IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
19 Aug 2025
Google spins up agentic SOC to speed up incident management
Google Cloud elaborates on its vision for securing artificial intelligence unveiling new protections and capabilities across its product suite Continue Reading
-
News
19 Aug 2025
ISACA launches AI security management certification
ISACA accredited security professionals can now pursue a new AI security management credential Continue Reading
-
News
19 Aug 2025
Singapore board directors to get cyber crisis training
The Singapore Institute of Directors and Ensign InfoSecurity have launched a programme to equip 1,000 board leaders with the skills to navigate high-stakes decisions during a cyber crisis Continue Reading
-
News
18 Aug 2025
L’Oréal to promote cyber resilience for Britain’s beauty salons
L’Oréal UK and Ireland will work with law enforcement, cyber educators and students, and other large organisations to help thousands of small salons across the UK improve their cyber resilience practice Continue Reading
-
News
15 Aug 2025
UK cyber leaders feel impact of Trump cutbacks
The ripple effects of US cyber security cutbacks have reached this side of the Atlantic, according to a report Continue Reading
-
News
15 Aug 2025
US trade body calls on Washington to cut cyber red tape
The US Information Technology Industry Council has called on the White House’s Office of the National Cyber Director to cut burdensome regulations in areas such as AI and incident reporting, and to do more to build a unified security regime Continue Reading
-
Feature
15 Aug 2025
The UK’s Online Safety Act explained: what you need to know
In this essential guide, Computer Weekly looks at the UK’s implementation of the Online Safety Act, including controversies around age verification measures and the threat it poses to end-to-end encryption Continue Reading
-
Opinion
15 Aug 2025
Guardian agents: Stopping AI from going rogue
AI systems don't share our values and can easily go rogue. But instead of trying to make AI more human, we need a new class of guardian agents to act as digital sentinels, monitoring our autonomous systems before we lose control completely Continue Reading
-
Opinion
13 Aug 2025
What the UK's ransomware crackdown signals for Europe
The UK government is forging a bold path as it aims to ban ransomware payments from certain organisations. Its actions could herald an inflexion point in Europe's broader response to ransomware. Continue Reading
-
News
12 Aug 2025
Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list
Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update Continue Reading
-
News
12 Aug 2025
Researchers firm up ShinyHunters, Scattered Spider link
ReliaQuest researchers present new evidence that firms up a potential link, or outright partnership, between the ShinyHunters and Scattered Spider cyber gangs Continue Reading
-
News
12 Aug 2025
UK work visa sponsors are target of phishing campaign
Mimecast identifies a phishing campaign targeting UK organisations that sponsor migrant workers and students, opening the door to account compromise and visa fraud Continue Reading
-
News
12 Aug 2025
Workday research: 75% of employees will work with artificial intelligence, but not for it
Workday research finds 75% of workers like AI as a teammate, but only 30% want it to be the boss. Trust in the technology may grow with use, but human focus, clear roles and governance are key Continue Reading
-
Opinion
12 Aug 2025
What boards should look for in a CISO
The role of the chief information security officer has evolved dramatically over the years – and will continue to do so. What should boards really looking for when hiring a security leader in 2025? Continue Reading
-
News
12 Aug 2025
Norway fixing Big Bang e-health botch with fintech security
Experts call for Europe’s health sector to protect medical APIs with security originated from UK open banking as officials take urgent measures against unprecedented attacks Continue Reading
-
Feature
11 Aug 2025
ShinyHunters Salesforce cyber attacks explained: What you need to know
Computer Weekly gets under the skin of an ongoing wave of ShinyHunters cyber attacks orchestrated via social engineering against Salesforce users Continue Reading
-
Opinion
11 Aug 2025
How CISOs can adapt cyber strategies for the age of AI
Traditional security measures may not be able to cope with the AI reality. In order to safeguard enterprise operations, reputation and data integrity in an AI-first world, security leaders need to rethink. Continue Reading
-
News
11 Aug 2025
McCullough Review into PSNI spying on journalists and lawyers delayed
Angus McCullough KC is to present findings of an independent review of police spying on phone data of lawyers, journalists and NGOs in Northern Ireland in October Continue Reading
-
News
11 Aug 2025
Watching the watchers: Is the Technical Advisory Panel a match for MI5, MI6 and GCHQ?
Dame Muffy Calder is chair of the Technical Advisory Panel (TAP), a small group of experts that advises the Investigatory Powers Commissioner on surveillance technology. Do they have what it takes to oversee the intelligence community? Continue Reading
-
Definition
08 Aug 2025
What is the three lines model and what is its purpose?
The three lines model is a risk management approach to help organizations identify and manage risks effectively by creating three distinct lines of defense. Continue Reading
-
Definition
07 Aug 2025
What is integrated risk management (IRM)?
Integrated risk management (IRM) is a set of proactive, businesswide practices that contribute to an organization's security, risk tolerance profile and strategic decisions. Continue Reading
-
News
06 Aug 2025
NCSC updates CNI Cyber Assessment Framework
Updates to the NCSC’s Cyber Assessment Framework are designed to help providers of critical services better manage their risk profiles Continue Reading
-
Definition
06 Aug 2025
What is enterprise risk management (ERM)?
Enterprise risk management (ERM) is the process of planning, organizing, directing and controlling the activities of an organization to minimize the harmful effects of risk on its capital and earnings. Continue Reading
-
News
06 Aug 2025
Australian scaleup to bring AI-led data protection to the MoD
The UK’s Ministry of Defence is embracing AI-led data protection in the wake of a major privacy breach, enlisting Australian cyber firm Castlepoint Systems to oversee sensitive records Continue Reading
-
News
05 Aug 2025
Attacker could defeat Dell firmware flaws with a vegetable
Cisco Talos discloses five vulnerabilities in cyber security firmware used on Dell Latitude and Precision devices, including one that could enable an attacker to log on with a spring onion Continue Reading
-
E-Zine
05 Aug 2025
Digitising fan experience
In this issue, discover the latest twist regarding a secret Home Office order requiring Apple to give UK law enforcement access to users’ encrypted data stored on the Apple iCloud. Also discover how the Premier League is using digital means to reach fans, and learn about identity security in SaaS deployments. Read the issue now. Continue Reading
-
News
04 Aug 2025
Black Hat USA: Halcyon and Sophos tag-team ransomware fightback
Ransomware experts Halcyon and Sophos are to pool their expertise in ransomware, working together to enhance data- and intelligence-sharing and bringing more comprehensive protection to customers Continue Reading
-
News
01 Aug 2025
Met Police to double facial recognition use amid budget cuts
The UK’s largest police force is massively expanding its use of live facial recognition technology as it prepares to lose 1,700 officers and staff Continue Reading
-
Opinion
01 Aug 2025
The blind spot: digital supply chain is now a board-level imperative
Many companies lack visibility into complex digital supply chains, meaning hidden risks and regulatory exposure. Cyber security requires continuous mapping and board engagement Continue Reading
-
Opinion
31 Jul 2025
I lost my sister to online harms, the OSA is failing vulnerable people
Adele is a member of Families and Survivors to Prevent Online Suicide Harms campaign, a network that brings together survivors and families bereaved by online harm-related suicides. They are calling for changes to the enforcement of the Online Safety Act Continue Reading
-
News
31 Jul 2025
Palo Alto Networks to acquire CyberArk for $25bn
The deal marks Palo Alto Networks’ entry into the identity and access management space amid the growing need to secure human, machine and emerging AI agent identities Continue Reading
-
News
30 Jul 2025
Scattered Spider tactics continue to evolve, warn cyber cops
CISA, the FBI, NCSC and others have clubbed together to update previous guidance on Scattered Spider's playbook, warning of new social engineering tactics and exploitation of legitimate tools, among other things Continue Reading
-
News
30 Jul 2025
MS Authenticator users face passkey crunch time
The deadline for moving to passkeys in Microsoft Authenticator is rapidly approaching, and users are advised to take action now Continue Reading
-
News
30 Jul 2025
AI-enabled security pushes down breach costs for UK organisations
Organisations that are incorporating AI and automation into their cyber security practice are seeing improved outcomes when incidents occur, according to an IBM study Continue Reading
-
News
30 Jul 2025
Industry experts warn crypto infrastructure is ‘creaking’
A report from experts at HSBC, Thales and InfoSec Global claims decades-old cryptographic systems are failing, putting businesses at risk from current vulnerabilities and the threat from quantum computing Continue Reading
-
News
30 Jul 2025
International AI Alignment effort tackles unpredictability
Given AI systems are probabilistic, a group of international experts are collaborating to ensure such systems operate in the best interest of society Continue Reading
-
News
29 Jul 2025
Austrian government faces likely legal challenge over state spyware
Civil society groups are talking to opposition MPs about bringing a legal challenge to the Austrian constitutional court over ‘state trojan’ law Continue Reading
-
News
29 Jul 2025
European Commission ignores calls to reassess Israel data adequacy
The European Commission is ignoring calls to reassess Israel’s data adequacy status in spite of concerns raised about its data protection framework and use of personal data in ‘repressive practices’ Continue Reading
-
News
29 Jul 2025
Global cyber spend will top $200bn this year, says Gartner
Worldwide spending on cyber security will hit another record high in 2025, and will go higher still next year Continue Reading
-
Opinion
29 Jul 2025
Burnout burden: why CISOs are at breaking point, what needs to change
CISOs face growing burnout as their roles expand beyond security, with high stress, low organisational authority, and short tenure. AI can help but change requires autonomy Continue Reading
-
Feature
29 Jul 2025
Building digital resilience in retail
Retail is suffering economically and from hacking attacks. What steps can retailers can take to prevent cyber attacks, supply chain disruptions and migration downtime? Continue Reading
-
News
28 Jul 2025
Data resilience critical as ransomware attacks target backups
With more threat actors targeting backup repositories to ensure a payday, Veeam urges organisations to treat data resilience as a competitive advantage, not just an insurance policy Continue Reading
-
News
25 Jul 2025
Interview: Cambridge Consultants CEO Monty Barlow scans for tech surprises
Cambridge Consultants is a technology and consulting business unit of Capgemini. Its chief executive, Monty Barlow, talks about its heritage and vision for the future of digital technology Continue Reading
-
News
24 Jul 2025
Dutch researchers use heartbeat detection to unmask deepfakes
Dutch method to counter deepfakes analyses blood flow patterns in faces that current deepfake generation tools cannot yet replicate Continue Reading
-
News
24 Jul 2025
Monzo’s £21m fine highlights banks’ cyber security failures
Monzo’s recent fine over failings in its customer verification processes highlights wider security and privacy shortcomings in the personal finance world Continue Reading
-
News
22 Jul 2025
Microsoft confirms China link to SharePoint hacks
Microsoft confirms two known China-nexus threat actors, and one other suspected state-backed hacking group, are exploiting vulnerabilities in SharePoint Server Continue Reading
-
Opinion
22 Jul 2025
Overconfidence in cyber security: a silent catalyst for CNI breaches
Many CNI organisations are perilously overconfident in their ability to manage and combat cyber risks, according to Bridewell research. This is leaving vital systems exposed. Continue Reading
-
News
22 Jul 2025
Interview: How OpenAI is making ChatGPT public and private sector-ready
We speak to OpenAI’s solution engineering lead, Matt Weaver, about enterprise adoption and making ChatGPT secure Continue Reading
-
News
21 Jul 2025
UK may be seeking to pull back from Apple encryption row with US
UK government officials say that attempts by the Home Office to require Apple to introduce ‘backdoors’ to its secure encrypted storage service will cross US red lines Continue Reading
-
News
21 Jul 2025
The Security Interviews: Jason Nurse, University of Kent
Jason Nurse, reader in cyber security at the University of Kent, discusses the psychological side of cyber and online safety, why placing blame on users as ‘the weakest link’ is wrong – and why security pros should think about user needs more Continue Reading
-
Feature
21 Jul 2025
Meet the deepfake fraudster who applied to work at a deepfake specialist
A recruiter at voice fraud specialist Pindrop had a shock when they came face-to-face with the same deepfake job candidate not once, but twice. Hear their story and learn how to start to protect your hiring process Continue Reading
-
News
21 Jul 2025
Singapore under ongoing cyber attack from APT group
Nation-state actor UNC3886 is actively targeting Singapore’s critical national infrastructure in a sophisticated espionage and disruption campaign, with the country mounting a whole-of-government response Continue Reading
-
News
18 Jul 2025
DWP accused of shielding AI deployments from public scrutiny
Amnesty International and Big Brother Watch say Department for Work and Pensions’ ‘unchecked’ and opaque use of AI in the UK benefits system treats claimants as suspicious and is shielded from public scrutiny Continue Reading
-
News
17 Jul 2025
Estimated 96% of EMEA financial services sector not ready for DORA
Research from data backup provider Veeam indicates that vast majority of European financial services firms do not feel ready to meet the resiliency requirements of the EU’s DORA act Continue Reading
-
E-Zine
17 Jul 2025
CW EMEA: Vive la AI
In this quarter’s CW EMEA, we look at how one of the Netherlands’ leading technology education centres, Eindhoven University of Technology, fell victim to sophisticated cyber attacks. What unfolded in the university’s reaction is evidence that the hard work and preparation for such an event pays off. Continue Reading
-
News
17 Jul 2025
Terrorist potential of generative AI ‘purely theoretical’
UK terror legislation advisor takes stock of the potential for generative artificial intelligence systems to be adopted by terrorists, particularly for propaganda and attack planning purposes, but acknowledges the impact may be limited Continue Reading
-
News
16 Jul 2025
Hackbots biggest cloud security risk, slashing attack times to minutes
With cyber criminals using automated tools to steal data in minutes, organisations must focus on runtime protection and automated responses to combat the rising threat from AI and misconfigured cloud assets Continue Reading
-
News
16 Jul 2025
Forrester urges IT leaders to dump technical debt
IT needs to invest in innovative technologies and outsource legacy IT management to tackle volatile global markets, says Forrester Continue Reading
-
News
16 Jul 2025
Securonix tackles security data deluge with AI-driven platform
As security data volumes grow and security budgets tighten, Securonix is betting on its AI-driven platform to help businesses manage threats cost-effectively, says its CEO Continue Reading
-
News
15 Jul 2025
Current approaches to patching unsustainable, report says
Organisations are struggling to prioritise vulnerability patching appropriately, leading to situations where everything is a crisis, which helps nobody, according to a report Continue Reading
-
Definition
15 Jul 2025
What is supply chain risk management (SCRM)?
Supply chain risk management (SCRM) is the coordinated efforts of an organization to help identify, monitor, detect and mitigate threats to supply chain continuity and profitability. Continue Reading
-
News
15 Jul 2025
Ada Lovelace: using market forces to professionalise AI assurance
The Ada Lovelace Institute examines how ‘market forces’ can be used to drive the professionalisation of artificial intelligence assurance in the context of a wider political shift towards deregulation Continue Reading
-
News
15 Jul 2025
Datadog doubles down on APAC, targets faster growth
The observability tools supplier is executing a multi-year growth plan for Asia-Pacific and Japan, focusing on data residency, localisation and AI-driven observability to grow its market share Continue Reading
-
News
14 Jul 2025
Brits clinging to Windows 10 face heightened risk, says NCSC
Businesses and consumers alike may not feel the need to upgrade to Windows 11 as its predecessor approaches end-of-life, but they are putting their own security at risk, says the NCSC Continue Reading
-
Feature
14 Jul 2025
Assessing the risk of AI in enterprise IT
We speak to security experts about how IT departments and security leaders can ensure they run artificial intelligence systems safely and securely Continue Reading
-
News
14 Jul 2025
AI adoption grows amid falling trust in AI outputs
As organisations move from AI hype to reality, a decline in trust for AI outputs is not a sign of failure, but a signal of market maturity, according to Bhavya Kapoor, Avanade's Asia-Pacific president Continue Reading
-
News
11 Jul 2025
MoD supply chain cyber scheme gets up and running
The Ministry of Defence and IASME have launched a certification scheme for organisations working in the UK defence supply chain, with construction firm Morgan Sindall the first business to achieve compliance Continue Reading
-
News
11 Jul 2025
UK to create ‘governance framework’ for police facial recognition
Home secretary Yvette Cooper has confirmed UK will regulate police facial recognition, citing police reticence to deploy systems without proper governance, but declined to say if any new framework will be statutory Continue Reading
-
News
11 Jul 2025
AWS bolsters security tools to help customers manage AI risks
Amazon Web Services has unveiled new and updated security services, including container-level threat detection and a unified command centre, to help organisations build and secure artificial intelligence applications Continue Reading
-
News
10 Jul 2025
Government funding to help SMEs protect their IP
Scheme will see SMEs and innovative startups working in sensitive sectors receive advice on enhancing cyber and physical security measures to protect their valuable intellectual property Continue Reading
-
News
09 Jul 2025
Qantas details impact of data breach on 5.7 million customers
Australian flag carrier begins notifying millions of individuals after a cyber attack on a call centre, confirming that while financial and passport details are safe, a significant volume of other personal information was compromised Continue Reading
-
News
08 Jul 2025
AI for Good: Signal president warns of agentic AI security flaw
Secure by design is a mantra of the tech sector, but not if it’s agentic AI, which wants ‘root’ access to everything Continue Reading
-
News
08 Jul 2025
NHS trust accused of ‘at best cavalier, at worst deceitful’ behaviour after deleting emails
A London hospital trust faces allegations it withheld key evidence from a tribunal hearing after one of its directors attempted to destroy more than 90,000 emails Continue Reading
-
E-Zine
08 Jul 2025
Do tech executives in US Army present conflict of interest?
In this week’s Computer Weekly, we take a deep dive into the controversial news that four technology executives have been sworn into the US military to make the armed forces ‘more lethal’. In other US-centric news, we look at how President Trump’s downgrading of diversity and inclusion initiatives could be potentially rippling across the Atlantic and affecting tech hiring trends in the UK. We also hear about a UK startup that is using AI to pinpoint the genetic code that needs tweaking to increase tomato and potato yields, as part of a broader push to increase the nation’s food security in the face of climate change. Read the issue now. Continue Reading
-
News
08 Jul 2025
Proofpoint bets on APAC growth amid spike in AI-driven threats
With cyber attacks spiking in non-English-speaking markets such as Japan, the security firm is boosting its regional presence to combat a wave of AI-generated threats Continue Reading
-
News
07 Jul 2025
Digital warfare is blurring civilian front lines
Singapore’s defence cyber chief warns that the traditional lines between military conflict and civilian life are blurring, with adversaries now targeting civilian systems and using AI to put the threat landscape on steroids Continue Reading
-
Opinion
04 Jul 2025
From the FBI to F&A: lessons learnt in safeguarding systems and data
One chief information security officer shares her experience of marshalling what she learned at the FBI for business security, with a particular focus on finance and accounting Continue Reading
-
News
03 Jul 2025
Fine-tuning to deliver business AI value
Foundation AI models offer knowledge that spans the internet, but they generally lack an understanding of proprietary business data and processes Continue Reading
-
News
02 Jul 2025
US CISA agency extends Iran cyber alert, warns of CNI threat
The US Cybersecurity and Infrastructure Security Agency reiterates guidance for operators of critical national infrastructure as it eyes the possibility of cyber attacks from Iran Continue Reading
-
News
02 Jul 2025
Dutch study uncovers cognitive biases undermining cyber security board decisions
Dutch research reveals how cognitive biases can lead to catastrophic security decisions Continue Reading
-
News
02 Jul 2025
Qantas customer data exposed in contact centre breach
Australian flag carrier is investigating significant data theft of personal information for up to six million customers after a third-party platform used by its call centre was compromised Continue Reading
-
Definition
30 Jun 2025
What is the ISO 31000 Risk Management standard?
The ISO 31000 Risk Management framework is an international standard that provides organizations with guidelines and principles for risk management. Continue Reading
-
Opinion
30 Jun 2025
Better governance is required for AI agents
The Security Think Tank considers how CISOs can best plan to facilitate the secure running of AI and Gen AI-based initiatives and ensure employees do not inadvertently leak data or make bad decisions Continue Reading
-
Opinion
30 Jun 2025
Why AI reliability is the next frontier for technical industries
AI is no longer a futuristic idea — it’s embedded in the core operations of many of today’s industries. But can we trust its outputs? Continue Reading
-
News
27 Jun 2025
Citrix Bleed 2 under active attack, reports suggest
Days after news emerged of a Citrix NetScaler flaw comparable in its scope and severity to 2023’s infamous Citrix Bleed, there are already clear indicators that threat actors are taking advantage of the critical vulnerability Continue Reading
-
News
27 Jun 2025
Ciaran Martin: AI might disturb attacker-defender security balance
The founder of the National Cyber Security Centre spoke with Computer Weekly at Infosecurity Europe 2025 about how artificial intelligence might disturb the attacker-defender security equilibrium Continue Reading
-
News
27 Jun 2025
MPs propose ban on predictive policing
MPs are attempting to amend the UK government’s forthcoming Crime and Policing Bill so that it prohibits the use of controversial predictive policing systems Continue Reading
-
News
26 Jun 2025
Sky ECC distributor released from French custody pending trial
Canadian businessman accused of distributing Sky ECC encrypted phones has been released on bail after over four years in custody without a trial Continue Reading
-
News
25 Jun 2025
Latest Citrix vulnerability could be every bit as bad as Citrix Bleed
A Citrix NetScaler flaw that was quietly patched earlier in June is gathering widespread attention after experts noted strong similarities to the Citrix Bleed vulnerability that caused chaos in late 2023 Continue Reading
-
Definition
24 Jun 2025
What is risk avoidance?
Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization and its assets. Continue Reading
-
News
24 Jun 2025
One year since being freed, Julian Assange still a victim of state secrecy
If the State Department’s arguments prevail in FOIA litigation, the truth about US action against Julian Assange and WikiLeaks journalists will never be known Continue Reading
-
E-Zine
24 Jun 2025
Digital ID: cool or contentious?
In this week’s Computer Weekly, we dig into the discourse surrounding the proposal to roll out a national digital identity scheme across the UK, and hear from HPE’s CIO on what he’s learned from his time previously working as an IT chief in the retail sector. We round out the buyer’s guide to cloud repatriation with a look at what’s driving the trend, before concluding the issue with a look at the controversy surrounding quantum computing. Read the issue now. Continue Reading
-
News
23 Jun 2025
Widening Middle Eastern war increases cyber risk
With the entry of the US into the widening Middle Eastern conflict, cyber risk is likely to increase across the board Continue Reading
-
Definition
23 Jun 2025
What is pure risk?
Pure risk refers to risks that are beyond human control and result in a loss or no loss, with no possibility of financial gain. Continue Reading
-
Definition
23 Jun 2025
What is residual risk? How is it different from inherent risk?
Residual risk is the risk that remains after efforts to identify and eliminate some or all types of risk have been made. Continue Reading
-
Feature
23 Jun 2025
Clouded judgement: Resilience, risk and the rise of repatriation
Geopolitics, data sovereignty and rising costs are driving a change in cloud thinking, but it’s slow progress Continue Reading
-
News
20 Jun 2025
Cyber Essentials certifications rising slowly but steadily
The number of businesses attaining the NCSC Cyber Essentials certification continues to increase, but much more can be done to raise awareness of the scheme Continue Reading
-
News
20 Jun 2025
M&S, Co-op attacks a ‘Category 2 cyber hurricane’, say UK experts
The UK’s Cyber Monitoring Centre has published its first in-depth assessment of a major incident, reflecting on the impact of and lessons learned from Scattered Spider attacks on M&S and Co-op Continue Reading
-
News
20 Jun 2025
UK data reforms become law
UK passes wide-ranging data protection reforms to ‘simplify’ organisations’ sharing and processing of data, but questions remain whether changes will be accepted by European Commission when renewing UK data adequacy Continue Reading
-
Definition
20 Jun 2025
What is risk assessment?
Risk assessment is the process of identifying hazards that could negatively affect an organization's ability to conduct business. Continue Reading
-
News
19 Jun 2025
UBS employee data leaked after cyber attack on supplier
UBS and fellow Swiss bank Pictet have been affected by a cyber attack on a procurement service provider Continue Reading
-
News
18 Jun 2025
Traditional fake news detection fails against AI-generated content
As generative AI produces increasingly convincing text, Dutch researchers are exploring how linguistic cues, model bias, and transparency tools can help detect fake news. Continue Reading