response. But it’s also powering more advanced attacks, from deepfake impersonation to large-scale automated exploits.
Organisations that succeed will be those that embed cybersecurity into every stage of their AI journey, from innovation to implementation. That means making risk management part of the innovation conversation, not a downstream fix.
By taking a responsible approach, investing in training, leveraging open-source AI wisely, and embedding cybersecurity into every layer of the business, organisations can unlock AI’s potential while defending against its risks.
AI is a double-edged sword, but with thoughtful adoption, businesses can confidently navigate the complex landscape of AI and cybersecurity.
Anna Collard, SVP Content Strategy & Evangelist KnowBe4 – Africa, on leveraging AI-driven cybersecurity systems to fight cybercrime
SHARE THIS STORY
Artificial Intelligence is no longer just a tool. It is a game-changer in our lives, our work as well as in both cybersecurity and cybercrime. While businesses leverage AI to enhance defences, cybercriminals are weaponising AI to make these attacks more scalable and convincing.
In 2025, research shows AI agents, or autonomous AI-driven systems capable of performing complex tasks with minimal human input, are revolutionising both cyberattacks and cybersecurity defences. While AI-powered chatbots have been around for a while, AI agents go beyond simple assistants. They function as self-learning digital operatives that plan, execute, and adapt in real time. These advancements don’t just enhance cybercriminal tactics, they may fundamentally change the cybersecurity battlefield.
How Cybercriminals Are Weaponising AI: The New Threat Landscape
AI is transforming cybercrime, making attacks more scalable, efficient, and accessible. The WEF Artificial Intelligence and Cybersecurity Report (2025) highlights how AI has democratised cyber threats. Thus enabling attackers to automate social engineering, expand phishing campaigns, and develop AI-driven malware. Similarly, the Orange Cyberdefense Security Navigator 2025 warns of AI-powered cyber extortion, deepfake fraud, and adversarial AI techniques. And the 2025 State of Malware Report by Malwarebytes notes, while GenAI has enhanced cybercrime efficiency, it hasn’t yet introduced entirely new attack methods. Attackers still rely on phishing, social engineering, and cyber extortion, now amplified by AI. However, this is set to change with the rise of AI agents. Autonomous AI systems are capable of planning, acting, and executing complex tasks—posing major implications for the future of cybercrime.
Here is a list of common (ab)use cases of AI by cybercriminals:
AI-Generated Phishing & Social Engineering
Generative AI and large language models (LLMs) enable cybercriminals to craft more believable and sophisticated phishing emails in multiple languages. Without the usual red flags like poor grammar or spelling mistakes. AI-driven spear phishing now allows criminals to personalise scams at scale, automatically adjusting messages based on a target’s online activity. AI-powered Business Email Compromise (BEC) scams are increasing. Attackers use AI-generated phishing emails sent from compromised internal accounts to enhance credibility. AI also automates the creation of fake phishing websites, watering hole attacks and chatbot scams. These are sold as AI-powered ‘crimeware as a service’ offerings, further lowering the barrier to entry for cybercrime.
Deepfake-Enhanced Fraud & Impersonation
Deepfake audio and video scams are being used to impersonate business executives, co-workers or family members to manipulate victims into transferring money or revealing sensitive data. The most famous 2024 incident was UK based engineering firm Arup that lost $25 million after one of their Hong Kong based employees was tricked by deepfake executives in a video call. Attackers are also using deepfake voice technology to impersonate distressed relatives or executives, demanding urgent financial transactions.
Cognitive Attacks
Online manipulation—as defined by Susser et al. (2018)—is “at its core, hidden influence, the covert subversion of another person’s decision-making power”. AI-driven cognitive attacks are rapidly expanding the scope of online manipulation. By everaging digital platforms, state-sponsored actors increasingly use generative AI to craft hyper-realistic fake content. They are subtly shaping public perception while evading detection. These tactics are deployed to influence elections, spread disinformation and erode trust in democratic institutions. Unlike conventional cyberattacks, cognitive attacks don’t just compromise systems—they manipulate minds, subtly steering behaviours and beliefs over time without the target’s awareness. The integration of AI into disinformation campaigns dramatically increases the scale and precision of these threats, making them harder to detect and counter.
The Security Risks of LLM Adoption
Beyond misuse by threat actors, business adoption of AI-chatbots and LLMs introduces significant security risks. Especially when untested AI interfaces connect the open internet to critical backend systems or sensitive data. Poorly integrated AI systems can be exploited by adversaries. This enables new attack vectors, including prompt injection, content evasion, and denial-of-service attacks. Multimodal AI expands these risks further, allowing hidden malicious commands in images or audio to manipulate outputs.
Moreover, many modern LLMs now function as Retrieval-Augmented Generation (RAG) systems. Dynamically pulling in real-time data from external sources to enhance their responses. While this improves accuracy and relevance, it also introduces additional risks, such as data poisoning, misinformation propagation, and increased exposure to external attack surfaces. A compromised or manipulated source can directly influence AI-generated outputs. Potentially leading to incorrect, biased, or even harmful recommendations in business-critical applications.
Additionally, bias within LLMs poses another challenge. These models learn from vast datasets that may contain skewed, outdated, or harmful biases. This can lead to misleading outputs, discriminatory decision-making, or security misjudgements, potentially exacerbating vulnerabilities rather than mitigating them. As LLM adoption grows, rigorous security testing, bias auditing, and risk assessment, especially in RAG-powered models, are essential to prevent exploitation and ensure trustworthy, unbiased AI-driven decision-making.
When AI Goes Rogue: The Dangers of Autonomous Agents
With AI systems now capable of self-replication, as demonstrated in a recent study, the risk of uncontrolled AI propagation or rogue AI – AI systems that act against the interests of their creators, users, or humanity at large – is growing. Security and AI researchers have raised concerns that these rogue systems can arise either accidentally or maliciously. Particularly when autonomous AI agents are granted access to data, APIs, and external integrations. The broader an AI’s reach through integrations and automation, the greater the potential threat of it going rogue. This means robust oversight, security measures, and ethical AI governance essential in mitigating these risks.
The Future of AI Agents for Automation in Cybercrime
A more disruptive shift in cybercrime can and will come from AI Agents. These transform AI from a passive assistant into an autonomous actor capable of planning and executing complex attacks. Google, Amazon, Meta, Microsoft, and Salesforce are already developing Agentic AI for business use. However, in the hands of cybercriminals, its implications are alarming. These AI agents can be used to autonomously scan for vulnerabilities, exploit security weaknesses, and execute cyberattacks at scale. They can also allow attackers to scrape massive amounts of personal data from social media platforms. They can automatically compose and send fake executive requests to employees. And, for example, analyse divorce records across multiple countries to identify individuals for AI-driven romance scams, orchestrated by an AI agent. These AI-driven fraud tactics don’t just scale attacks, they make them more personalised and harder to detect. Unlike current GenAI threats, Agentic AI has the potential to automate entire cybercrime operations, significantly amplifying the risk.
How Defenders Can Use AI & AI Agents
Organisations cannot afford to remain passive in the face of AI-driven threats. Security professionals need to remain abreast of the latest developments. Here are some of the opportunities in using AI to defend against AI:
AI-Powered Threat Detection and Response
Security teams can deploy AI and AI-agents to monitor networks in real time, identify anomalies, and respond to threats faster than human analysts can. AI-driven security platforms can automatically correlate vast amounts of data to detect subtle attack patterns. These might otherwise go unnoticed. AI can create dynamic threat modelling, real-time network behaviour analysis, and deep anomaly detection. For example, as outlined by researchers of Orange Cyber Defense, AI-assisted threat detection is crucial as attackers increasingly use “Living off the Land” (LOL) techniques that mimic normal user behaviour. Making it harder for detection teams to separate real threats from benign activity. By analysing repetitive requests and unusual traffic patterns, AI-driven systems can quickly identify anomalies and trigger real-time alerts, allowing for faster defensive responses.
However, despite the potential of AI-agents, human analysts still remain critical. Their intuition and adaptability are essential for recognising nuanced attack patterns. They can leverage real incident and organisational insights to prioritise resources effectively.
Automated Phishing and Fraud Prevention
AI-powered email security solutions can analyse linguistic patterns, and metadata to identify AI-generated phishing attempts before they reach employees, by analysing writing patterns and behavioural anomalies. AI can also flag unusual sender behaviour and improve detection of BEC attacks. Similarly, detection algorithms can help verify the authenticity of communications and prevent impersonation scams. AI-powered biometric and audio analysis tools detect deepfake media by identifying voice and video inconsistencies. However, real-time deepfake detection remains a challenge, as technology continues to evolve.
User Education & AI-Powered Security Awareness Training
AI-powered platforms deliver personalised security awareness training. They can simulate AI-generated attacks to educate users on evolving threats, helping train employees to recognise deceptive AI-generated content. And strengthen their individual susceptibility factors and vulnerabilities.
Adversarial AI Countermeasures
Just as cybercriminals use AI to bypass security, defenders can employ adversarial AI techniques. For example, deploying deception technologies – such as AI-generated honeypots – to mislead and track attackers. As well as continuously training defensive AI models to recognise and counteract evolving attack patterns.
Using AI to Fight AI-Driven Misinformation and Scams
AI-powered tools can detect synthetic text and deepfake misinformation, assisting fact-checking and source validation. Fraud detection models can analyse news sources, financial transactions, and AI-generated media to flag manipulation attempts. Counter-attacks, like those shown by research project Countercloud or O2 Telecoms AI agent “Daisy” show how AI based bots and deepfake real-time voice chatbots can be used to counter disinformation campaigns as well as scammers by engaging them in endless conversations to waste their time and reducing their ability to target real victims.
In a future where both attackers and defenders use AI, defenders need to be aware of how adversarial AI operates. And how AI can be used to defend against their attacks. In this fast-paced environment, organisations need to guard against their greatest enemy: their own complacency. While at the same time considering AI-driven security solutions thoughtfully and deliberately. Rather than rushing to adopt the next shiny AI security tool, decision makers should carefully evaluate AI-powered defences to ensure they match the sophistication of emerging AI threats. Hastily deploying AI without strategic risk assessment could introduce new vulnerabilities, making a mindful, measured approach essential in securing the future of cybersecurity.
To stay ahead in this AI-powered digital arms race, organisations should:
Monitor both the threat and AI landscape to stay abreast of latest developments on both sides.
Train employees frequently on latest AI-driven threats, including deepfakes and AI-generated phishing.
Deploy AI for proactive cyber defense, including threat intelligence and incident response.
Continuously test your own AI models against adversarial attacks to ensure resilience.
Mike Puglia, General Manager, Kaseya Cybersecurity Labs, on how the need for regulatory support to better support industries when tackling cybercrime
SHARE THIS STORY
Cyberattacks keep coming hard and fast, but things are beginning to change. In the past few months, law enforcement has announced arrests of three people in the Marks & Spencer breach, seven members of the hacking group NoName057, five affiliates of Scattered Spider and also disrupted the infrastructure of gangs such as Flax Typhoon, Star Blizzard and others.
Earlier this year, the UK retail industry felt the pressure. Brands, including Marks & Spencer, Harrods and Co-op – and by proxy, their customers – became victims of the hacking group, Scatter Spider. Other businesses are now on high alert as this wave of security breaches is expected to continue. For as long as bad actors can reap rewards and the risk of consequences remains small, they will keep attacking. Ransomware-as-a-service lowers the bar to entry further, allowing even those without specialised skills to launch successful ransomware campaigns.
Along with the threats, regulatory pressure on businesses is growing. Organisations must be able to prove they have strong security defences in place or risk paying hefty fines for non-compliance. However, this means we are essentially punishing the victim, not the perpetrator. By putting the onus on the victims to protect themselves, we are missing an important truth… Because there is no bullet-proof defence, even the best security strategies will not end cybercrime for good.
It’s Time to Treat Cybercrime as Crime
What the industry needs instead is a change in how we approach cybercrime. Rather than blaming the victims, we must start treating it as the serious criminal activity it is. It is high time we addressed cybercrime’s fundamental drivers. Opportunity, motive and the widespread perception that criminals can still get away without punishment. As is the case with physical crime, it takes a two-pronged approach to curb cybercrime: Prevention – and an effective response.
Those who attempt physical theft, for example, face trials and potentially prison. While we have seen a growing number of cybercriminals arrested in recent months, the truth we are only scratching the surface. In the digital world, everything is accessible from everywhere, all the time. This creates an inherent vulnerability that makes perfect protection impossible. In many cases, it also makes it much harder to track down the offenders and hold them accountable.
The Problem with Cryptocurrency and Jurisdiction
The cybercrime landscape has also undergone a significant transformation. While in the past, hackers were mostly focused on stealing financial data, there has been a dramatic shift towards ransomware. It’s far easier to encrypt an organisation’s data and demand a ransom than finding buyers for stolen credit card info.
This transformation has further accelerated because cryptocurrency allows cyber attackers to be paid in anonymous currency. Anywhere in the world, at any time. Previously, criminals had to physically collect payments or transfer money to traceable bank accounts. Now, they can operate with anonymity whilst easily converting their loot into real euros, pounds and dollars. This means ‘following the money’ is no longer a useful way for law enforcement to track nefarious activity. If we made it impossible for criminals to anonymously convert cryptocurrency into real currency, we could change the risk-reward calculation.
The second key issue with fighting cybercrime is the question of jurisdiction. Many cybercriminals are based in countries where western governments have no recourse. When hackers operate from non-cooperative jurisdictions, it may be impossible to extradite them. And they may find their activities tolerated by their local government or even supported. As we have seen with the recent arrests – the threat actors were outside of Russia and China – where many attacks come from.
These two factors – anonymous payment systems and safe havens – create an environment where cybercrime can and will continue to flourish. While organisations can do their best to make it harder for criminals to attack, it is foolish to believe individual businesses will be able to solve the cybercrime problem on their own.
Stop Blaming the Victim
So, what needs to happen? First, the victim-blaming approach must change. We simply cannot regulate every business to become an impenetrable fortress. When a person is physically robbed, police respond to investigate the crime and help recover stolen property. With cybercrime, victims face reputational damage, fines and higher insurance premiums. Incidents often raise questions about where the business’ cybersecurity strategy failed, rather than a recognition that a crime has been committed against them.
A first step forward towards solving the cybercrime problem would require governmental and societal recognition that cyberattacks represent crimes against businesses and individuals, not merely failures of those organisations to adequately defend themselves. While many countries have ramped up policing efforts against cybercrime, these are generally underfunded considering the scale of the problem.
Secondly, we need to urgently address the anonymous payment systems that keep fuelling cybercrime. This is not an easy problem to solve, but governments must find better ways to trace and regulate how cryptocurrency is converted into real money.
It is also time we introduced real and severe consequences for cybercriminals. The number one deterrent to any type of crime is fear of being caught and punished. The internet has essentially eliminated this, enabling hackers to operate from nations that turn a blind eye. To address this will require more political pressure on ‘safe harbour’ countries to charge, punish and extradite cybercriminals. Where nations refuse to cooperate, potential sanctions such as restrictions on internet connectivity might force governments to reconsider their tolerance for criminal activities.
Finally, we need to acknowledge that regulations such as GDPR, PCI and NIS have their limits. Despite increasingly complex compliance requirements, cybercrime has continued to grow. While regulations can provide critical and much-needed guidance to businesses, they must be combined with properly funded law enforcement – empowered with tools to bring criminals to justice across jurisdictions.
To truly disrupt the criminal ecosystem, systemic changes are needed. We are starting to see governments give law enforcement the tools they need, but it is very early in that process. Because ultimately, we will not solve the cybercrime problem with defence measures alone.
About Kaseya
At Kaseya, our mission is to empower you to simplify and transform IT and cybersecurity management with innovative platform solutions.
Our Mission:
Since 2000, Kaseya has delivered the technology that IT departments and managed service providers need to reach new heights of success. More than 500,000 IT professionals globally use Kaseya products to manage and secure 300 million devices.
Kaseya’s commitment to our customers goes beyond listening to your needs and puts words into action to deliver innovative solutions that empower your business. But we don’t stop there. Kaseya’s first-of-its-kind Partner First Pledge program shares the risk our partners experience because we know a true partner is with you through the ups and downs of life.
Andy Swift, Cyber Security Assurance Technical Director at Six Degrees on
SHARE THIS STORY
According to AV-TEST, the independent IT security institute, every day sees at least 450,000 new malware variants added to its database. In June this year, for example, cybercriminals are thought to have used malware to steal over 16 billion login credentials across various major platforms in what is thought to have been the largest breach of its kind in history. For security teams, this represents a relentless challenge that demands constant attention and consumes significant resources.
Malware-Free Attacks
As if that wasn’t enough, malware-free attacks are increasingly favoured by cybercriminals as a way to circumvent organisational security. Typically using legitimate programs and tools, these stealth attacks are particularly complex to detect. And they are invisible to most automated security protection options that are available to buy.
With no obvious malware signatures to detect, automated defences are often powerless to respond. And without robust security foundations, even advanced detection tools offer limited protection once an attacker gains a foothold. When that happens, the consequences can be significant.
At the heart of the matter are the limitations of many traditional security tools, which are simply not designed to stop what they cannot see. Malware-free attacks do not rely on external payloads or binaries with known malicious signatures. This renders many automated detection systems, including standard antivirus solutions, effectively useless. As a result, the burden falls elsewhere.
For most organisations, that means having the right expertise in place to recognise unusual behaviour, supported by technologies that can identify behavioural anomalies quickly. Endpoint detection and response (EDR) platforms offer some of these capabilities. But even the most advanced solutions rely on proper configuration and human oversight to be effective. In an ideal world, every business would have round-the-clock monitoring in place, but in reality, very few do.
Challenging Assumptions Around Risk
So, how can organisations fill the gap? When assessing how to protect against malware-free attacks, many organisations begin with the assumption that they will need to buy new tools or licenses. This can form part of a rounded solution. However, leading with this mindset often overlooks a more fundamental and cost-effective question: What can be improved with the tools already in place?
Reviewing existing capabilities should be the first step. For example, most environments already have some level of EDR, behavioural monitoring or identity protection deployed. Yet these are often underutilised or misconfigured. This can result from a lack of understanding around tool capabilities (and limitations), paying for the wrong level of license coverage, and failing to ensure configurations support behavioural analysis rather than just malware scanning. In many cases, even minor adjustments can significantly increase effectiveness without any additional spend.
Cost vs Risk
Organisations should also reconsider how they approach the question of investment. The cost vs risk conversation needs to shift from what they should buy to what they should fix. Even the most expensive detection tools can be rendered ineffective if attackers can exploit basic oversights such as poor configuration, excessive access rights or the absence of multi-factor authentication. In contrast, identifying and addressing these gaps in existing systems is not only more cost-effective but also more impactful in stopping attacks before they gain momentum.
This kind of review process is also an opportunity to identify gaps and prioritise actions that reduce risk without escalating costs. For example, many organisations find that network segmentation, strict privilege controls and enforcing least-access policies can help prevent lateral movement and minimise credential misuse – two of the most common techniques used in malware-free attacks. Putting these capabilities in place are security fundamentals that often determine whether an attack is stopped early or is able to spread.
In this context, a best practice approach matters more than ever. Not as a one-off initiative, but as a continuous effort to close the windows of opportunity that attackers rely on. This includes reducing privilege levels, adopting MFA by default, limiting binary access and educating users on social engineering techniques. All of which are good examples of cost-effective steps that can limit the opportunity for malware-free attacks to take hold. These are not headline-grabbing technologies, but they remain the strongest defence against attacks that thrive on poor hygiene and overlooked gaps.
So, rather than investing in yet another layer of detection, organisations should focus on strengthening what they already have. This approach not only helps avoid unnecessary expense but also delivers a stronger, more sustainable defence posture in an environment where threat actors continue to be extremely effective.
TechEX Europe – Powering the Future of
Enterprise Technology at Amsterdam’s RAI Arena September 24-25
SHARE THIS STORY
TechEx Europe unites five leading enterprise technology events — AI & Big Data, Cyber Security, Data Centres, Digital Transformation and IoT — into one powerful experience designed for organisations driving change. Five events, two days, one ticket – register for your pass here.
From scaling infrastructure to unlocking new efficiencies, this is where decision-makers and their teams come to connect, explore real-world use cases, and discover the technologies that will shape their next phase of growth.
AI & Big Data Expo
The AI & Big Data Expo is the premier event showcasing Generative AI, Enterprise AI, Machine Learning, Security, Ethical AI, Deep Learning, Data Ecosystems, and NLP
Speakers include:
Cybersecurity & Cloud Expo
The Cyber Security & Cloud Expo, is the premier event showcasing the latest in Application and Cloud Security, Hybrid Cloud, Data Protection, Identity and Access Management, Network and Infrastructure Defence, Risk and Compliance, Threat Intelligence, DevSecOps Integration, and more. Join industry leaders to explore strategies, tools, and innovations shaping the future of secure, connected enterprises.
Speakers include:
IOT Tech Expo
IoT Tech Expo is the leading event for IoT, Digital Twins & Enterprise Transformation, IoT Security, IoT Connectivity & Connected Devices, Smart Infrastructures & Automation, Data & Analytics and Edge Platforms.
Speakers include:
Digital Transformation
The Digital Transformation Expo is the leading event for Transformation Infrastructure, Hybrid Cloud, The Future of Work, Employee Experience, Automation, and Sustainability.
Speakers include:
Data Center Expo
The Data Centre Expoand conference is the premier event tackling key challenges in data centre innovation. It highlights AI’s Impact, Energy Efficiency, Future-Proofing, Infrastructure & Operations, and Security & Resilience, showcasing advancements shaping the future of data centre.
Join thousands of data centre industry leaders and innovators at London’s Business Design Centre for three co-located events – DCD>Connect, DCD>Compute and DCD>Investment September 16-17
SHARE THIS STORY
Data Center Dynamics (DCD) is connecting the data center ecosystem. Secure your pass for three-colocated events covering the entire digital infrastructure ecosystem across two days at London’s Business Design Centre – DCD>Connect, DCD>Compute and DCD>Investment.
Bringing together more than 4,000 senior leaders working on Europe’s largest data center projects. DCD>Connect | London will drive industry collaboration, help you forge new partnerships and identify innovative solutions to your core challenges.
“First class event that presented a wide variety of perspectives and technologies in an engaging and informative forum” – Data Center Project Architect, AWS
DCD Compute
Uniting enterprise and hyperscale leaders driving scalable AI Infrastructure from silicon to software…
New workloads are fundamentally reshaping IT infrastructure, as accelerated hardware innovation is enabling more new workloads. How can you keep up in this rapid cycle of new AI models, new hardware, new software, and the race to be first to market?
The Compute event series, run in partnership with SDxCentral, empowers leaders to make sharp decisions on IT infrastructure and AI deployment. Join 400+ peers from enterprise, hyperscale, and top IT infrastructure and architecture innovators to shape the future of compute—on-prem or in the cloud.
400+ Decision-Makers for IT Infrastructure, Architecture, AI, HPC and Quantum Computing
60+ industry-leading speakers at the forefront of innovation across cloud and on-prem compute
Hosted in partnership with SDxCentral
DCD Investment
Connecting senior dealmakers driving the economic evolution of digital infrastructure…
The world depends on digital infrastructure, and there’s never been more pressure on the industry to scale at speed. The Data Center Dynamics Investment series helps the leading dealmakers behind this growth to make informed decisions faster, through top-tier content, tailored networking, and best-practice sharing.
Dynamic Programme: A brand new format including leadership roundtable discussions allows for 2025 attendees craft their own agenda at the Forum.
50 Speakers: The C-suite operators, leading investors, and advisors in data centers are converging to strategize on the industry’s evolving landscape.
Exclusive Networking Opportunities: The Investment Forum is separated from the main DCD Connect programme and show floor, offering private networking and dealmaking opportunities to take place in an optimal setting.
This month’s cover star, Dr. Noxolo Kubheka-Dlamini – Chief Digital and Information Officer at Telkom Consumer & Small Business, speaks to the process of leading an ongoing digital transformation
SHARE THIS STORY
Welcome to the latest issue of Interface magazine!
Our cover star talks us through the process of leading an ongoing digital transformation that is pragmatic, strategic and embedded in business goals at South Africa’s largest telecommunications platform provider. “By the time we entered the mobile space in 2010, the market was already saturated,” explains Dr. Noxolo Kubheka-Dlamini, Chief Digital & Information Officer at Telkom Consumer & Small Business. “Our ambitions were constrained by limited capital, inherited legacy systems, regulatory shackles, and the sheer inertia of being a former state-run monopoly.” However, Telkom’s “willpower and commitment never faded” resulting in “notable and consistent performance against all odds”. Today, Telkom is playing a pivotal role in ensuring access to meaningful connectivity, driven by the company’s vision to become South Africa’s digital backbone: bridging the digital divide and enabling inclusive participation in its digital economy.
Kynegos: Shining a Spotlight on Transformation, Innovation and Sustainability
Kynegos, a spin-off from Capital Energy, is a business built on strategy. It exists to develop technological solutions for strategic industries. Capital Energy needed an independent platform that could scale digital solutions beyond the energy sector, and foster collaboration with startups and technology centres. Kynegos has filled this gap, and is being leveraged to create co-innovation ecosystems. This allows Capital Energy to develop digital tools that address current and future industrial challenges, keeping the company’s finger on the pulse. We spoke to CEO Victor Gimeno Granda, about its backstory, its values, and the road ahead. “Not only do we develop digital assets for the renewable sector, but for green data centres as well. My perspective is that sustainability is going to be more relevant than ever in the next 18 months.”
York County: The Human Side of AI
York County’s IT team has spent the past decade redefining what local government tech can and should be. From pioneering community cybersecurity workshops to forging statewide collaboration through ValGITE, the county has systematically brought innovation into its operations. This broad portfolio of initiatives has strengthened infrastructure and elevated service delivery. And also earned York County the number one spot in the Digital Counties Survey for jurisdictions under 150,000 population.
“Since I became deputy director eight years ago, this has been one of my goals,” reflects Tim Wyatt, director of information technology at York County. “And over the last eight years, we’ve been in the top 10, but we finally landed that number one place. I think it’s a great reflection for my team, the county, and all the dedication to try to do what’s right by the citizens. It’s just something I’m incredibly proud of. I think it accurately reflects the hard work of my team.”
Wade Trim: Bridging the Cybersecurity Skills Gap
Wade Trim provides consulting engineering, planning, surveying, landscape architecture and environmental science services to meet the infrastructure needs of government and private corporations. With a cybersecurity skills gap leaving vacancies unfilled, Wade Trim’s Senior Manager of Information Security, Eric Miller, spoke with Interface about how stepping away from education-focused rigidity could unlock swathes of latent talent. “Our industry puts emphasis on certifications. However, being passed over for jobs because you don’t have a particular certification or degree in favour of someone fresh out of college has shown me that the best candidates are those that can tell me their story. What brings them to this point in their career? Tell me what qualifies you for this role. That’s how I interview.”
York Catholic District School Board: York Catholic District School Board: Community and Communication at the Heart of IT Strategy
The challenges facing an IT leader in 2025 call for a new kind of approach. One that favours partnerships over transactions, collaboration over competition, and centres people rather than technology for technology’s sake. These perspectives ring especially true in an organisation like the York Catholic District School Board (YCDSB). It emphasises values like “service, community, collaboration, and fait rather than academic excellence alone,” explains Scott Morrow, YCDSB’s Chief Information Officer (CIO). “It’s not actually about the technology; it’s about enablement.”
We spoke with Morrow to learn more about his approach to IT leadership. From building and maintaining a team amid the IT talent crisis, to driving digital transformation initiatives across the organisation. And broader strategic objectives across a changing technology landscape increasingly defined by cybersecurity and the rise of AI.
Security, AI, and Digital Resilience: A look inside Visions CIO + CISO
SHARE THIS STORY
The cybersecurity landscape has never been so fast-moving or complex. The stakes have never been higher. A worsening geopolitical reality and increasingly sophisticated cyber threats mean that the role of security leaders is more pivotal than ever as devastating cyber breaches become a matter of “when,” not “if.” It’s a time for information and skill sharing, networking, and collective action in an industry facing a more challenging future than ever.
Visions CIO + CISO Summit brings together executive security and technology leaders and experts from the largest organisations in multiple industries to network and learn from the people driving innovation in the IT and cyber spaces. This year’s event took place between April 28-30, and featured 8 tentpole sessions, over 30 presentations from key industry figures, and more than 30 speakers across the various panels, fire-side chats and peer-to-peer round tables that comprise the rest of the event. Speakers and solutions providers at this year’s event included Illumio, Threatlocker, LastPass, Claranet, Okta, Covertswarm, Intruder, and Ripjar RPC Services. Also in attendance were IT and security professionals from large scale enterprises, including Currys, Astley Digital, 24/7 Home Rescue, H&M Group, IBM, MUFG (Mitsubishi Financial Group), Federated Hermes, Deliveroo, Experian, Saint-Gobain, and Nordea GSK.
At the event, and afterwards, we were lucky enough to catch up with some of the leaders speaking at Visions and get their perspectives on key trends affecting the IT space — from the ever-relevant issue of security to AI and digital resilience.
1. What’s the general outlook for the IT and fintech sectors right now? Is this a scary time? An exciting one?
“It’s an exciting time, particularly within the UK banking sector, where we’re seeing a real shift toward customer-centric innovation. Financial institutions are working hard to deliver seamless, secure, and personalised experiences—often by leveraging cloud, AI, and advanced analytics.”
“There’s a strong emphasis on modernising legacy systems, improving digital onboarding, and enhancing fraud prevention without compromising user experience. This push for technology-driven customer satisfaction is creating space for smarter, faster, and more agile solutions—making it a great time to be contributing to the evolution of digital trust and transformation in financial services.”
2. What are some of the challenges organisations are facing that you can help them with? What problems are they asking you to solve?
“Many organisations are grappling with how to secure cloud environments at scale without slowing down innovation. Key challenges include visibility across hybrid or multi-cloud setups, managing identity and access with precision, and operationalising zero trust.”
“There’s also a strong demand for integrating security earlier in the development lifecycle—what we often refer to as shifting security left. People are asking how to reduce complexity, automate controls, and move away from reactive postures to proactive, real-time risk mitigation.”
1. What kind of outlook does an organisation like Federated Hermes have right now towards the industry? Is this a scary time? An exciting one?
2025 is shaping up to be a very dynamic year for the markets at large. There are rapid developments, from geopolitics to booming technology innovation with AI, that are impacting how the markets move as well changing the environment we operate in as a business. As a global asset manager, Federated Hermes is staying abreast of these changes to ensure we can be where the markets are, whilst maintaining efficiency in our operations for strong profitability.
2. What problems are people asking you to solve right now?
The ever changing world of cyber has historically been difficult for businesses to decipher. In the last few years, it has become even more difficult to keep up, with the advent of AI and how it is changing the technology landscape. Whilst businesses are trying to understand this new technology and embed it into their products and operations, cyber-criminal enterprises are leaping ahead in innovation and starting to leverage it in novel ways. The challenge this brings is two-fold.”
“On one hand, businesses are trying to find the right use cases for AI to get their return on investment at every level. This applies to core business functions, as well as Technology departments and the Security organisations. As cyber strategists we are now being forced to be innovators ourselves and not just passive consumers of the latest products and market trends. This brings a new perspective to how we design controls, build our roadmaps and prioritize our budget items. Boards and executive teams are looking for Security teams who are embracing AI and maximizing the effectiveness and efficiency of their programmes.”
“The second challenge is on the defensive side. The average person, as well as the average corporate employee, is lagging behind in understanding what the latest AI models are capable of, let alone understanding how they can be used to conduct cybercrime. Working in security, we find ourselves in a situation where we both need to find ways to keep up with cyber criminals to defend our enterprises, as well as keep educating our staff and management teams so that we can bring them on this journey.”
1. Would you say this is an exciting time for Astley Digital?
“Astley Digital is at a pivotal point in its journey, experiencing remarkable growth and expanding our service offerings. We’re actively exploring partnerships with innovative cybersecurity companies like ThreatLocker, enabling us to provide even more robust endpoint security solutions for our clients.”
“Additionally, the evolving landscape of cybersecurity is presenting us with unique opportunities to leverage AI for predictive threat analysis, streamline incident response, and enhance our managed security services. This moment is particularly exciting as we are positioning ourselves not just as a service provider but as a thought leader in cybersecurity strategy, risk management, and digital transformation for businesses across various sectors.”
2. What are some of the key challenges organisations are facing that you can help them with? What problems are they asking you to solve?
“Organisations today are grappling with a rapidly changing threat landscape, and one of the most significant challenges is maintaining a strong cybersecurity posture amidst evolving threats. At Astley Digital, we address critical issues such as:
“Endpoint Security: Many organisations struggle with managing endpoint security across remote and hybrid workforces. We provide comprehensive solutions that restrict unauthorised software and applications, preventing potential breaches and maintaining data integrity.”
“Third-Party Risk Management: Ensuring third-party vendors maintain security standards is another pressing concern. We work closely with our clients to assess, monitor, and mitigate third-party risks to prevent supply chain attacks.”
“Incident Response and Recovery: Companies are seeking rapid and effective incident response strategies. We offer real-time monitoring, response planning, and post-incident analysis to minimise business disruptions.”
“Regulatory Compliance: Compliance is a growing concern, especially in highly regulated industries. Our team assists with implementing frameworks that align with industry standards, ensuring data protection and reducing legal risks.”
“We are really fortunate to have reach and presence with clients across different sectors. We have professional service specialisms that respond to many of the trickiest and most important strategy and skill challenges that clients face; technology, cyber security, AI, data, and digital regulations to name a few. Not only is it a great time to be helping clients with those issues and helping them make their businesses more capable, effective, successful and resilient, from a selfish perspective it’s an incredible privilege for our people to be trusted by clients to help with these super interesting initiatives.”
2. What are some of the key challenges organisations are facing that you can help them with? What problems are they asking you to solve?
“We help clients with everything from assessing and improving their resilience positions, to complying with the intersections of a range of existing regulations, frameworks and standards, through to future gazing and thinking about what’s possible through challenging the status-quo.”
“Lately that has included a lot of work on things like AI readiness, development of use cases, working on AI explainability and the human element of potential resistance to the kinds of change that AI and other emerging tech are delivering.”
“Of course an evergreen core of our work is digital resilience, including cyber security, so we do a lot on ensuring that new technology adoptions including those with AI sprinkled throughout them, are digitally and operationally resilient by design.”
“We’re at a turning point where AI is no longer a side conversation—it’s embedded in the way Deliveroo operates. That shift brings real momentum and urgency to the work we do in securing AI adoption and protecting digital environments.”
2. What are some of the key challenges organisations are facing that you can help them with? What problems are they asking you to solve?
“The main concern is how to adopt AI without opening the door to unmanaged risk. Businesses know they can’t sit this one out, but they’re looking for help building the right guardrails to manage risk; especially with evolving regulation and the rise of AI-powered threats like deepfake vishing and advanced phishing.”
1. What are you here at Visions to discuss with your peers in the cybersecurity and IT space?
“The first panel I was part of was the Threat Detection & AI Panel Discussion. We were looking at establishing trust, mitigating risks, and safeguarding security in the age of AI. I focused on how to balance the benefits of AI with the challenges of building trust, managing risks, and ensuring security.”
“Then, I had a deep dive into looking at an age where individuals don’t verify, they just take information, no longer researching to see if the information is correct.”
“I always remain sceptical, whilst understanding the value of efficiency. AI is now embedded in so many tools, but now the main concern is the people within the organisation. Monitoring and education are essential. People will often try to find a shortcut and the easy way to go about things. Until training, governance and understanding is at a level where there can be trust, I suggest turning it off.”
1. These are challenging times for cybersecurity teams. How has 2025 been going for you and Ripjar?
“Ripjar utilises new and emerging technology to solve customer problems in cyber threat investigations and anti-financial crime compliance. We’ve been able to help organisations achieve record results – identifying connections, anomalies and potential risks, while reducing false positives and increasing true positives – leading to best-in-class results in many industries. We’re excited to be sharing that technology, alongside further innovations, with other organisations as we expand our global coverage.”
“The advent of generative AI creates vast risks and opportunities. It also shifts perspectives on existing machine learning and artificial intelligence technologies. It has been exciting to see how the newest AI can be combined with non-generative AI and other technologies to create new solutions to the problems that keep our customers awake at night.”
2. What are some of the challenges organisations are facing that you can help them with?
“Ripjar serves customers in several areas. Our anti-financial crime customers are trying to make sense of the ever-expanding business risks presented by their customers and counterparties in a tumultuous world. We’re able to help them in that journey, whether it’s responding to changing Russian or Middle East sanctions or aligning with the massive political changes that have impacted PEP (politically exposed persons) regimes all around the world.”
“Using foundational AI, we find broad risks in the media – which is often referred to as negative news or adverse media. That means reading through millions of daily news articles to identify risk signals which are important to those handling the world’s global payments or trading internationally. Agility is a key requirement for our customers, and machine learning and AI make it possible to make sense of huge quantities of structured and unstructured data quickly and accurately.”
“Our cyber customers are sophisticated threat investigators working in complex environments, including a number of MSSPs. They rely on our data fusion and investigations software to identify potential threats to their data and ultimately their businesses.”
Looking at the future
The shadows of GenAI, looming threats, and a shifting regulatory landscape loom over the global cybersecurity and IT communities, but the tone is also optimistic. While every leader we spoke to at Visions CIO + CISO acknowledged the threat posed by emerging technologies, many were also excited by the potential of GenAI tools to detect threats and help strengthen cybersecurity defenses.
Given how quickly the circumstances surrounding cybersecurity have changed in just a few short years, it’s almost impossible to predict where we’ll be by the end of the decade. However, the experts we spoke to at Visions are approaching the future with both eyes open — watchful for new risks, and determined to capitalise on new opportunities.
The next Visions CIO + CISO Summit (Autumn, UK) is taking place at the Allianz Stadium in London on 13 – 15 October, 2025. Learn more and register to attend here.
Tech Show London is coming to Excel March 12-13. Register for your free ticket now!
SHARE THIS STORY
Unlock unparalleled value with a single ticket that gets you free access to five industry-leading technology shows. Welcome to Cloud & AI Infrastructure, DevOps Live, Cloud & Cyber Security Expo, Big Data & AI World, and Data Centre World.
Tech Show London has it all. Don’t miss this immersive journey into the latest trends and innovations.
Discover tomorrow’s tech today
Unleash Potential, Embrace the Future. Hear from the greatest tech minds, all in one place.
Dive into a world where cutting-edge ideas shape your tomorrow. Tech Show London is the epicentre of technology innovation in London and beyond, hosting the brightest minds in technology, AI, cyber security, DevOps, and cloud all under one roof.
The Mainstage Theatre is not just a stage; it’s a launchpad for innovative ideas. Witness a stellar lineup featuring world-renowned experts from across the tech stack, influential C-level executives, key government figures, and the vanguards of AI and cybersecurity. All ready to share ideas set to rock the industry.
GLOBAL INSPIRATION, LOCAL IMPACT
Seize the opportunity to be inspired by global visionaries. Furthermore, with speakers from the UK, USA, and beyond, prepare to be inspired by transformative concepts and actionable strategies from technology insiders, ensuring your business stays ahead in an ever-evolving technology landscape.
Where the future of technology takes the stage
Secure your competitive edge at Tech Show London, the UK’s award-winning convergence of the industry’s brightest tech minds.
On 12-13 March 2025, gain vital foresight into the disruptive technologies reshaping your market, and position your organisation at the forefront of technology’s next frontier.
If you’re defining your business’s tech roadmap, register for your free ticket to join us at Excel London.
Head of Group Payment Strategy, Lee McNabb, explains how a customer-centric vision, allied with a culture of innovation, is positioning NatWest at the heart of UK plc’s Open Banking revolution: “The market we live in is largely digital, but we have to be where customers are and meet their needs where they want them to be met. That could be in physical locations, through our app, or that could be leveraging the data we have to give them better bespoke insights. The important thing is balance… At NatWest, we’ll keep pushing the envelope on payments for a clear view of the bigger picture with banking that’s open for everyone.”
EBRD: People, Purpose & Technology
We speak with the European Bank for Reconstruction & Development’s Managing Director for Information Technology, Subhash Chandra Jose. With the help of Hexaware’s innovation, his team are delivering a transformation programme to support the bank’s global investment efforts: “The sweet spot for EBRD is a triangular union of purpose, people, and technology all coming together. This gives me energy to do something innovative every day to positively impact my team and our work for the organisation across our countries of operation. Ultimately, if we don’t get the technology basics right, we can’t best utilise the funds we have to make a real difference across the bank’s global efforts.”
Begbies Traynor Group: A strategic approach to digital transformation
We learn how Begbies Traynor Group is taking a strategic approach to digital transformation… Group CIO Andy Harper talks to Interface about building cultural consensus, innovation, addressing tech debt and scaling with AI: “My approach to IT leadership involves creating enough headroom to handle transformation while keeping the lights on.”
University of Cinicinnati: Where innovation comes to life
Bharath Prabhakaran, Chief Digital Officer and Vice President at the University of Cincinnati (UC), on technology, innovation and impact, and how a passion for education underpins his team’s work. “The foundation of any digital transformation in my opinion is people, process, technology – in that order,” he states. “People and culture are always the most challenging areas to evolve because you’re changing mindset and behaviour; process comes a close second as in most organisations people are wedded to legacy ways of working. In some respects, technology is the easy part, you always implement the tools but they’ll not be effective if you don’t have the right people and processes.”
IT: A personal career retrospective
It’s fascinating, looking back at something as complex and profoundly impactful as IT. And for Claudé Zamboni, who is preparing to retire after over 40 years in the sector, it’s been an incredible time to be deeply involved in technology. “There have been monumental changes from when I first entered IT, where it was basically a black box,” says Zamboni. “People didn’t know what the IT team was doing, and those in IT would just handle problems without telling anyone how. It only started to become more egalitarian when the internet got more pervasive. We realised that with information being available everywhere, we would lose the centralisation function of IT. But that was okay, because data is universal.”
