Regulatory compliance and standard requirements
-
Opinion
30 May 2025
Rethinking secure comms: Are encrypted platforms still enough?
A leak of information on American military operations caused a major political incident in March 2025. The Security Think Tank considers what can CISOs can learn from this potentially fatal error. Continue Reading
-
News
30 May 2025
Dutch businesses lag behind in cyber resilience as threats escalate
While non-IT business professionals in the middle of their careers face the most disruption from AI, professionals in the IT services sector and their employers must prepare for change Continue Reading
-
News
01 Nov 2022
NCSC looks back on year of ‘profound change’ for cyber
The NCSC ramped up its support for UK plc in the past 12 months, but it was events beyond the UK’s borders that proved the most impactful Continue Reading
-
Opinion
31 Oct 2022
How to build consumer trust with a privacy-by-design approach
Undertaken with the right mindset and technology, privacy by design delivers value to consumers and builds trust for the long term Continue Reading
-
Opinion
31 Oct 2022
The risk of losing our EU data adequacy agreement is real
While some may welcome the government’s ambition to shake up the UK’s data protection regime, Westminster should be wary of drifting too far from the path charted by our US and European partners Continue Reading
-
News
31 Oct 2022
Cyber crime officer says French legal challenges to EncroChat are ‘hype’
Matthieu Audibert, officer of the French Gendarmerie’s cyber space command, gets into a spat with defence lawyers on Twitter over the lawfulness of evidence from the hacked phone network EncroChat Continue Reading
-
News
27 Oct 2022
NCSC’s Levy steps down after 20-year intelligence career
NCSC technical director Ian Levy bids farewell, telling his successor: ‘Don’t panic’ Continue Reading
-
Feature
27 Oct 2022
Will the OCSF create an open and collaborative cyber industry?
The Open Cybersecurity Schema Framework promises to transform security data analysis and collection, but there are challenges around adoption Continue Reading
-
News
27 Oct 2022
NHS to get new national CISO
The Department for Health and Social Care is seeking a new national CISO, who will be tasked with providing strategic cyber leadership, direction and expertise across DHSC and the wider NHS Continue Reading
-
News
27 Oct 2022
Medibank breach casts spotlight on data security
Health insurer Medibank Private recently suffered a major data breach involving the personal and health information of millions of customers, once again casting the spotlight on data security in Australia Continue Reading
-
News
27 Oct 2022
Santander calls for cooperation to tackle APP fraud
New report puts forward key recommendations that the banking sector, government and other industries could take to tackle authorised push payment fraud Continue Reading
-
News
25 Oct 2022
US authorities charge two Chinese spies over telco security probe
Two Chinese nationals have been charged with attempting to obstruct the criminal prosecution of a prominent Chinese telecoms firm Continue Reading
-
News
25 Oct 2022
Germany: European Court of Justice asked to rule on legality of hacked EncroChat phone evidence
Berlin’s Regional Court has asked the European Court of Justice to answer questions about whether the use of hacked EncroChat phone evidence complies with European law Continue Reading
-
News
25 Oct 2022
Global digital trust market to double by 2027
The global market for digital trust technology is expected to double to $537bn by 2027, up from $270bn today as demand for cyber security and other capabilities continues to grow Continue Reading
-
News
25 Oct 2022
Digital-first businesses more willing to accept some fraud
Companies founded in the past 20 years appear more willing to accept higher levels of fraudulent activity during the customer onboarding process, according to a report Continue Reading
-
News
24 Oct 2022
Complacency biggest cyber risk to UK plc, says ICO
Information commissioner John Edwards warns against complacency as his office issues a multimillion-pound fine to a building company that failed to prevent a ransomware attack Continue Reading
-
Feature
20 Oct 2022
What do the US’s new software security rules mean for UK organisations?
The White House announced recently that all software supplied to the US government and its agencies needs to be secure, so what does this mean for the UK and EU security sectors? Continue Reading
-
Definition
20 Oct 2022
compensating control (alternative control)
A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time. Continue Reading
-
News
20 Oct 2022
NatWest data breach whistleblower demands bank pay data controller fee to ICO
Whistleblower calls for NatWest to pay the Information Commissioner’s Office annual data controller fee, as the personal details of 1,600 current and former NatWest customers remain under her bed Continue Reading
-
News
20 Oct 2022
Singapore extends cyber security labelling scheme to medical devices
The Cyber Security Agency of Singapore is extending its cyber security labelling scheme to medical devices to encourage medical device manufacturers to adopt a security-by-design approach to product development Continue Reading
-
News
19 Oct 2022
Treat cyber crime as a ‘strategic threat’, UK businesses told
The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community Continue Reading
-
News
14 Oct 2022
Annual costs of Hackney ransomware attack exceed £12m
Hackney Council reveals new insight into the ongoing cost of a ransomware attack that devastated its systems two years ago Continue Reading
-
News
14 Oct 2022
Protecting children by scanning encrypted messages is ‘magical thinking’, says Cambridge professor
Ross Anderson argues in a rebuttal to GCHQ experts that using artificial intelligence to scan encrypted messaging services is the wrong approach to protecting children and preventing terrorism Continue Reading
-
News
13 Oct 2022
Dutch influence standards for post-quantum cryptography
Cryptology group at Dutch research institute is involved in the two primary algorithms of the next NIST portfolio comprising four new standards Continue Reading
-
News
12 Oct 2022
French Supreme Court rejects EncroChat verdict after lawyers question secrecy over hacking operation
France’s Supreme Court has sent a case back to the court of appeal after police failed to disclose technical details of EncroChat hacking operation Continue Reading
-
News
12 Oct 2022
ICO selectively discloses reprimands for data protection breaches
Data protection experts question ICO’s selective approach to publishing formal reprimands for contravening the law, after FoI request reveals the Cabinet Office was among the organisations reprimanded Continue Reading
-
News
10 Oct 2022
Ukraine and EU explore deeper cyber collaboration
A Ukrainian delegation has met with officials from the EU’s ENISA cyber agency to explore deeper cooperation on cyber security issues Continue Reading
-
News
07 Oct 2022
Australia to amend telecoms regulations following Optus breach
Amendments to Australia’s telecoms regulations are in the works to temporarily allow sharing of individuals’ identifier information between telcos and financial institutions Continue Reading
-
News
06 Oct 2022
EU rolling out measures for online safety and AI liability
The European Council has approved the passage of the Digital Services Act to protect people’s rights online, while the European Commission has announced proposals to help those negatively affected by artificial intelligence to claim compensation Continue Reading
-
News
06 Oct 2022
Proposals for scanning encrypted messages should be cut from Online Safety Bill, say researchers
Automatic scanning of messaging services for illegal content could lead to one billion false alarms each day in Europe Continue Reading
-
News
05 Oct 2022
Italian Supreme Court calls for prosecutors to disclose information on Sky ECC hacking operation
Italy’s Supreme Court says Italian prosecutors and police should disclose information on how they obtained intercepted messages from the Sky ECC cryptophone network Continue Reading
-
News
05 Oct 2022
Inside Dell Technologies’ zero-trust approach
Dell Technologies’ zero-trust reference model starts with defining business controls and having a central control plane that manages all the security aspects of an organisation’s infrastructure Continue Reading
-
News
04 Oct 2022
Tories to replace GDPR
IT industry reacts to the government’s plan to replace the pan-European data protection regulation Continue Reading
-
News
04 Oct 2022
France extradites Spanish EncroChat cryptophone distributors for complicity with organised crime
Three phone sellers have been extradited from Spain to France to face charges that they were complicit in the activities of criminal EncroChat phone users Continue Reading
-
News
03 Oct 2022
Security regulation cuts online payment fraud at 73% of retailers
New online payments security standard, Strong Customer Authentication (SCA), sees immediate fall in fraudulent payments to retailers Continue Reading
-
News
03 Oct 2022
CIO interview: James Fleming, Francis Crick Institute
Francis Crick Institute CIO discusses how Europe’s largest biomedical research institute has co-developed a framework for data sharing Continue Reading
-
News
29 Sep 2022
Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC
Russia has so far failed in its attempts to destabilise Ukraine through cyber attacks due to strength of Ukrainian, security industry and international efforts Continue Reading
-
News
29 Sep 2022
Optus breach casts spotlight on cyber resilience
The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia Continue Reading
-
News
28 Sep 2022
Whistleblower Peter Duffy calls for oversight of NHS records to prevent evidence tampering
A whistleblower has called for greater oversight in the handling of ‘safety-critical digital information’ across the NHS, in light of a number of cases that raise questions about data governance and record-keeping within the health service Continue Reading
-
News
28 Sep 2022
Data protection in Finland, four years after GDPR came into force
Data privacy has always been a big concern in Finland, so the country naturally has a lot to say about the General Data Protection Regulation four years on Continue Reading
-
News
26 Sep 2022
More than 30 startups to join Plexal’s Cyber Runway accelerator
Now in its second year, the Cyber Runway accelerator has been designed to support firms at various stages of growth, as well as help the cyber security sector to improve on its diversity, inclusion and regional representation Continue Reading
-
Opinion
23 Sep 2022
It’s time for engineering teams to own DevSecOps
It may seem counterintuitive, but maybe organisations should consider delegating responsibility for DevSecOps to engineering teams, not security teams, argues Elastic’s Mandy Andress Continue Reading
-
News
23 Sep 2022
NCA ‘deliberately concealed’ information when it applied for EncroChat warrants, tribunal hears
Investigatory Powers Tribunal hears that the National Crime Agency made ‘serious and fundamental errors’ Continue Reading
-
News
22 Sep 2022
Nordic private equity firms pursue cyber security acquisitions
Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets Continue Reading
-
News
22 Sep 2022
Privacy Pledge signatories dream of alternative internet
A group of privacy-focused organisations have come together to establish a set of principles for taking the internet back from big tech and surveillance capitalism Continue Reading
-
News
20 Sep 2022
Thousands of customers affected in Revolut data breach
Digital challenger bank has warned its customers to be vigilant after their data was exposed in a cyber attack Continue Reading
-
News
15 Sep 2022
New player pioneers ‘active cyber insurance’ for UK market
Arrival of US-based insurer Coalition in London will supposedly offer SMEs more options when it comes to cyber security insurance Continue Reading
-
News
15 Sep 2022
Organisations failing to account for digital trust
The vast majority of businesses are well aware of the importance of digital trust, yet very few have a dedicated staff role responsible for it, report finds Continue Reading
-
News
14 Sep 2022
Ex-CISA head Krebs: Disrupt ransomware support networks to win the war
Speaking at an event hosted by data protection specialist Rubrik, former CISA director Chris Krebs calls for the security community to work collectively to kick out the supports from under ransomware gangs Continue Reading
-
News
14 Sep 2022
DDoS attacks on UK financial sector surged during Ukraine war
A quarter of cyber security incidents reported to the Financial Conduct Authority in the first six months of 2022 involved DDoS, with a likely link to events in Ukraine Continue Reading
-
News
13 Sep 2022
Blancco works with charity to provide IT for African schools
Blancco is providing data sanitisation and erasure software to The Turing Trust so that old IT equipment can be securely reused by school children in Sub-Saharan Africa, instead of adding to world’s growing e-waste problem Continue Reading
-
Definition
12 Sep 2022
ISO date format
The International Organization for Standardization (ISO) date and time format is a standard way to express a numeric calendar date -- and optionally time -- in a format that eliminates ambiguity between entities. Continue Reading
-
News
12 Sep 2022
CISOs should spend on critical apps, cloud, zero-trust, in 2023
Faced with a global recession next year, security buyers should try to direct investment towards technology that protects customer-facing and revenue-generating workloads, say analysts Continue Reading
-
Opinion
09 Sep 2022
Security Think Tank: Adding trust to AppSec and DevSecOps
When building in trust and assurance into app development through standards, it is critically important not to stifle innovation Continue Reading
-
News
08 Sep 2022
NCSC CyberUK event heads to Belfast in 2023
National Cyber Security Centre’s annual CyberUK roadshow is crossing the Irish Sea to Belfast in April 2023 Continue Reading
-
Definition
08 Sep 2022
data integrity
Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so. Continue Reading
-
News
08 Sep 2022
Dutch cyber security organisations to join forces
Cyber security organisations in the Netherlands are going to merge into a single central expertise centre and information hub, which all organisations in the country will soon be able to tap into Continue Reading
-
Opinion
08 Sep 2022
Security Think Tank: Creating a DevSecOps-friendly cyber strategy
When slowing down is not an option, you need to find a security strategy that is DevSecOps friendly, says Airbus Protect’s Olivier Allaire Continue Reading
-
News
08 Sep 2022
India’s wake-up call on health data privacy
Health app developers and industry watchers in India are keeping an eye on data privacy following the reversal of the Roe vs Wade ruling in the US Continue Reading
-
Definition
07 Sep 2022
privacy compliance
Privacy compliance is a company's accordance with established personal information protection guidelines, specifications or legislation. Continue Reading
-
News
07 Sep 2022
Prince’s Trust teams with threat management specialist in skills push
Prince’s Trust hopes to address shortfall in cyber professionals and improve diversity in the industry Continue Reading
-
News
07 Sep 2022
Cyber threats to Europe’s grid: Utilities rethink strategy
The separation of operational and information technology at utilities across Europe is opening doors for cyber criminals Continue Reading
-
News
07 Sep 2022
Digital identity is key to coping with surge in air travel
The International Air Transport Association’s One ID digital identity initiative will pave the way for seamless air travel from curb to gate and help airports cope with growing passenger traffic Continue Reading
-
News
06 Sep 2022
Campaigners call on Truss to change UK’s archaic hacking laws
The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber pros from potential prosecution Continue Reading
-
News
06 Sep 2022
Saudi Arabian organisations choose to outsource to improve cyber security posture
Overwhelmed by rising threats and a growing number of government mandates, many organisations in Saudi Arabia are looking for outside help to take care of cyber security Continue Reading
-
E-Zine
06 Sep 2022
Out with the old at Asda
In this week’s Computer Weekly, we talk to Asda’s CIO, Carl Dawson, about the supermarket’s cloud-oriented renovation of its technology stack. We narrate the security woes at Twitter. And we examine best practices for data backup. Read the issue now. Continue Reading
-
Opinion
05 Sep 2022
Security Think Tank: Good procurement practices pave the way to app security
Application security is as much a question of good procurement practice as it is good development practice, says Petra Wenham of the BCS Continue Reading
-
News
01 Sep 2022
Local authorities experience 10,000 attempted cyber attacks every day
Local authorities across the UK face a daily deluge of cyber incidents, with phishing and DDoS attacks the most prevalent, according to an insurance broker Continue Reading
-
News
01 Sep 2022
Swedish Electronics Protection Act coincides with major cyber spend
Swedish cyber security law comes at a time of heavy government investment Continue Reading
-
News
01 Sep 2022
New (ISC)² cyber careers schemes go live
(ISC)² has opened up two new global cyber careers schemes to applicants to try to help organisations fill 2.7 million vacant roles worldwide Continue Reading
-
Opinion
01 Sep 2022
Security Think Tank: Effective DevSecOps requires collaboration
Application security and effective DevSecOps can only be achieved through collaboration with the business – the ultimate goal is to make it safer to do business, which requires considering integrated risk management and identity and access management alongside cyber security and application security Continue Reading
-
News
31 Aug 2022
Google debuts open source bug bounty programme
Google is calling on hackers to take pot-shots at its open source projects for the first time through a new vulnerability research programme Continue Reading
-
News
31 Aug 2022
Four years into GDPR, Norway hopes for safer data transfer to US
Much of the data on the internet ends up on US servers at some point, and that is not always compatible with the General Data Protection Regulation, says Norwegian data protection authority Continue Reading
-
News
30 Aug 2022
UK government presses on with new cyber rules for telcos
Government has finalised new security rules for telecoms companies and will move to make them binding in the near future Continue Reading
-
News
25 Aug 2022
CIOs: Geopolitics impacts your IT strategy
Research from analyst Gartner illustrates how geopolitics is influencing IT strategies Continue Reading
-
Podcast
25 Aug 2022
James Hatch, BAE Systems: Computer Weekly Downtime Upload podcast
We speak to the chief digital officer at BAE Systems’ Digital Intelligence business about the challenges of “digital” in high-trust organisations Continue Reading
-
News
25 Aug 2022
Security pros fret about stress and promotion over cyber attacks
CIISec’s annual report on the state of the security profession reveals some home truths for security leaders Continue Reading
-
News
24 Aug 2022
Alleged Twitter security failings spell trouble ahead
Twitter’s former security head, Peiter Zatko, has alleged a number of serious cyber failures at the social media platform, raising the spectre of investigations and sanctions Continue Reading
-
News
23 Aug 2022
NCSC shares cyber guidance for large infrastructure builds
Balfour Beatty and McAlpine are among the large construction firms to have input into latest NCSC guidance for ensuring the security of major infrastructure projects Continue Reading
-
News
22 Aug 2022
Lloyd’s to end insurance coverage for state cyber attacks
Lloyd’s of London has instructed its members to exclude nation state cyber attacks from insurance policies beginning in 2023, saying they pose unacceptable levels of risk Continue Reading
-
News
18 Aug 2022
It takes a breach to force boards to take notice of cyber, says UK government
Too often, it takes a major incident for business leadership to pay attention to cyber issues, according to a government-commissioned study of victims Continue Reading
-
Opinion
18 Aug 2022
Why you should start your post-quantum encryption migration now
Some say we have the best part of a decade to prepare for the security risks that quantum computing presents to current encryption tech, but PA Consulting experts believe that timeframe is shrinking dramatically Continue Reading
-
News
16 Aug 2022
Why organisations need to harmonise their CIO and CISO roles
Unless properly managed, conflicting responsibilities between the chief information officer and the chief information security officer can cause project delays and budget overruns, says Netskope’s Mike Anderson Continue Reading
-
News
15 Aug 2022
Lawyers and journalists sue CIA and Mike Pompeo over Assange surveillance claims
CIA and its former director sued over allegations that they authorised unlawful spying on US citizens when they visited WikiLeaks founder Julian Assange at the Ecuadorian Embassy in London Continue Reading
-
News
15 Aug 2022
Report reveals consensus around Computer Misuse Act reform
A study produced by the CyberUp campaign reveals broad alignment among security professionals on questions around the Computer Misuse Act, which it hopes will give confidence to policymakers as they explore its reform Continue Reading
-
News
09 Aug 2022
Cyber insurance getting harder to obtain
Organisations looking to shore up their security postures face more and more barriers to obtaining cyber insurance Continue Reading
-
News
05 Aug 2022
Reliance on PSN may have exacerbated cyber attack impact
As it seeks a new supplier to reinvigorate the migration away from the Public Services Network, the Cabinet Office says relying on the legacy network may be putting public sector bodies at heightened risk in cyber attacks Continue Reading
-
Opinion
05 Aug 2022
The dangers of the UK’s illogical war on encryption
The unintended consequences of the Online Safety Bill will have a dramatic effect on our ability to communicate securely, including in Ukraine, where it is needed most Continue Reading
-
News
04 Aug 2022
UK has biggest card fraud problem in Europe
Social Market Foundation calls on the UK to get a grip on its huge problem with bank card fraud in Europe Continue Reading
-
News
04 Aug 2022
SBRC to administer NCSC training across Scotland
The Scottish Business Resilience Centre has been awarded a £500,000 contract to extend cyber resilience training across more than 250 at-risk organisations Continue Reading
-
News
04 Aug 2022
Financial services regulator opens digital delivery centre in Leeds
The Financial Conduct Authority is increasing the number of tech experts in its workforce through a new digital delivery centre in Leeds Continue Reading
-
Opinion
04 Aug 2022
Reimagining ethical digital technology
With ever-increasing digitisation leading to greater dependence on a range of digital technologies, enterprises need to urgently look at how they can incorporate ethical and social considerations into the tech they develop Continue Reading
-
News
28 Jul 2022
NCSC startups scheme turns focus to operational technology, SME security
NCSC for Startups initiative turns its focus to supporting innovation around securing operational technology and addressing the challenges facing small businesses Continue Reading
-
News
27 Jul 2022
Consumers left out of pocket as security costs soar
As the average cost of a security incident reaches an all-time high of nearly $4.5m, an IBM Security study reveals how these costs are being passed on to ordinary people Continue Reading
-
News
27 Jul 2022
Cyber security training ‘boring’ and largely ignored
Two-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them Continue Reading
-
Opinion
27 Jul 2022
Security Think Tank: Don’t rely on insurance alone
Cyber insurance is a useful addition to the cyber protection toolbox. However, it cannot be regarded as a replacement for the controls that should be in operation, says Turnkey Consulting’s Tom Venables Continue Reading
-
News
26 Jul 2022
Secret court asked to quash a decade of MI5 surveillance warrants following ‘systemic breaches’
The culture at MI5 was to ‘prioritise’ missions ‘over everything else’, including compliance with safeguards designed to protect the public, the UK’s most secret court heard yesterday Continue Reading
-
News
25 Jul 2022
Home Office ‘unlawfully’ approved MI5 bulk surveillance warrants
MI5 provided ‘false information’ to the Home Office to secure bulk surveillance warrants, the Investigatory Powers Tribunal heard Continue Reading
-
News
25 Jul 2022
NCSC seeks community input for Cyber Advisor service
The NCSC is proposing to establish a new Cyber Advisor service to train up experts in security guidance, and is inviting interested parties to come forward Continue Reading
-
News
21 Jul 2022
GCHQ experts back scanning of encrypted phone messages to fight child abuse
Ian Levy, technical director of the NCSC, and Crispin Robinson, technical director of GCHQ, back client-side scanning software on mobile phones to detect child abuse Continue Reading
-
News
21 Jul 2022
Buy ‘plug-n-play’ malware for the price of a pint of beer
Three-quarters of malwares and almost 90% of exploits retail on the dark web for about £8.40 or less, according to a report Continue Reading
-
News
20 Jul 2022
(ISC)² expands entry-level cyber programme after UK success
Flush with success from a UK certification programme, reaching 100k in the UK, (ISC)² now wants to provide free security certification to a million people worldwide Continue Reading