IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
16 Oct 2025
F5 admits nation-state actor stole BIG-IP source code
F5 discloses that a nation-state actor has stolen source code and unpatched vulnerability data for its widely used BIG-IP products, raising supply chain security concerns across the industry Continue Reading
-
News
15 Oct 2025
Obsession with cyber breach notification fuelling costly mistakes
The race to meet security breach notification deadlines is leading to staff burnout, destroyed evidence and a culture of blame, warns a Trend Micro risk and security strategist Continue Reading
-
News
07 Nov 2025
How Palo Alto Networks is leveraging AI
Palo Alto Networks CIO Meerah Rajavel explains how the company is using AI to sieve through 90 billion security events a day, and why security and user experience are two sides of the same coin Continue Reading
-
News
06 Nov 2025
Cisco beefs up secure AI enterprise network architecture
IT and networking giant builds on enterprise network architecture with systems designed to simplify operations across campus and branch deployments such as network configuration Continue Reading
-
News
05 Nov 2025
Darktrace: Developer tools under constant attack
Attackers are using automated tools to target development environments within seconds of them going live, warns Darktrace’s global field chief information security officer Continue Reading
-
News
05 Nov 2025
Dutch boardroom cyber security knowledge gap exposed
Cyber security governance professor warns that executives lack the capability to assess cyber threats in implementation approaches Continue Reading
-
News
04 Nov 2025
Ryt Bank taps agentic AI for conversational banking
Malaysia’s Ryt Bank is using its own LLM and agentic AI framework to allow customers to perform banking transactions in natural language, replacing traditional menus and buttons Continue Reading
-
News
04 Nov 2025
Nordic investors drive investment in region’s defence sector
Slush Startup in Helsinki will feature dual-use, defence and security events that bring suppliers together Continue Reading
-
Feature
04 Nov 2025
Is digital ID worth the risk?
The UK government’s recently announced digital ID scheme aims to curb the prospect of work for illegal migrants, along with claiming benefits for UK citizens and legal residents. However, are the threats to our personal data worth the risk? Continue Reading
-
News
04 Nov 2025
UAE Sovereign Launchpad begins nationwide roll-out with support from e& and AWS
The cloud infrastructure platform aims to strengthen digital resilience and regulatory compliance across government and regulated sectors in the United Arab Emirates Continue Reading
-
News
04 Nov 2025
Fewer data breaches in Australia, but human error now a bigger threat
Australian privacy commissioner warns that the human factor is a growing threat as notifications caused by staff mistakes rose significantly even as total breaches declined 10% from a record high Continue Reading
-
Opinion
03 Nov 2025
CISOs in court: Balancing cyber resilience and legal accountability
The Computer Weekly Security Think Tank considers the burdens and responsibilities that accompany the role of chief information security officer, and share guidance on how to navigate a challenging career path. Continue Reading
-
News
03 Nov 2025
CrowdStrike: Europe second only to North America for cyber attacks
Europe faces rising cyber threats from criminals and nation-states, according to CrowdStrike. Ransomware attacks now take just 24 hours, with 22% of global victims being European Continue Reading
-
News
31 Oct 2025
European governments opt for open source alternatives to Big Tech encrypted communications
European governments are rolling out decentralised secure messaging and collaboration services as they seek to reduce their reliance on Big Tech companies Continue Reading
-
News
31 Oct 2025
Cyber agencies co-sign Exchange Server security guide
US and allied cyber agencies team up to try to nudge users to pay more attention to securing Microsoft Exchange Server Continue Reading
-
Opinion
31 Oct 2025
Why asset visibility matters in industrial cyber security
Industrial organisations face rising operational security cyber threats. Asset visibility is vital for defence - without knowing what’s connected, organisations are risk blind Continue Reading
-
News
30 Oct 2025
Yubico bolsters APAC presence, touts device subscriptions
Yubico is hiring local teams in Singapore and pitching its subscription service to help enterprises secure employee access to corporate networks and applications Continue Reading
-
News
30 Oct 2025
US senators seek to prohibit minors from using AI chatbots
Two US senators have proposed legislation that would require AI chatbot companies to verify the ages of people using their chatbots, in attempt to limit their harmful effects on children Continue Reading
-
News
29 Oct 2025
Rapid7: Cyber defences stuck in the 1980s as threats mount
The company’s chief product officer notes that many defence tactics are still stuck in the past, urging organisations to adopt AI-driven security platforms to improve threat detection and response Continue Reading
-
Feature
28 Oct 2025
Pulling the plug: A way to halt a cyber attacker in your network?
Rumours of an organisation taking its systems offline during a cyber attack spurred conversation on the consequences of simply pulling the power, or internet access, to stop intruders. We consider the ethics and practicality Continue Reading
-
News
28 Oct 2025
Cisco and Splunk plot multi-year data fabric journey
Company leaders talk up their vision for the Cisco Data Fabric that will allow enterprises to gain insights about their IT infrastructure and security posture from machine data wherever it resides, from the network edge to the cloud Continue Reading
-
Opinion
27 Oct 2025
Use second-layer tools for AI safety
While some enterprises find it difficult to adopt AI, they can now use second-layer AI tools that enable businesses to implement the technology safely Continue Reading
-
Opinion
27 Oct 2025
Why layered resilience is the only true safeguard for SMEs
Real resilience doesn’t come from last minute panic once the storm has hit, it comes from layering defences through education, prevention, cure and – most importantly – recovery. Continue Reading
-
News
27 Oct 2025
BDO Unibank taps Zscaler to secure cloud migration
Zscaler’s deal with the Philippine bank comes as it is expanding its platform’s capabilities and footprint across Asia Continue Reading
-
News
24 Oct 2025
UK ramps up ransomware fightback with supply chain security guide
Multinational guidance, developed by the UK and Singapore, is designed to help organisations reinforce their supply chain against ransomware attacks Continue Reading
-
News
23 Oct 2025
Bereaved families call for public inquiry over suicide forum
The Molly Rose Foundation and families bereaved by suicide claim Ofcom and government departments have not taken effective action to deal with a forum promoting suicide Continue Reading
-
News
23 Oct 2025
Amid CISA cuts, US state launches first VDP
Legislators in Annapolis, Maryland, have teamed up with Bugcrowd to launch a statewide vulnerability disclosure programme Continue Reading
-
Opinion
23 Oct 2025
The US government shutdown is a wake-up call for cyber self-reliance
As the US government shutdown heads towards a second month, could the disruption to cyber security programmes be the impetus end-users need to pull themselves up by their own bootstraps? Continue Reading
-
News
22 Oct 2025
Singapore unveils efforts to govern agentic AI, prepare for post-quantum era
Guidelines and tools will help organisations in the city-state manage risks from AI agents and prepare for a future where quantum computers could break current encryption Continue Reading
-
News
22 Oct 2025
Building security and trust in AI agents
AI agents require standardised guidelines, clear human responsibility and a shared language between developers and policymakers to be secure and trusted, experts say Continue Reading
-
News
21 Oct 2025
New cyber resilience centre to help SMEs fend off cyber threats
Spearheaded by the Singapore Business Federation, the cyber resilience centre will equip SMEs in the city-state with cyber security capabilities to mitigate and recover from cyber attacks Continue Reading
-
News
20 Oct 2025
France’s Atos eyes UK public sector with investment in secure UK infrastructure
French IT services supplier invests in highly secure and accredited UK-based infrastructure Continue Reading
-
News
20 Oct 2025
Microsoft admonished for role in facilitating Gaza genocide
Following credible allegations that Microsoft Azure was being used to facilitate mass surveillance and lethal force against Palestinians, which prompted the company to suspend services to the Israeli military unit responsible, human rights organisations are calling for further action Continue Reading
-
E-Zine
16 Oct 2025
CW EMEA: Tech that buys time
The speed at which cyber crime evolves as criminals circumvent security is driving research and innovation in academia. The quality of deepfakes is improving, with artificial intelligence generating videos that are difficult to identify, and multiple tools are required to spot a fake. In this issue, we look at the Netherlands Forensic Institute and its research into the analysis of blood flow patterns in the human face, which deepfakes can’t imitate. Continue Reading
-
News
16 Oct 2025
Microsoft identifies boardroom cyber awareness as a top priority
Digital security report urges IT leaders to convince company boards that cyber security is a board-level problem Continue Reading
-
News
16 Oct 2025
Securing the AI era: Huawei’s cyber security strategy for the GCC
At Gitex 2025, Sultan Mahmood, chief security officer for Huawei Gulf North, outlined how the company supports GCC digital sovereignty, AI security, and enterprise cyber resilience Continue Reading
-
Blog Post
16 Oct 2025
Why Vodafone's outage shows up critical national infrastructure failings
Just days after Steve Knibbs, director at Vodafone Business Security Enhanced, wrote on the company’s website about the importance of securing UK business supply chains, the company’s customers ... Continue Reading
-
News
16 Oct 2025
F5 admits nation-state actor stole BIG-IP source code
F5 discloses that a nation-state actor has stolen source code and unpatched vulnerability data for its widely used BIG-IP products, raising supply chain security concerns across the industry Continue Reading
-
News
15 Oct 2025
ICO fines Capita £14m after ransomware caused major data breach
Outsourcing giant hit with £14m fine over 2023 cyber attack, but costs could rise as legal actions continue Continue Reading
-
News
15 Oct 2025
Obsession with cyber breach notification fuelling costly mistakes
The race to meet security breach notification deadlines is leading to staff burnout, destroyed evidence and a culture of blame, warns a Trend Micro risk and security strategist Continue Reading
-
News
15 Oct 2025
China responsible for rising cyber attacks, says NCSC
Ministers write to business leaders urging them to step up cyber security in wake of threats from ransomware and nation state-sponsored hackers Continue Reading
-
News
14 Oct 2025
NCSC calls for action after rise in ‘nationally significant’ cyber incidents
National Cyber Security Centre says businesses should take action now as the number of nationally significant cyber incidents doubles Continue Reading
-
News
13 Oct 2025
Court dismisses Apple’s appeal against Home Office backdoor
Investigatory Powers Tribunal rules that Apple’s appeal against a Home Office order to access encrypted data of Apple users world wide will no longer proceed. Continue Reading
-
News
13 Oct 2025
Thales: Trust in AI for critical systems needs to be engineered
Confidence in artificial intelligence capabilities that power critical systems must go beyond words and be built on a hybrid model that combines data with physics and logic to prove reliability, according to Thales’s chief scientist Continue Reading
-
Feature
13 Oct 2025
The importance of upgrading to the latest Windows operating system
Despite plans to make it the last major upgrade, Windows 10 was superseded by Windows 11, and now Microsoft support for Windows 10 has come to an end Continue Reading
-
Opinion
10 Oct 2025
Beyond the refresh: Your cyber strategy must include AI PCs
Viewing a PC refresh as part of security strategy helps build a more resilient and productive enterprise and is an opportunity to move beyond tactical upgrades to adopt a security-first hardware strategy for the AI era. Continue Reading
-
Opinion
07 Oct 2025
Why it takes 11 hours to resolve one ID-related cyber incident
A recent ESG study revealed it takes an average of 11 hours for enterprises to resolve a single identity-related security incident. How did we get here, and what do we need to do differently? Continue Reading
-
News
07 Oct 2025
Alert over Medusa ransomware attacks targeting Fortra MFT
Microsoft warns it is seeing potential mass exploitation of a Fortra GoAnywhere vulnerability by a threat actor linked to the Medusa ransomware-as-a-service operation. Continue Reading
-
News
07 Oct 2025
The Security Interviews: David Bradbury, CSO, Okta
Okta’s chief security officer talks security by default and explains why he thinks time is running out for the shared responsibility model Continue Reading
-
Opinion
07 Oct 2025
Building resilience in the cloud: Bridging SLA gaps and mitigating risk
The Computer Weekly Security Think Tank considers how security leaders can help assure access to the new and innovative cloud tech while minimising risk and ensuring they do not fall foul of regulators. Continue Reading
-
E-Zine
07 Oct 2025
Is the UK’s digital ID scheme doomed to fail?
In this week’s edition of Computer Weekly, we take a look at the government’s somewhat controversial plan to introduce a national, compulsory digital ID scheme. Ranil Boteju, chief data and analytics officer at Lloyds Banking Group, also runs us through how the financial services giant is planning to use agentic AI to improve the customer experience. In the third part of our buyer’s guide on cloud management and security, details about the plethora of security tools that exist for enterprises looking to manage their Amazon Web Services stacks gets the deep-dive treatment. And, in our final feature in the issue, we look at the evolution in mobile app technology within the retail space. Read the issue now. Continue Reading
-
News
06 Oct 2025
Police facial recognition trials show little evidence of benefits
In-the-wild testing of police facial recognition systems has failed to generate clear evidence of the technology’s benefits, or to assess the full range of socio-technical impacts Continue Reading
-
News
06 Oct 2025
Data sovereignty demand pushes Herabit to get S3 storage
Italian service provider gets Cubbit DS3 distributed S3 storage to provide up to 2PB of cloud services to customers demanding data sovereignty, while cutting costs by up to 50% Continue Reading
-
News
06 Oct 2025
Gartner: IT leaders need to prepare for GenAI legal issues
GenAI is being embedded into enterprise software. This has implications for governance and regulatory compliance Continue Reading
-
News
06 Oct 2025
UK government to consult on police live facial recognition use
The UK’s policing minister has confirmed the government will consult on the use of live facial recognition by law enforcement before expanding its use throughout England, but so far, the technology has been deployed with minimal public debate or consultation Continue Reading
-
News
05 Oct 2025
Nakivo expands Proxmox backup and DR capabilities in v11.1
Latest version of Backup & Replication adds MSP features, plus Proxmox VM backup functionality, while Nakivo responds to critical vulnerability it was tipped off about in February Continue Reading
-
News
01 Oct 2025
US government shutdown stalls cyber intel sharing
A key US law covering cyber security intelligence sharing has expired without an extension or replacement amid a total shutdown of the federal government, putting global security collaboration at risk. Continue Reading
-
News
30 Sep 2025
Apple’s first iOS 26 security update fixes memory corruption flaw
Apple issues an update for its brand new iOS 26 mobile operating system, fixing a potentially dangerous vulnerability affecting iPhones, iPads and other Mac devices Continue Reading
-
News
30 Sep 2025
Cloud provider publishes ‘tech sovereignty’ plan for UK
In the face of mounting data sovereignty concerns across Europe, UK cloud provider Civo lays out high-level plan for how the government can retain control and access of its data should the geopolitical situation sour Continue Reading
-
News
30 Sep 2025
Google unveils AI-powered security to trap ransomware attacks
The new security capability, available at no extra cost for most Google Workspace users, detects mass file encryption during ransomware attacks, stops the attacks from spreading and allows for restoration of files Continue Reading
-
News
29 Sep 2025
JLR tentatively restarts production, following £1.5bn government backing
Jaguar Land Rover is to resume car production after a £1.5bn government loan guarantee amid its cyber attack fallout. Debate is growing over the bailout and insurance Continue Reading
-
Opinion
29 Sep 2025
Why SLA gaps should not hinder cloud innovation
The Computer Weekly Security Think Tank considers how security leaders can help assure access to the new and innovative cloud tech while minimising risk and ensuring they do not fall foul of regulators. Continue Reading
-
News
26 Sep 2025
Over half of India-based companies suffer security breaches
Business supply chains, which include Indian companies, are at risk of attack as more than half of suppliers were breached last year Continue Reading
-
News
26 Sep 2025
Microsoft hides key data flow information in plain sight
Microsoft’s own documentation confirms that data hosted in its hyperscale cloud architecture routinely traverses the globe, but the tech giant is actively obfuscating this vital information from its UK law enforcement customers Continue Reading
-
News
26 Sep 2025
Okta CEO: AI security and identity security are one and the same
At Oktane 2025 in Las Vegas, Okta CEO Todd McKinnon describes AI security and identity security as inseparable as he tees up a series of agentic security innovations Continue Reading
-
News
25 Sep 2025
Netherlands establishes cyber resilience network to strengthen public-private digital defence
Network will connect organisations in a cyber crime defence initiative that goes way beyond information sharing Continue Reading
-
News
25 Sep 2025
Get HDD temperature right, or risk more drive failures
We talk to Rainer Kaese of Toshiba about the right temperature to run hard disk drives at. Not getting it right risks higher failure rates than what would normally be expected Continue Reading
-
News
24 Sep 2025
Oktane 2025: Okta takes aim at agentic AI governance gap
Identity specialist Okta is laying the groundwork for a number of incoming announcements designed to help its customers get to grips with the challenge of securing non-human, agentic identities. Continue Reading
-
News
24 Sep 2025
Salesforce shifts focus from AI models to agentic AI
Rather than being preoccupied with large language models, Salesforce is now focused on building AI agents, with an eye on achieving what it calls ‘enterprise general intelligence’ Continue Reading
-
News
23 Sep 2025
SolarWinds warns over dangerous RCE flaw
A newly uncovered RCE flaw in SolarWinds’ helpdesk product bypasses two previously issued fixes, and users should prioritise updates as exploitation is likely to occur Continue Reading
-
Opinion
23 Sep 2025
Rethinking identity in the age of AI impersonation
Trust in business has long hinged on human instincts but with the advent of deepfakes, it is becoming dangerous to assume too much. Continue Reading
-
News
23 Sep 2025
Jaguar Land Rover extends cyber attack-induced shutdown to October
Jaguar Land Rover is extending its production shutdown caused by the 31 August cyber attack into next month, as government ministers drop by and supply chain workers lose wages Continue Reading
-
News
23 Sep 2025
‘Our worst day’: The untold story of the Electoral Commission cyber attack
As head of digital at The Electoral Commission, Andrew Simpson’s mettle was tested when threat actors gained access to the regulator’s email systems and accessed sensitive voter data. Three years on, he tells his story to Computer Weekly Continue Reading
-
Opinion
23 Sep 2025
Digital ID risks turning UK into ‘Checkpoint Britain’
Keir Starmer is expected to announce plans for mandatory ID cards at the Labour Party Conference next week. It risks urging in an era of surveillance, digital check points, reliance on online systems, and the risk of data breaches. Continue Reading
-
Opinion
23 Sep 2025
How to fend off identity-based cyber attacks
Attackers are using legitimate credentials to walk through the front door and “live off the land”. True cyber resilience now depends on protecting identity, not just the perimeter Continue Reading
-
Opinion
22 Sep 2025
From breach to resilience: How the Electoral Commission rebuilt its cyber defences
The UK's Electoral Commission fell victim to a major cyber attack in 2022. Three years on, the organisation is reflecting on its experience and sharing the lessons it learned to help others improve their security resilience. Continue Reading
-
Feature
22 Sep 2025
Balancing IT security with AI and cloud innovation
Cyber security experts offer insights into how to manage service levels, potential lock-in clauses and security gaps in IT supplier contracts Continue Reading
-
News
19 Sep 2025
UK cyber action plan lays out path to resilience
A report produced for the government by academics at Imperial College London and the University of Bristol sets out nine recommendations to strengthen the UK’s cyber sector Continue Reading
-
News
19 Sep 2025
Pentera expands in APAC, taps AI to outsmart attackers
The penetration testing specialist is expanding its presence in the Asia-Pacific region and deploying AI-driven capabilities as it eyes acquisitions and a potential IPO Continue Reading
-
Feature
18 Sep 2025
Are AI agents a blessing or a curse for cyber security?
Agentic AI is touted as a helpful tool for managing tasks, and cyber criminals are already taking advantage. Should information security teams look to AI agents to keep up? Continue Reading
-
Feature
18 Sep 2025
The challenges posed by AI tools in education
Artificial intelligence tools to enhance productivity are being developed for use in multiple sectors, but are they sufficiently reliable for use in education or do they create other problems? Continue Reading
-
News
18 Sep 2025
Should you run VMware 7 unsupported?
In just a few weeks, VMware version 7 reaches end of life, which means Broadcom will no longer issue patches Continue Reading
-
News
17 Sep 2025
Firms urged to adopt risk-based data sovereignty strategy
Geopolitical uncertainty is forcing organisations to rethink where their data is located, but a full retreat from the public cloud is not the answer Continue Reading
-
Podcast
17 Sep 2025
Podcast: Data sovereignty and what you need to do about it
Patrick Smith, EMEA CTO of Pure Storage, talks about data sovereignty, what’s driving heightened interest in it, and how customers, the tech industry and states are preparing for it Continue Reading
-
News
17 Sep 2025
Google Cloud unveils open protocol for agentic payments
Google’s Agent Payments Protocol is an open standard developed with more than 60 global partners to create a secure standard for AI-driven transactions Continue Reading
-
News
16 Sep 2025
Exabeam: Treat AI agents as the new insider threat
As artificial intelligence agents are given more power inside organisations, Exabeam’s chief AI officer, Steve Wilson, argues they must be monitored for rogue behaviour just like their human counterparts Continue Reading
-
Opinion
16 Sep 2025
Cyber leaders must make better use of risk experts
The Computer Weekly Security Think Tank considers how security leaders can help assure access to the new and innovative cloud tech while minimising risk and ensuring they do not fall foul of regulators. Continue Reading
-
News
15 Sep 2025
Amnesty: AI surveillance risks ‘supercharging’ US deportations
Amnesty International says AI-driven platforms from Palantir and Babel Street are being used by US authorities to track migrants and revoke visas, raising fears of unlawful detentions and mass deportations Continue Reading
-
News
15 Sep 2025
Arqit to support NCSC’s post-quantum cryptography pilot
Quantum specialist Arqit will provide specialised post-quantum migration planning services to organisations preparing to address the imminent risks to traditional cryptography Continue Reading
-
News
15 Sep 2025
MI5 unlawfully monitored the phone of BBC journalist Vincent Kearney
The Investigatory Powers Tribunal heard today that the security service has conceded that it unlawfully monitored the phone data of former BBC Spotlight reporter Vincent Kearney Continue Reading
-
News
11 Sep 2025
Students an increasing source of cyber threat in UK schools
Insider threats arising from student activity now appears to be the chief cause of notifiable cyber or data breach incidents in Britain’s schools Continue Reading
-
News
11 Sep 2025
Chat Control: EU to decide on requirement for tech firms to scan encrypted messages
Law enforcement and police experts meet on Friday to decide on proposals to require technology companies to scan encrypted messages for possible child abuse images amid growing opposition from security experts Continue Reading
-
News
10 Sep 2025
Open source security and sustainability remain unsolved problem
While software bills of materials offer some transparency over software components, they don’t solve the imbalance between corporate consumption of open source software and the lack of investment in its security and health Continue Reading
-
News
09 Sep 2025
Splunk.conf: Splunk urges users to eat their ‘cyber veggies’
The dawn of AI-enabled cyber attacks makes it even more important for defenders to bring their A-game, particularly when it comes to getting the basics right Continue Reading
-
Opinion
09 Sep 2025
Lessons from Jaguar Land Rover: How can businesses prepare for cyber attacks?
A cyber attack at Jaguar Land Rover has halted production lines and caused widespread disruption. How can businesses protect themselves and mitigate the risks of such an attack? Continue Reading
-
News
08 Sep 2025
Splunk.conf: Splunk and Cisco showcase unified platform
With 18 months having elapsed since Cisco closed its acquisition of Splunk, joint platform capabilities and developments are being showcased at the annual Splunk.conf fair Continue Reading
-
Opinion
05 Sep 2025
SLA promises, security realities: Navigating the shared responsibility gap
The Computer Weekly Security Think Tank considers how security leaders can help assure access to the new and innovative cloud tech while minimising risk and ensuring they do not fall foul of regulators. Continue Reading
-
Opinion
03 Sep 2025
Bridging the SLA gap: A guide to managing cloud provider risk
The Computer Weekly Security Think Tank considers how security leaders can help assure access to the new and innovative cloud tech while minimising risk and ensuring they do not fall foul of regulators. Continue Reading
-
Feature
03 Sep 2025
Ethical challenges of LGBTQ+ data protection
America has rolled back data protection policies for the LGBTQ+ community, but what does that mean for the rest of the world? Continue Reading
-
News
02 Sep 2025
JFrog extends DevSecOps playbook to AI governance
The software security specialist is leveraging its capabilities in DevSecOps to address security, data provenance and bias in AI models Continue Reading
-
News
29 Aug 2025
ICO publishes summary of police facial recognition audit
The UK data regulator has released a summary of its facial recognition audit of two police forces Continue Reading
-
Feature
28 Aug 2025
AI and backup: How backup products leverage AI
We look at how AI helps with backup, from AI analysis of backup jobs and their integrity through natural language support functionality to ransomware and anomaly detection Continue Reading