When The Help Desk Is The Threat
Old social engineering attackers never die; they just evolve and get better. Here’s a story of an attack group audacious enough to keep compromising infrastructure in plain sight, and advice ...
ISMS.online Blog
Compliance Matters
Keeping you up-to-date on the world of information security and compliance.
Shadow AI Is Already Inside Financial Services, Whether You Like It or Not
What can be done to regain control as the financial industry’s shadow AI issue gets worse? As tools such as OpenAI’s ChatGPT become ubiquitous, sha...
The King’s Speech 2026: How New Laws Will Impact Cybersecurity and Compliance
The state opening of parliament is an occasion filled with the kind of pomp and ceremony Britain still does better than any other country. What it’...
In the Spotlight
Catch up with the stories that have caught our eye this month
700Credit Breach: API Risks Put Financial Supply Chain Governance Under the Spotlight
What does the 700Credit breach show about the financial data system and supply chain risks, and what lessons can be learned? By Kate O’Flaherty In ...
Why Regulators And Investors Expect Companies To Address a Triple Risk
Organizations fret about security and privacy risk. And more recently, they’ve paid attention to AI risk. But how often do they think of all ...
What the LastPass Breach Tells Us About Compliance in 2026
The GDPR was always meant to be vague. By not listing prescriptive technical controls – as, for example, PCI DSS does – the regulation does a bette...
Healthcare AI Is Moving Fast, But Data Governance Is Struggling To Keep Up
How can healthcare organisations resolve gaps in trust and data governance to realise the full benefits of AI? By Kate O’Flaherty The healthcare s...
If Burnout Were a Security Risk, We’d Already Have Solved It
Cybersecurity and compliance have always been good at one thing: taking uncertainty and forcing it into structure. We take something abstract, thre...
Why the UK’s NIS Update May Mean Extra Work for In-Scope Organisations
The Cyber Security and Resilience Bill (CSRB) continues to make its way through parliament. But the end of a lengthy legislative process is slowly ...
The EU AI Act August 2026 Deadline Has Been Delayed: What it Means for Businesses
The EU AI Act deadline for mandatory compliance for high-risk AI of August 2nd, 2026, has been postponed. Measures in the newly passed EU Digital O...
How Can Security Teams Prepare for a Post-Mythos Future?
The cybersecurity industry may have just had its “ChatGPT moment”. Unveiled in early April, Anthropic’s new Claude Mythos Preview model has apparen...
Stay ahead of the headlines with the IO newsletter
Get a monthly round-up of all the information, privacy and cyber security news direct to your inbox.
From NIS2 to the Cyber Resilience Act: The “Product” Side of Governance
Organisations have spent years focusing on securing themselves. But as the Cyber Resilience Act (CRA) looms, the spotlight is shifting to the produ...
Mind The Gap: The Salesforce Incident And The Evolving Nature Of Cloud Risk
After ShinyHunters hacking collective took advantage of “overly permissive” Salesforce guest user configurations to access data from up to 400 orga...
How Agentic AI is Creating a New Class of Risk for Cybersecurity Teams
Artificial systems that can think and make decisions with little human input show both incredible promise – and concern – for cybersecu...
Popular Categories
Information Security
Cyber security
Data Privacy
Data Protection
ISO 27001
When The Help Desk Is The Threat
Old social engineering attackers never die; they just evolve and get better. Here’s a story of an attack group audacious enough to keep compr...
Shadow AI Is Already Inside Financial Services, Whether You Like It or Not
What can be done to regain control as the financial industry’s shadow AI issue gets worse? As tools such as OpenAI’s ChatGPT become ubiquitous, sha...
The King’s Speech 2026: How New Laws Will Impact Cybersecurity and Compliance
The state opening of parliament is an occasion filled with the kind of pomp and ceremony Britain still does better than any other country. What it’...
What’s in the New EU AI Act Code of Practice on Transparency of AI-Generated Content?
Many of the final provisions of the EU AI Act are set to come into effect in 2026. On August 2nd, the majority of the EU AI Act will apply to opera...
Atlas Air and the Supply Chain Problem: How Unproven Claims Create Real-World Risk
Ransomware group Everest’s claims it breached Atlas Air and its supplier Tsunami Tsolutions show how modern ransomware attacks are exploiting suppl...
Closing the Resilience Gap: Where the Government Says UK PLC Is Still Failing
Customers, boards and regulators are all in agreement. If cybersecurity breaches are impossible to prevent 100% of the time, the focus must be on i...
What the White House’s National AI Policy Framework Means For Compliance
The Trump administration’s release of a National AI Policy Framework in March strives to replace a tangle of state-level rules with a single ...
The Path of Least Resistance: Why Defence in Depth Is the Best Response to Cloud Threats
Threat actors are nothing if not resourceful. When they find that a particular pathway is blocked, they don’t give up. Instead, they simply search ...
Meeting the Data Use and Access Act with Confidence: Why the ISO 27001, 27701 and 42001 Loop Delivers
When the UK introduced the Data Use and Access Act (DUAA), much of the early commentary focused on the divergence it introduced. Was this a softeni...
