IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
15 Jul 2025
Current approaches to patching unsustainable, report says
Organisations are struggling to prioritise vulnerability patching appropriately, leading to situations where everything is a crisis, which helps nobody, according to a report. Continue Reading
-
News
15 Jul 2025
Ada Lovelace: using market forces to professionalise AI assurance
The Ada Lovelace Institute examines how ‘market forces’ can be used to drive the professionalisation of artificial intelligence assurance in the context of a wider political shift towards deregulation Continue Reading
-
News
15 Jul 2025
Ada Lovelace: using market forces to professionalise AI assurance
The Ada Lovelace Institute examines how ‘market forces’ can be used to drive the professionalisation of artificial intelligence assurance in the context of a wider political shift towards deregulation Continue Reading
-
News
15 Jul 2025
Datadog doubles down on APAC, targets faster growth
The observability tools supplier is executing a multi-year growth plan for Asia-Pacific and Japan, focusing on data residency, localisation and AI-driven observability to grow its market share Continue Reading
-
News
14 Jul 2025
Brits clinging to Windows 10 face heightened risk, says NCSC
Businesses and consumers alike may not feel the need to upgrade to Windows 11 as its predecessor approaches end-of-life, but they are putting their own security at risk, says the NCSC Continue Reading
-
Feature
14 Jul 2025
Assessing the risk of AI in enterprise IT
We speak to security experts about how IT departments and security leaders can ensure they run artificial intelligence systems safely and securely Continue Reading
-
News
14 Jul 2025
AI adoption grows amid falling trust in AI outputs
As organisations move from AI hype to reality, a decline in trust for AI outputs is not a sign of failure, but a signal of market maturity, according to Bhavya Kapoor, Avanade's Asia-Pacific president Continue Reading
-
News
11 Jul 2025
MoD supply chain cyber scheme gets up and running
The Ministry of Defence and IASME have launched a certification scheme for organisations working in the UK defence supply chain, with construction firm Morgan Sindall the first business to achieve compliance Continue Reading
-
News
11 Jul 2025
UK to create ‘governance framework’ for police facial recognition
Home secretary Yvette Cooper has confirmed UK will regulate police facial recognition, citing police reticence to deploy systems without proper governance, but declined to say if any new framework will be statutory Continue Reading
-
News
11 Jul 2025
AWS bolsters security tools to help customers manage AI risks
Amazon Web Services has unveiled new and updated security services, including container-level threat detection and a unified command centre, to help organisations build and secure artificial intelligence applications Continue Reading
-
News
10 Jul 2025
Government funding to help SMEs protect their IP
Scheme will see SMEs and innovative startups working in sensitive sectors receive advice on enhancing cyber and physical security measures to protect their valuable intellectual property Continue Reading
-
News
09 Jul 2025
Qantas details impact of data breach on 5.7 million customers
Australian flag carrier begins notifying millions of individuals after a cyber attack on a call centre, confirming that while financial and passport details are safe, a significant volume of other personal information was compromised Continue Reading
-
News
08 Jul 2025
AI for Good: Signal president warns of agentic AI security flaw
Secure by design is a mantra of the tech sector, but not if it’s agentic AI, which wants ‘root’ access to everything Continue Reading
-
News
08 Jul 2025
NHS trust accused of ‘at best cavalier, at worst deceitful’ behaviour after deleting emails
A London hospital trust faces allegations it withheld key evidence from a tribunal hearing after one of its directors attempted to destroy more than 90,000 emails Continue Reading
-
E-Zine
08 Jul 2025
Do tech executives in US Army present conflict of interest?
In this week’s Computer Weekly, we take a deep dive into the controversial news that four technology executives have been sworn into the US military to make the armed forces ‘more lethal’. In other US-centric news, we look at how President Trump’s downgrading of diversity and inclusion initiatives could be potentially rippling across the Atlantic and affecting tech hiring trends in the UK. We also hear about a UK startup that is using AI to pinpoint the genetic code that needs tweaking to increase tomato and potato yields, as part of a broader push to increase the nation’s food security in the face of climate change. Read the issue now. Continue Reading
-
News
08 Jul 2025
Proofpoint bets on APAC growth amid spike in AI-driven threats
With cyber attacks spiking in non-English-speaking markets such as Japan, the security firm is boosting its regional presence to combat a wave of AI-generated threats Continue Reading
-
News
07 Jul 2025
Digital warfare is blurring civilian front lines
Singapore’s defence cyber chief warns that the traditional lines between military conflict and civilian life are blurring, with adversaries now targeting civilian systems and using AI to put the threat landscape on steroids Continue Reading
-
Opinion
04 Jul 2025
From the FBI to F&A: lessons learnt in safeguarding systems and data
One chief information security officer shares her experience of marshalling what she learned at the FBI for business security, with a particular focus on finance and accounting Continue Reading
-
News
03 Jul 2025
Fine-tuning to deliver business AI value
Foundation AI models offer knowledge that spans the internet, but they generally lack an understanding of proprietary business data and processes Continue Reading
-
News
02 Jul 2025
US CISA agency extends Iran cyber alert, warns of CNI threat
The US Cybersecurity and Infrastructure Security Agency reiterates guidance for operators of critical national infrastructure as it eyes the possibility of cyber attacks from Iran Continue Reading
-
News
02 Jul 2025
Dutch study uncovers cognitive biases undermining cyber security board decisions
Dutch research reveals how cognitive biases can lead to catastrophic security decisions Continue Reading
-
News
02 Jul 2025
Qantas customer data exposed in contact centre breach
Australian flag carrier is investigating significant data theft of personal information for up to six million customers after a third-party platform used by its call centre was compromised Continue Reading
-
Definition
30 Jun 2025
What is the ISO 31000 Risk Management standard?
The ISO 31000 Risk Management framework is an international standard that provides organizations with guidelines and principles for risk management. Continue Reading
-
Opinion
30 Jun 2025
Better governance is required for AI agents
The Security Think Tank considers how CISOs can best plan to facilitate the secure running of AI and Gen AI-based initiatives and ensure employees do not inadvertently leak data or make bad decisions Continue Reading
-
Opinion
30 Jun 2025
Why AI reliability is the next frontier for technical industries
AI is no longer a futuristic idea — it’s embedded in the core operations of many of today’s industries. But can we trust its outputs? Continue Reading
-
News
27 Jun 2025
Citrix Bleed 2 under active attack, reports suggest
Days after news emerged of a Citrix NetScaler flaw comparable in its scope and severity to 2023’s infamous Citrix Bleed, there are already clear indicators that threat actors are taking advantage of the critical vulnerability Continue Reading
-
News
27 Jun 2025
Ciaran Martin: AI might disturb attacker-defender security balance
The founder of the National Cyber Security Centre spoke with Computer Weekly at Infosecurity Europe 2025 about how artificial intelligence might disturb the attacker-defender security equilibrium Continue Reading
-
News
27 Jun 2025
MPs propose ban on predictive policing
MPs are attempting to amend the UK government’s forthcoming Crime and Policing Bill so that it prohibits the use of controversial predictive policing systems Continue Reading
-
News
26 Jun 2025
Sky ECC distributor released from French custody pending trial
Canadian businessman accused of distributing Sky ECC encrypted phones has been released on bail after over four years in custody without a trial Continue Reading
-
News
25 Jun 2025
Latest Citrix vulnerability could be every bit as bad as Citrix Bleed
A Citrix NetScaler flaw that was quietly patched earlier in June is gathering widespread attention after experts noted strong similarities to the Citrix Bleed vulnerability that caused chaos in late 2023 Continue Reading
-
Definition
24 Jun 2025
What is risk avoidance?
Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization and its assets. Continue Reading
-
News
24 Jun 2025
One year since being freed, Julian Assange still a victim of state secrecy
If the State Department’s arguments prevail in FOIA litigation, the truth about US action against Julian Assange and WikiLeaks journalists will never be known Continue Reading
-
E-Zine
24 Jun 2025
Digital ID: cool or contentious?
In this week’s Computer Weekly, we dig into the discourse surrounding the proposal to roll out a national digital identity scheme across the UK, and hear from HPE’s CIO on what he’s learned from his time previously working as an IT chief in the retail sector. We round out the buyer’s guide to cloud repatriation with a look at what’s driving the trend, before concluding the issue with a look at the controversy surrounding quantum computing. Read the issue now. Continue Reading
-
News
23 Jun 2025
Widening Middle Eastern war increases cyber risk
With the entry of the US into the widening Middle Eastern conflict, cyber risk is likely to increase across the board Continue Reading
-
Definition
23 Jun 2025
What is pure risk?
Pure risk refers to risks that are beyond human control and result in a loss or no loss, with no possibility of financial gain. Continue Reading
-
Definition
23 Jun 2025
What is residual risk? How is it different from inherent risk?
Residual risk is the risk that remains after efforts to identify and eliminate some or all types of risk have been made. Continue Reading
-
Feature
23 Jun 2025
Clouded judgement: Resilience, risk and the rise of repatriation
Geopolitics, data sovereignty and rising costs are driving a change in cloud thinking, but it’s slow progress Continue Reading
-
News
20 Jun 2025
Cyber Essentials certifications rising slowly but steadily
The number of businesses attaining the NCSC Cyber Essentials certification continues to increase, but much more can be done to raise awareness of the scheme Continue Reading
-
News
20 Jun 2025
M&S, Co-op attacks a ‘Category 2 cyber hurricane’, say UK experts
The UK’s Cyber Monitoring Centre has published its first in-depth assessment of a major incident, reflecting on the impact of and lessons learned from Scattered Spider attacks on M&S and Co-op Continue Reading
-
News
20 Jun 2025
UK data reforms become law
UK passes wide-ranging data protection reforms to ‘simplify’ organisations’ sharing and processing of data, but questions remain whether changes will be accepted by European Commission when renewing UK data adequacy Continue Reading
-
Definition
20 Jun 2025
What is risk assessment?
Risk assessment is the process of identifying hazards that could negatively affect an organization's ability to conduct business. Continue Reading
-
News
19 Jun 2025
UBS employee data leaked after cyber attack on supplier
UBS and fellow Swiss bank Pictet have been affected by a cyber attack on a procurement service provider Continue Reading
-
News
18 Jun 2025
Traditional fake news detection fails against AI-generated content
As generative AI produces increasingly convincing text, Dutch researchers are exploring how linguistic cues, model bias, and transparency tools can help detect fake news. Continue Reading
-
News
17 Jun 2025
Scattered Spider widens web to target insurance sector
Following a series of high-profile attacks on prominent retailers and consumer brands, the Scattered Spider cyber crime collective appears to be expanding its targeting to the insurance sector Continue Reading
-
News
16 Jun 2025
Intelligence sharing key to cyber security in Europe, says EU Commission cyber expert
Cyber criminals choose not to attack Europe due to its resilience and preparedness, says the EU Commission’s principal advisor for cyber security coordination, Despina Spanou Continue Reading
-
Definition
16 Jun 2025
What is operational risk?
Operational risk is the risk of losses caused by flawed or failed processes, policies, systems, people or events that disrupt business operations. Continue Reading
-
News
11 Jun 2025
NHS IT the big winner in Reeves’ Spending Review
The chancellor of the exchequer has significantly upped spending on digital and technology initiatives in the current Spending Review period, with the NHS receiving a 50% tech funding increase Continue Reading
-
Opinion
11 Jun 2025
Cyber security beyond compliance: Why resilience is the new boardroom imperative
Cyber security has been everything from a tick-box exercise to a compliance headache for organisations - but the pressing threats we face mean cyber resilience must become a boardroom issue Continue Reading
-
Opinion
11 Jun 2025
Investor behaviour in the wake of cyber's 'black swan' moment
So-called Black Swan events expose the blind spots in even the most sophisticated forecasting models, signaling a need to rethink how businesses, and those investing in them, quantify and prepare for cyber risk. Continue Reading
-
News
11 Jun 2025
How breaking things builds resilient systems
To prevent and recover from outages in today’s complex, cloud-native world, enterprises must proactively and deliberately inject failure into their systems through chaos engineering practices Continue Reading
-
News
11 Jun 2025
June Patch Tuesday brings a lighter load for defenders
Barely 70 vulnerabilities make the cut for Microsoft’s monthly security update, but an RCE flaw in WEBDAV and an EoP issue in Windows SMB Client still warrant close attention Continue Reading
-
News
11 Jun 2025
Cyber Bill at risk of becoming a missed opportunity, say MPs
An APPG report warns that the government’s flagship cyber security legislation is too narrow in its scope and risks missing opportunities to embed resilience at the heart of the British economy Continue Reading
-
News
10 Jun 2025
Third-party security weaknesses threaten Europe’s big banks
Security breaches via third parties increased by 25% at Europe’s largest finance firms Continue Reading
-
Feature
09 Jun 2025
Are we normalising surveillance in schools?
Children and teenagers are subjected to a vast array of surveillance technologies in schools. These are intended to keep them safe, but are we normalising surveillance for young people? Continue Reading
-
News
06 Jun 2025
UK ICO publishes AI and biometrics strategy
The UK data regulator has outlined how it will approach the regulation of artificial intelligence and biometric technologies, which will focus in particular on automated decision-making systems and police facial recognition Continue Reading
-
News
06 Jun 2025
CISOs must translate cyber threats into business risk
To manage risk effectively and secure board-level buy-in, CISOs must stop talking about technology and start speaking the language of business, according to a senior Check Point executive Continue Reading
-
Opinion
05 Jun 2025
CISOs: Don't block AI, but adopt it with eyes wide open
The Security Think Tank considers how CISOs can best plan to facilitate the secure running of AI and Gen AI-based initiatives and ensure employees do not inadvertently leak data or make bad decisions. Continue Reading
-
Tip
05 Jun 2025
Compliance stakeholders and how to work with them
Stakeholders' involvement can strengthen an organization's compliance program. Learn best practices for engaging key stakeholders in compliance initiatives. Continue Reading
-
News
05 Jun 2025
UK’s error-prone eVisa system is ‘anxiety-inducing’
People experiencing technical errors with the Home Office’s electronic visa system explain the psychological toll of not being able to reliably prove their immigration status in the face of a hostile and unresponsive bureaucracy Continue Reading
-
News
05 Jun 2025
How GitLab is tapping AI in DevSecOps
GitLab CISO Josh Lemos explains how the company is weaving AI, through its Duo tool, into the entire software development lifecycle to enhance efficiency and automate incident response Continue Reading
-
News
04 Jun 2025
Put ROCs before SOCs, Qualys tells public sector
Putting risk operations before security operations may help government agencies and other public sector bodies better manage the myriad threats they face, and make better decisions for the security of all Continue Reading
-
News
04 Jun 2025
NCSC sets out how to build cyber safe cultures
The UK’s National Cyber Security Centre has published guidance for security teams and leaders on how to foster accessible and appropriate cyber security cultures in their organisations Continue Reading
-
News
04 Jun 2025
Investigatory powers: Guidelines for police and spies could also help businesses with AI
Computer Weekly talks to Muffy Calder, technology advisor to the UK’s investigatory powers commissioner, about privacy, intrusion and artificial intelligence Continue Reading
-
News
04 Jun 2025
Microsoft outlines three-pronged European cyber strategy
Microsoft chair Brad Smith outlines an expansive cyber programme targeting governments across Europe with enhanced threat intelligence and support Continue Reading
-
News
04 Jun 2025
European Commission should rescind UK data adequacy
Civil society organisations have urged the European Commissioner to not renew the UK’s data adequacy, given the country’s growing divergence from European data protection standards Continue Reading
-
Opinion
04 Jun 2025
Fortifying the future: The pivotal role of CISOs in AI operations
The Security Think Tank considers how CISOs can best plan to facilitate the secure running of AI and Gen AI-based initiatives and ensure employees do not inadvertently leak data or make bad decisions. Continue Reading
-
Feature
04 Jun 2025
Dutch university’s rapid response saved it from ransomware devastation
Eindhoven University of Technology has planned multi-factor authentication and regularly practised cyber crisis drills – yet it still fell victim to attackers who exploited gaps in its defences Continue Reading
-
Opinion
03 Jun 2025
Preparing for AI: The CISO’s role in security, ethics and compliance
The Security Think Tank considers how CISOs can best plan to facilitate the secure running of AI and Gen AI-based initiatives and ensure employees do not inadvertently leak data or make bad decisions. Continue Reading
-
News
03 Jun 2025
SailPoint charts course for AI-driven identity security
SailPoint is driving the use of agentic AI in identity security with its Harbor Pilot offering while preparing to help enterprises govern and secure AI agents Continue Reading
-
Opinion
02 Jun 2025
The hidden security risks of open source AI
The Security Think Tank considers how CISOs can best plan to facilitate the secure running of AI and Gen AI-based initiatives and ensure employees do not inadvertently leak data or make bad decisions. Continue Reading
-
Opinion
02 Jun 2025
AI security: Balancing innovation with protection
The Security Think Tank considers how CISOs can best plan to facilitate the secure running of AI and Gen AI-based initiatives and ensure employees do not inadvertently leak data or make bad decisions. Continue Reading
-
Feature
02 Jun 2025
Risk maturity model: How it works and how to use one
Explore risk maturity models and assessment tools for enhancing enterprise risk management. Improve ERM programs to mitigate risk and gain a competitive edge. Continue Reading
-
Definition
30 May 2025
What is security?
Security for information technology (IT) refers to the methods, tools and personnel used to defend an organization's digital assets. Continue Reading
-
News
30 May 2025
Dutch businesses lag behind in cyber resilience as threats escalate
While non-IT business professionals in the middle of their careers face the most disruption from AI, professionals in the IT services sector and their employers must prepare for change Continue Reading
-
Feature
30 May 2025
How cyber security professionals are leveraging AWS tools
It’s now essential for IT security teams to have oversight of cloud computing, and AWS offers a plethora of tools to make managing it easier. Find out how cyber pros are using them in the wild Continue Reading
-
Opinion
30 May 2025
What VMware’s licensing crackdown reveals about control and risk
An assessments of the risks VMware customers on perpetual licences now need to consider Continue Reading
-
News
30 May 2025
Cloud migration demands contractual safeguards and clear strategy
Cyber security experts urge organisations to define clear objectives, understand shared security models and implement strong data governance when migrating workloads to the cloud Continue Reading
-
Opinion
29 May 2025
RSAC rewind: Agentic AI, governance gaps and insider threats
AI was naturally a major theme of this year's RSAC conference, but we maybe failed to anticipate how it is coming to dominate every conversation. Continue Reading
-
Feature
29 May 2025
AI and compliance: Staying on the right side of law and regulation
Without careful planning, AI projects risk blundering into a legal and regulatory minefield. We look at the risks from hallucinations, basic errors and coming regulation Continue Reading
-
News
28 May 2025
UK biometric surveillance exists in ‘legal grey area’
The rapid proliferation of ‘biometric mass surveillance technologies’ throughout the UK’s public and private sectors is taking place without legal certainty or adequate safeguards for the public Continue Reading
-
News
28 May 2025
Remote purchase fraud surges 14%, says banking industry
Brits lost over £1bn to payment fraud in its many forms last year, according to the latest banking industry numbers Continue Reading
-
News
27 May 2025
Maturing UK fintechs increase tech and cyber security hiring
Increased hiring reflects that fintechs are maturing and now require more cyber security and compliance experts Continue Reading
-
Opinion
27 May 2025
Building resilient cyber threat intelligence communities
Cyber threat intelligence is no longer a luxury: intelligence sharing communities must mature, and there are many common lessons to learn. Continue Reading
-
Opinion
27 May 2025
Security vs. usability: Why rogue corporate comms are still an issue
A leak of information on American military operations caused a major political incident in March 2025. The Security Think Tank considers what can CISOs can learn from this potentially fatal error. Continue Reading
-
Opinion
27 May 2025
When leaders ignore cyber security rules, the whole system weakens
The US ‘Signalgate’ debacle is a case study in how security collapses when leadership treats basic rules as optional Continue Reading
-
E-Zine
27 May 2025
UK eVisa: Ethical or harmful?
In this week’s Computer Weekly, we examine the criticism being levelled at government proposals to use electronic visa data and biometrics to surveil migrants living in the UK. We also hear from a noted cyber pro about why he thinks the Computer Misuse Act is ripe for reform. And we find out everything there is to know about retrieval augmented generation architectures and how they can be used to infuse generative artificial intelligence (AI) into a business context. Read the issue now. Continue Reading
-
Feature
26 May 2025
What are the best practices for securing AWS tech stacks?
An AWS tech stack can aid business growth and facilitate efficient operations, but misconfigurations have become all too common and stall this progress Continue Reading
-
News
23 May 2025
Essex Police discloses ‘incoherent’ facial recognition assessment
An equality impact assessment of Essex Police live facial recognition deployments is plagued by inconsistencies and poor methodology, undermining the force’s claim that its use of the technology will not be discriminatory Continue Reading
-
News
21 May 2025
NCSC: Russia’s Fancy Bear targeting logistics, tech organisations
The NCSC and its partner agencies have blown the whistle on an extensive campaign of malicious cyber attacks orchestrated by the Russian state Fancy Bear operation Continue Reading
-
Podcast
21 May 2025
Podcast: RSA 2025 – AI’s risk surface and the role of the CISO
We review RSA 2025 with Vigitrust CEO Mathieu Gorge who looks at the impacts on compliance of AI’s expanding risk surface, the role of the CISO, and a changed supplier approach Continue Reading
-
Opinion
21 May 2025
UK Fraud Bill targets benefit claimants for mass surveillance
The UK government’s proposed Fraud Bill will disproportionately place millions of benefit claimants under constant surveillance, creating a two-tier system where people are automatically suspected of wrongdoing for seeking welfare Continue Reading
-
News
21 May 2025
Ransomware attacks dropped by a third last month
Reported ransomware attacks eased off during April following a dramatic spike in the first quarter of 2025 Continue Reading
-
News
21 May 2025
Strong fintech security posture at risk via third-party weak links
Despite having a strong security posture, the financial technology sector could be open to attack via third parties Continue Reading
-
News
20 May 2025
Dell unveils disaggregated infrastructure strategy
Dell makes push for disaggregated infrastructure, aiming to offer enterprises the independent scaling of three-tier architectures with the operational benefits of hyperconverged systems Continue Reading
-
News
20 May 2025
Hacking contest exposes VMware security
In what has been described as a historical first, hackers in Berlin have been able to demo successful attacks on the ESXi hypervisor Continue Reading
-
E-Zine
20 May 2025
Tackling the UK’s cyber threats
In this week’s Computer Weekly, we report from the National Cyber Security Centre’s annual update on the state of UK security and examine the emerging threats. The chief data officer of Standard Chartered bank discusses preparing for artificial intelligence. We also look at the networking implications of GPU-based AI datacentres. Read the issue now. Continue Reading
-
19 May 2025
UK at risk of Russian cyber and physical attacks as Ukraine seeks peace deal
UK cyber security chief warns of ‘direct connection’ between Russian cyber attacks and physical threats to the UK Continue Reading
-
Opinion
19 May 2025
Jump in cyber attacks should put businesses on high alert
Three principles to help businesses get on top of cyber security Continue Reading
-
News
19 May 2025
Gartner: Most firms not tapping cloud’s full potential
Organisations have not fully leveraged the full potential of cloud and must navigate emerging trends such as artificial intelligence, multicloud complexity and security perceptions to stay competitive Continue Reading
-
News
16 May 2025
No workaround leads to more pain for VMware users
There are patches for the latest batch of security alerts from Broadcom, but VMware users on perpetual licences may not have access Continue Reading
-
News
16 May 2025
Security tests reveal serious vulnerability in government’s One Login digital ID system
A ‘red teaming’ exercise to simulate cyber attacks on the government’s flagship digital identity system has found that One Login can be compromised without detection Continue Reading
-
Definition
16 May 2025
What is risk appetite?
Risk appetite is the amount of risk an organization or investor is willing to take in pursuit of objectives it deems have value. Continue Reading