Many cyber incident recovery playbooks assume that core system like Active Directory, Azure Entra, remote access tools, hypervisors, and backup infrastructure will still be available after an attack. In reality, these are often the first to fail. True resilience requires planning from ground zero: rebuilding trust, identity, networking, and backup layers before restoring applications. Organisations must define clean recovery environments, maintain offline documentation and credentials, and exercise “worst-case” scenarios that simulate total loss. Recovery plans should shift from restoring business systems to rebuilding foundational capabilities first ensuring recovery is possible even when everything else is gone.

When organisations think about breach reporting, the focus is usually on direct obligations: regulators (GDPR, NIS2, DORA, SEC, etc.) and, for those with more mature processes, their client contracts as well. But increasingly the transition to SaaS and cloud services means that the third party supply chain is now very much part of the equation and when your suppliers suffer a breach, it may quickly become your reporting problem. This article explores practicable actions you can take to reduce the risk of reporting failures in the event of a supplier security incident.

Breach reporting extends far beyond regulatory frameworks like GDPR, DORA, NIS2, and SEC. Research across the UK and EU has already identified over 120 time-specific obligations, with Germany alone adding state-level requirements. Yet regulatory reporting is only part of the challenge. Many organisations overlook contractual obligations to notify clients which are often stricter than laws, requiring disclosure within 24 hours or even immediately. These clauses, negotiated by Sales or Legal, frequently remain invisible to Security teams, creating risk during incidents. To manage them, organisations must collaborate across teams, centralise obligations, align contracts, and embed requirements into response plans to protect trust, compliance, and resilience.

Over the past year I have become increasingly aware of the challenges large multi-national organisations face when dealing with a large cyber or data protection breach. But one aspect that isn’t always at the top of mind when all hands are on deck trying to recover from the incident is regulatory reporting. This article explores this and highlights the increasing breadth and complexity of reporting obligations that organisations are faced with.

Over the past year I have read and commented on many posts about the state of the security hiring market and thought I would share my recent personal experience of role hunting.

AI can supercharge security operations, but replacing entry‑level analysts outright would erode the talent pipeline and ultimately weaken both human expertise and the AI systems that depend on it. A balanced model where AI augments junior staff rather than displacing them protects long‑term resilience while still reaping automation’s gains.

“Pragmatic” has become a buzzword that can mask cost‑cutting and watered‑down security, putting organisations at greater cyber risk and marginalising CISOs who press for stronger safeguards. The article argues that true pragmatism should instead mean clearly defining security red lines, giving CISOs a central voice, and using continual risk assessment to align robust protection with business goals.

Security professionals often treat cybersecurity maturity ratings like outrunning a bear—aiming only to outpace their peers, but this focus on incremental scores may give leaders a false sense of safety and divert resources from higher‑impact risk‑reduction measures. Do these small, costly gains (e.g., moving from 3.5 to 3.8) actually lower breach odds?

Staff tasked with enforcing corporate policies (e.g., security, health & safety, HR) often face significant emotional stress and negative perceptions, yet existing research largely overlooks their well‑being compared with that of the policy‑followers they monitor. It calls for evidence‑backed techniques such as automation, behavioural “nudge” approaches, and reframing interactions to help enforcers lessen stress, improve compliance, and be viewed more positively by colleagues.

Cybersecurity is now a board‑level strategic risk which is impossible to eliminate entirely. Directors must view it through the same lens as other enterprise risks and not just as a technical issue.

Boards should define their risk appetite, embed risk‑based security frameworks and culture, and keep cyber governance on every agenda to drive resilient, business‑aligned protection.

The article explores the evolution of IT security from a confrontational approach to a collaborative partnership, emphasizing the importance of integrating security teams with infrastructure and business functions. This shift has led to improved compliance, reduced risk, and enhanced overall security through cooperation and mutual understanding.