News, Awards and Industry Recognition

By Nige Wilkinson, Cyberfort COO

The digital landscape is evolving at an unprecedented pace, and with this evolution have come increasingly sophisticated cyber threats. Last year alone cyberattacks on UK Critical National Infrastructure surged by a staggering 93%. This escalation has exposed systemic vulnerabilities within our current framework, particularly in areas where supply chains and digital infrastructures intersect.

The forthcoming UK Cyber Security and Resilience Bill is not just a legislative update but a fundamental reshaping of how Britain secures its critical infrastructure amid these mounting challenges.

Whilst our national digital backbone supports essential services across commerce, energy, transport and communication, it has also drawn increasingly resourceful and relentless attackers. A breach in one segment of the vast supply chain network can create a domino effect, raising the stakes for national security. This bill is a response to a clear and present need – to elevate our cyber defences through robust, agile, and interconnected strategies that reflect the critical nature of our modern digital ecosystem.

Key Provisions: 24-Hour Incident Reporting

At the heart of the new bill lies a mandate for 24-hour incident reporting. Under this requirement, any attempted or successful cyber breach must be reported within a day, ensuring that both government bodies and private sector entities can respond swiftly and cohesively. The rationale for this accelerated reporting is self-evident: the quicker a breach is flagged, the more effectively we can contain it and mitigate it.

This unprecedented reporting standard forces businesses to adopt a proactive stance. Instead of reactive measures that often come too late, organisations will be cultivating an environment where early detection and rapid communication are paramount. The result should be a more coordinated national response to cyber threats, reducing downtime and minimising potential damage when breaches occur.

Expanding The Regulatory Scope

One of the most transformative aspects of the Cyber Security and Resilience Bill is its expansive regulatory scope.

Previously, many companies operated under the assumption that they were beyond the reach of strict cybersecurity regulations. However, the new provisions extend mandatory regulatory oversight to thousands of additional businesses that were not traditionally bound by such requirements. Companies that were once beyond the regulatory radar will now be compelled to undergo rigorous cyber assessments, supply chain audits, and adhere to tighter incident reporting deadlines.

This shift represents a significant change in how cybersecurity is viewed across the business landscape: it is no longer solely an IT issue but a critical business imperative that demands the attention of boardrooms across the country.

Business Impact: Challenges & Opportunities

For many businesses, the sweeping changes introduced by the Bill might initially seem daunting. Organisations accustomed to operating under a less stringent regulatory framework will have to overhaul their existing practices quickly. Legacy systems that were never designed to cope with modern cyber threats could face significant challenges during this transition phase. Mandatory cyber assessments and accelerated incident reporting will undoubtedly create short-term compliance hurdles.

However, within these challenges lie substantial opportunities. Cybersecurity is fast becoming a key competitive differentiator. Companies that successfully navigate this regulatory shift will not only bolster their own security defences but also benefit from enhanced reputational standing.

In today’s market, where trust is an invaluable asset, a resilient cybersecurity posture can elevate a company’s profile significantly. Moreover, this new regulatory environment is likely to stimulate innovation within the sector, begetting new technologies, best practices, and a more dynamic approach to cyber defence that benefits everyone involved.

Preparation & Compliance: A Call to Action

The road to compliance with the new legislation demands immediate and strategic action from business leaders. It begins with a thorough reassessment of current cybersecurity policies, followed by a commitment to invest in upgraded risk management strategies. Organisations should prioritise investments in state of the art detection and response tools, ensuring that their systems are equipped to meet the accelerated reporting requirements stipulated by the Bill.

A critical component of this realignment is recognising that cybersecurity is not a one-off exercise but a continuous, evolving process.

Regular audits, ongoing training, and upskilling of staff are essential to building a resilient cyber culture within any organisation. As companies adopt these new measures, they’ll find that the rewards extend beyond mere compliance. A continuous commitment to strengthening cyber defences creates an environment of robust security, ultimately protecting the organisation’s reputation, customer trust, and long-term prosperity.

The Power Of Collaboration

In navigating these transformative changes, collaboration emerges as a linchpin for success. Internally, companies must break down silos, fostering clear communication channels across all departments to ensure that potential vulnerabilities are swiftly identified and remedied. Externally, forging alliances with industry peers and engaging with government bodies can provide valuable insights, pooled resources, and shared best practices that enhance overall security posture.

The Cyber Security and Resilience Bill reinforces the idea that cybersecurity is a collective endeavour. The challenges posed by modern cyber threats can be mitigated not through isolated efforts but through coordinated strategies that encompass both public and private sectors. By establishing and nurturing these collaborative networks, we can create an environment where every player contributes to a stronger, more resilient national defence infrastructure.

A Vision for the Future & A Call To Action

The introduction of the Cyber Security and Resilience Bill is a watershed moment for the UK’s digital defence strategy, signalling not just a tightening of regulations but a bold commitment to securing our national infrastructure against evolving cyber threats. This legislation is a decisive move to deter breaches and ensure rapid, effective responses when incidents occur, a dual strategy that addresses immediate risks while paving the way for long term stability.

Organisations that view this shift as more than a compliance burden and instead seize the opportunity to invest in the latest technology, enhanced protocols, and robust interdepartmental and industry-wide collaborations will ultimately gain a significant competitive advantage. The benefits extend beyond mere regulatory adherence; a proactive approach to cybersecurity builds trust with customers and partners while contributing to a resilient, agile digital economy.

By fostering a culture where continuous improvement, regular audits, and ongoing staff training are the norm, companies can not only protect themselves in the short term but also help position the UK as a global leader in cyber resilience.

As emerging technologies such as artificial intelligence and blockchain begin to complement these measures, businesses will discover additional innovative pathways to defend against threats. In embracing the Cyber Security and Resilience Bill, we are not just reacting to current challenges but rather actively shaping a safer, more efficient future.

This is an essential step towards building a digital Britain where enhanced vigilance, collaboration, and forward-thinking strategies secure our collective well-being for generations to come.

Read the article on Cyber Security Intelligence here: https://www.cybersecurityintelligence.com/blog/the-cyber-security-and-resilience-revolution-8768.html

By Rob Vann, Cyberfort CSO

When a company like Qantas an airline synonymous with safety suffers a high-profile data breach, the message is loud and clear: no brand is untouchable, and no data is sacred. But here’s the real problem: we’re still treating breaches as anomalies. They’re not. Breaches are now a guarantee, and the only variable left is how well or how catastrophically you respond.

The Qantas breach wasn’t just a failure of security; it was a failure of imagination, of preparation and resilience. If businesses don’t wake up now, they won’t just lose customer trust they’ll lose relevance. This is your blueprint for what to do when, not if, your defences fail and how to ensure your organisation doesn’t become the next cautionary headline.

Step one: Panic smart – not fast

When the breach hits, most companies do the same thing: go silent, scramble internally, and throw together a press statement that says, “We take your privacy seriously.”

Stop. That’s PR autopilot and attackers are counting on it.

What you need is speed with clarity. Assemble your breach response team legal, security, comms, compliance and ask the hard questions:

• What exactly was accessed?
• How long has it been going on?
• Is the attacker still inside?

The longer you pretend it’s “under investigation,” the more trust you lose. Transparency isn’t just a legal risk it’s a strategic advantage.

Consumers don’t wait to be told

If you’re a Qantas customer (or one of the millions watching nervously), don’t sit around for confirmation. Assume compromise until proven otherwise. Cybercriminals won’t wait for your email to arrive they’ll be monetising your data by tomorrow.

Verify the breach – don’t fall for the follow-up scam

Ironically, the breach itself often triggers a second wave of fraud. Phishing emails pretending to be from Qantas will flood inboxes, asking you to “verify your account” or “reset your details.” Never click on email links after a breach. Go directly to the company’s website or app. Trust your paranoia it might save your identity.

Check if you’ve been exposed – and act accordingly

Not all data breaches are created equal. A leaked email is annoying. A leaked passport number? That’s catastrophic.

Use monitoring tools like HaveIBeenPwned or sign up for dark web scanning through your bank or a cybersecurity provider.
For loyalty and travel accounts, scrutinise redemption histories and account logins. Flag anything out of pattern.
If ID documents were leaked, report them immediately and request replacements or fraud alerts with the relevant authorities.

The attackers won’t give you time to think. Don’t give them time to act.

Password resetting isn’t optional. It’s urgent.

Still using the same password you created in 2012? Then you’re part of the problem.

Qantas frequent flyer accounts are a prime target because people reuse those passwords everywhere – banking, email, e-commerce. One breach becomes many.

Your new password rulebook:

Unique for every site.
Long (at least 12 characters).
Random (not “Qantas123!” or your child’s name).
Managed with a password manager. You don’t have to remember 100 passwords – you just need to remember one good one.

Weak passwords don’t get guessed, they get cracked by bots running billions of combinations in seconds. If you’re still relying on “clever” variations, you’re already compromised.

Two factor authentication isn’t a luxury. It’s a minimum requirement

Two-Factor Authentication (2FA) is one of the simplest, most effective ways to stop account takeovers. So why aren’t more people using it?

Excuses like “it’s annoying” or “I don’t want to install another app” don’t hold up when your identity is at risk.

Here’s what to do:

Enable 2FA on every account that offers it—especially loyalty programmes, email, and banking.
Use an authenticator app (like Microsoft or Google Authenticator) -NOT SMS, which is easier to hijack.
Never share or screenshot your authentication codes. They’re like handing out keys to your digital kingdom.
Shop and travel smarter: Assume you’re being watched
Cybercriminals love predictable behaviours. Travel is full of them.
People use unsecured Wi-Fi in airports and hotels.
They receive dozens of emails from travel brands.
They’re often distracted, tired, or rushed -perfect conditions for phishing.

Consumer Tips:
– Don’t shop or log in to sensitive accounts over public Wi-Fi unless you’re using a VPN.
– Never use the same email/password combo across shopping and travel sites.
– Use disposable or virtual cards when booking trips or buying online.
– Set up bank alerts for any purchase or login activity.
– Treat every digital interaction while travelling like it’s under surveillance—because it probably is.

For businesses: prevention is dead. Resilience is everything.

Still thinking cyber “won’t happen to us”? Ask Qantas. Ask MOVEit. Ask anyone who’s had to face the cameras and say, “We’re investigating the incident.”

You don’t stop breaches with wishful thinking and legacy tools. You stop them with brutally honest assessments, relentless testing, and round-the-clock visibility. Three key steps all organisations should be taking in light of the Qantas breach:

1. Penetration testing – Simulate the breach before the real one hits

Static security reviews are useless in 2025. Attackers don’t use checklists, they use ingenuity. Your defences should be tested by people who think like them.

Use red teams to run real-world attack simulations to expose your blind spots, from credential stuffing to insider threats. If your internal team always passes the test, it’s not a test. It’s theatre.

2. Managed detection & response (MDR) – Eyes on everything, all the time

Breaches don’t announce themselves. Without MDR, you might not know you’ve been hit until your data is on the dark web. Market leading MDR platforms use AI to detect anomalies in real time, and expert analysts investigate alerts before they become incidents. Speed matters. Context matters more. If you’re relying on tools alone, you’re not covered, you’re exposed.

3. Secure cloud backups – Because ransomware doesn’t negotiate

When all else fails, your backup is your survival plan. But if it’s stored on the same network, with the same credentials, and hasn’t been tested in six months, you might as well not have one.

A proper backup strategy includes:

Isolated, encrypted cloud storage
Automated versioning
Disaster recovery plans that are rehearsed, not theoretical

If your board doesn’t know your RTO (Recovery Time Objective), ask why they still have a seat at the table.

Final word: The real breach is the illusion of control

Let’s stop pretending we can “prevent” all cyber-attacks. That ship has sailed. What separates survivors from casualties is preparedness, transparency, and relentless resilience. Qantas didn’t choose to be breached, but they did have a choice in how ready they were when it happened.

For consumers – assume you’ve been compromised and act accordingly. For businesses – build breach response into your DNA.

This isn’t about fear. It’s about facing reality. Cyberattacks are business attacks, and the cost of not evolving is far greater than the cost of change.

Because in today’s world, data protection isn’t just a duty, it’s your credibility.

Read the full September Edition of the Cyber Defense Magazine here: https://cyberdefensemagazine.tradepub.com/free/w_cyba180/prgm.cgi

By Glen Williams, Cyberfort CEO

AI isn’t just transforming industries; it’s disrupting the rules of engagement. In cybersecurity, it’s weaponised, decentralised, and accelerating faster than many businesses are prepared for. Organisations still relying on traditional, reactive defences aren’t just lagging behind – they’re becoming prime targets. The time for change is now.

The new era of cyber resilience demands a different mindset. One where AI isn’t just a buzzword in the boardroom, but a strategic imperative woven into operations, culture, and leadership. It’s no longer about “staying secure” – it’s about staying ahead. At Cyberfort, we believe too many businesses are sleepwalking into an arms race already well underway.

AI threats aren’t emerging – they’re already winning

Let’s put this plainly: AI-led attacks aren’t futuristic concepts. They’re happening now. And they’re working. Generative AI is being used to craft phishing emails that are indistinguishable from legitimate correspondence – down to tone, grammar, and visual branding.

We’ve seen real-world cases where attackers impersonated CEOs using deepfake audio to trick CFOs into transferring six-figure sums. AI-coded malware doesn’t just hide, it adapts, mutates, and learns how to beat your systems with each failed attempt. This isn’t theoretical. It’s operational.

If your security strategy is still focused on static detection rules and perimeter firewalls, you’ve already been outmanoeuvred. AI is giving attackers the ultimate unfair advantage: scale and believability. They don’t need to target millions anymore. They can tailor a single, highly effective attack that slips through every layer of your existing defences.

From cybersecurity to cyber resilience – predict, don’t just react

Traditional cybersecurity was built around the idea of reacting: block what you know, respond when you detect. But AI has shattered that model. Reaction is now too slow. The game has changed.

It’s not about “if” you’ll be breached. It’s about how quickly you can see it coming, how fast you respond, and how well you recover. That’s cyber resilience.

Organisations are increasingly adopting AI-powered threat prediction models to stay ahead of evolving cyber threats. Machine learning is being leveraged not just to flag anomalies, but to analyse behaviour over time – who is accessing systems, from where, and how usage patterns change. Effective systems trigger alerts both when activity appears malicious and when it deviates from expected norms.

AI serves as a force multiplier: it reduces noise, increases context, and enables human analysts to focus on the most critical signals. That partnership between human expertise and intelligent systems is essential. Without human intuition, AI can become just automated noise. But human teams without AI – that’s bringing a knife to a gunfight.

The workforce wake-up call: Reskill or risk everything

Let’s make one thing clear – you cannot AI-proof your business without an AI-ready workforce. And no, this doesn’t mean hiring a few data scientists and hoping for the best. It means retraining your entire organisation to operate in a world where seeing is no longer believing, and where digital deception is crafted by algorithms, not amateurs.

Forward-thinking organisations are not just investing in tools, but in their people. This means running deepfake drills, simulating audio impersonation attacks to test how staff respond under pressure – especially when the voice on the line sounds convincingly like their boss.

This isn’t about paranoia. It’s about preparation.

Inclusive, neurodiverse security teams are becoming increasingly important as skills like pattern recognition and lateral thinking are more valuable than ever. People who think differently often perceive threats differently. In cyber defence, seeing what others miss is everything. But here’s the kicker, unless leadership supports this change, meaningful change won’t happen. Which brings us to the next uncomfortable truth.

Leadership – Step up or step aside

The biggest obstacle to true cyber resilience isn’t legacy tech. It’s legacy thinking. Too many boards still treat cybersecurity as a cost centre. Something to insure against, or a compliance checkbox. Meanwhile, attackers are treating it as their primary attack vector.

We’ve seen clients turn this around, but only when leadership got serious. This happens when boards understand that breaches aren’t just technical failures, they’re strategic and reputational crises. When CISOs have a seat at the table, security becomes part of the business strategy, not an afterthought.

AI needs leadership buy-in. Not just funding, but vision. The organisations that will thrive will be those where the C-suite leads by example. They’ll learn how AI works, understand its risks, and champion a culture of security and experimentation. If your leadership team is “waiting to see where the regulations land,” you’re already two years too late.

Challenge everything: This is your mandate

The old rules? Rip them up.

“Train staff to look for spelling errors” – AI doesn’t make them.
“Trust what you see and hear” – deepfakes say otherwise.
“Patch and respond when attacked” – by then, the damage is done.

Challenge everything: your security playbook, your hiring model, your boardroom assumptions, your readiness. Cyber resilience isn’t a goal, it’s a posture – and in an AI-fuelled arms race, it’s your only competitive advantage.

We’re not just facing smarter threats; we’re facing faster ones. Businesses that embrace AI responsibly, retrain their teams radically, and lead from the top will win. The rest will spend the next five years in recovery mode. Technically secure, but reputationally wrecked.

AI isn’t just changing cybersecurity. It’s rewriting the rules of business survival. The question is: are you ready to lead, or are you waiting to follow?

Read the full article on The AI Journal here: https://aijourn.com/the-cyber-arms-race-has-changed-has-your-business/

Featuring Glen Williams, Cyberfort CEO

The world’s cyber battlefield is evolving — and the defenders are still adjusting their footing

In the first quarter of 2025, Kenya’s national cyber-intelligence centre detected an unprecedented 2.5 billion threat events — a figure that dwarfs even the region’s previous highs and reflects a new era of cyber risk. This explosive surge, confirmed by the Communications Authority of Kenya, represents more than a 200 percent increase on the prior quarter, with system vulnerability scans and automated attack traffic leading the rise. Far from being an isolated case, Kenya’s experience is a lens through which to view a rapidly shifting global threat environment.

What distinguishes this moment is the role of artificial intelligence — not as a future risk, but as a present and multiplying force on both sides of the cyber-arms race. Automation, generative-AI tooling, and adaptive attack strategies have compressed the traditional gap between initial compromise and major incident from weeks to mere days, sometimes hours. In practice, this means that what once took criminal groups months to plan and execute can now be launched and scaled almost instantly, making national borders nearly irrelevant.

As Camden Woollven, Group Head of AI Product Marketing at GRC International Group, observes: “What’s happening in Kenya is happening everywhere. Attack volume has exploded, not because there are more hackers, but because AI has made it easy to scale. You don’t need a team anymore. You just need a decent prompt.”

These patterns are not unique to Kenya. From Singapore’s financial sector to critical infrastructure in São Paulo, security teams are reporting similar surges, with AI-driven attacks accelerating the pace, scale, and sophistication of threat activity worldwide. The stakes are rising not only for those on the digital front lines in Nairobi, but for every organisation operating in a globally connected, AI-enabled economy.

The new offence

The dramatic acceleration in attack speed has become one of the defining features of the AI era in cybersecurity. Globally, the “dwell time” — the window between an attacker’s initial access and the deployment of a major payload like ransomware — has fallen from an average of sixty days just a few years ago to less than four days in 2024, according to leading incident response studies. In some documented cases, attackers are able to move from entry to lateral movement across an organisation’s network in under an hour, compressing the window for detection and response to near real time.

“Generative AI has put cybercrime on steroids,” says Glen Williams, CEO of Cyberfort. “What used to take hours now takes minutes. Phishing emails are no longer riddled with spelling errors, they’re polished, persuasive, and chillingly not only accurate, but aligned to the recipient. Deepfakes aren’t science fiction anymore; they’re being used today to bypass voice verifications and deceive finance teams. We’re seeing AI-written malware that rewrites itself in real time to stay ahead of traditional defences. The barriers to entry for cybercrime have collapsed. The result? An arms race where attackers are sprinting – and too many defenders are still tying their laces.”

Central to this shift is the proliferation of generative AI tools and automated “playbooks” that can generate phishing campaigns, malware variants, and social engineering scripts on demand. Malicious actors are increasingly leveraging AI-powered platforms to craft deepfake lures — voice, video, and even interactive chatbots — which make traditional employee awareness and technical filters far less effective.

As Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster University, explains: “The rise of generative AI has opened new vectors for cyberattacks, fraud and social engineering. Given the pace of AI development, attack methods have also evolved – making it a lot harder for traditional security measures to detect and mitigate threats. Polymorphic malware, for example, can now rewrite its own code to evade detection, slipping past conventional scanners unnoticed. In addition, AI’s ability to produce convincing text, code and even synthetic identities is streamlining phishing campaigns, automating malware creation and helping attackers scan networks for vulnerabilities.”

These synthetic identities are emblematic of the growing sophistication of fraud tactics being employed by malicious actors. “We’re now seeing synthetic identities that are entirely AI-generated – right down to fake biometric data – being used to pass onboarding and Know Your Customer (KYC) checks,” says Doriel Abrahams, principal technologist at Forter. “It’s not just about a stolen ID anymore; attackers are creating convincing digital personas from scratch. These aren’t one-off attempts either. They’re often part of coordinated fraud rings using generative AI to spin up large volumes of believable, seemingly legitimate users.”

Business email compromise (BEC) and targeted scams have also moved into a new league, blending deepfakes and automation at scale. Sergei Serdyuk, VP of Product Management at NAKIVO, highlights how the rise of “dark” LLMs is reshaping attacker tactics: “We’re seeing AI models like FraudGPT and WormGPT being actively used on the dark web to generate highly personalised, believable phishing emails, code for new malware, and instructions for exploiting vulnerabilities. These tools let attackers fine-tune their messaging and adapt in real time, making each scam more convincing than the last.”

And, as Jeff Sims, Senior Data Scientist at Infoblox, points out in a recent case, these capabilities are not just theoretical: “One of the most striking examples they’ve tracked involves a threat actor known as Reckless Rabbit. This group has been targeting Japanese-speaking users with fake investment schemes that incorporate AI-generated deepfake videos of public figures like Elon Musk and Masayoshi Son. These videos are embedded directly into fraudulent websites designed to mimic legitimate news outlets such as Yomiuri Shimbun. This campaign marks a shift from traditional text-based scams to immersive, multimedia deception. It’s a clear example of how generative AI is being weaponised to enhance the credibility and emotional impact of social engineering attacks.”

For businesses and institutions worldwide, the practical result is a daily environment where both the volume and effectiveness of digital attacks are rising — and traditional defences are no longer enough.

Read the article on Business Quarter here: https://businessquarter.substack.com/p/ais-global-cyber-arms-race?r=5lu7lt&triedRedirect=true

By Glen Williams, Cyberfort CEO

Just as the C-suite are familiarising themselves with this year’s cyber threats, it seems a bigger risk is looming on the cyber security agenda. A deeply concerning disconnect has emerged between cyber security board responsibilities and cybercrime reality that could lead to sub-standard cyber defences, successful data breaches, and worse.

Cyber threat levels remain high. In fact, the recent UK Government Cyber Security breaches 2025 report reveals that 43% of businesses and three in ten charities reported having experienced any kind of cyber security breach or attack in the last 12 months. With the stakes typically higher for SMEs with lower resources than their larger peers, the real question is: are CEOs and board directors truly aware of their cyber security responsibilities?

Cyberfort’s own customer research has highlighted that many UK businesses consider a Cyber Essentials Plus (CE+) certification sufficient to keep their organization secure and fulfil board requirements. In today’s dangerous cyber threatscape, where high-profile breaches have paralysed a business for several months, their views couldn’t be further from reality.

Beyond ignorance, it’s worth checking first if lagging in their responsibilities could be down to other underlying reasons.

Trending cybersecurity detachment at board level

The above Cyber Security Breaches Report also highlights that boards are reducing their specialist cyber security representation. Board level responsibility for cyber security at company director level has dropped 11% (from 38% to 27%) in the past four years. But with 72% of businesses responding to the survey stating that cyber security is a high priority, there is clearly a gap between board representation and cyber security reality.

From our customer interactions, we know there is often a disconnect between board level and the IT department in terms of cyber security responsibility understanding. This is likely the reason for the low average CISO tenure, estimated at 18–26 months according to the CISO Workforce and Headcount 2023 Report from Cybersecurity Ventures.

There is clear evidence of the need for information security representation at board level. Research by the World Economic Forum shows that organizations with strong executive involvement in cyber security are 400% more likely to repel or rapidly recover from attacks.

The CE+ certification’s limitations

One of the most glaring gaps in the belief that CE+ is enough to keep an organization secure is that it does not include a section on one of the most important tools for cyber survival: real-time threat detection and response. CE+ was never designed to protect organizations against advanced persistent threats (APTs), targeted attacks, or evolving techniques used by criminal groups.

While CE+ covers patch management, access control, malware protection, secure configuration, and boundary firewalls, it does not address critical areas such as:

Real-time threat detection and response

CE+ does not require the use of Security Operations Centres (SOC), Security Information and Event Management (SIEM) platforms, or Endpoint Detection and Response (EDR). These are the most effective ways to stop a breach in its tracks.

Phishing and social engineering resilience
According to the UK Information Commissioner’s Office (ICO), over 80% of successful cyber incidents begin with phishing, yet CE+ has no requirements around simulated phishing or awareness training beyond general advice. This is the only way of outsmarting social engineering attacks, where emails are highly personalised and appear to come from a known person.

Cloud and hybrid environment protection
CE+ still assumes a traditional network perimeter, ignoring many risks associated with modern SaaS, IaaS, and BYOD environments. The complexities of growing ecosystems are allowing vulnerabilities to grow.

Business continuity and incident response planning
Remarkably, there is no requirement under CE+ to prove you can recover from a ransomware attack or data breach. Planning for the worst is essential to fully understand potential risk.

Third-party and supply chain risk
As seen in the infamous SolarWinds breach, attackers often exploit vendors or contractors to access their targets. CE+ does not assess or govern these relationships, so it’s up to each business to connect with suppliers to discuss cyber defence policies and practices.

Costs and consequences of gaps in protection

If executive teams don’t go beyond CE+, they are taking serious risks. Relying solely on CE+ gives the entire business ecosystem a false sense of security, with huge consequences if a breach is successful.

Regulatory and legal exposure is a key consequence of a cyber breach, with hefty fines payable for non-compliance. The average ICO fine for a serious cyber incident in the UK was £153,722 in 2024, according to URM Consulting.

Secondly, the industry is calling for it. Insurers are tightening their requirements, with some major underwriters requiring evidence of 24/7 monitoring and incident response plans to maintain coverage. It’s also fast becoming a business requirement, with large clients demanding ISO 27001 or sector-specific certifications such as NHS DSPT or PCI-DSS to continue partnerships. Lacking parity with a prospect on cyber security diligence could be a deal-breaker.

The sheer scale of the risks of reputational and financial damage can’t be ignored. Businesses don’t always bounce back. In fact, Hiscox’s 2024 Cyber Readiness Report reveals that 47% of organizations struggled to attract new customers following a cyber attack.

The impact on business operations can be extensive, with far-reaching consequences. In 2024, the average ransomware incident led to 21–24 days of downtime and cost $2.73 million, according to NinjaOne.

Reasons for board directors to take action

Cyber risk is not something that directors can delegate accountability for, particularly when investors, customers, and regulators all expect board-level ownership of cyber resilience.

The c-suite must take action. As directors, they have legal duties under the Companies Act and UK GDPR. Ignorance is no longer a shield.

Threat actors are evolving faster than defences. The time to act is before a breach, not after. Cyber resilience is now a competitive differentiator, and clients, partners, and investors expect it.

The four key actions that business leaders must take

After understanding all this, there are four key actions directors must take to ensure their organizations start on the right path to becoming secure, resilient, and compliant:

Commission an independent cyber risk assessment that goes beyond Cyber Essentials Plus.
Invest in detection and response capabilities – whether in-house or outsourced
Adopt a recognised security framework such as the NCSC’s Cyber Assessment Framework, NIST CSF, or ISO 27001
Ensure board-level oversight of cyber risk through regular briefings, KPIs, and executive ownership.

CE+ onwards and upwards

Business leaders must embrace Cyber Essentials Plus as the beginning of a journey in cyber protection, not a goal. Wherever a business is in terms of cyber security maturity, there are always improvements to make. But by acting now, business directors can secure the business, protect stakeholder trust, safeguard customers and employees, and meet their obligations in an increasingly hostile threat landscape.

Read the article on Resilience Forward here: https://resilienceforward.com/cyber-essentials-plus-is-not-enough-uk-board-directors-must-take-action-for-holistic-cyber-protection/

By Glen Williams, Cyberfort CEO

With cybersecurity being a priority in every boardroom, SME business leaders are particularly pressurised, with lower budgets than their larger counterparts. Threat levels are high, with as many as 43% of businesses and three in ten charities experiencing some kind of cyber security breach or attack in the last 12 months.

Beyond resources, there could also be another key barrier to SMEs taking adequate cybersecurity action. It seems friction amongst leadership is creating a divide in business with lack of a CISO or cybersecurity representative at board level being common. This cavalier approach may leave companies wide open to successful breaches.

In fact, the UK Government Cyber Security breaches 2025 report reveals that board level responsibility for cyber security at company director level has decreased from 38% to 27% over the last four years. Despite almost three quarters (72%) of business respondents seeing cyber security as a ‘high priority’ it indicates a clear disconnect between the board responsibilities required and cyber security reality that puts the entire business at risk.

While security professionals are fluent in technical jargon or threat models, their business leader peers talk about bottom-line impact, and board-level implications. The effect on strategy is that critical security concerns may be downplayed, misunderstood or, at worst, ignored. This means keeping up with the latest strategies to counter threats is essential.

The risk of cybersecurity complacency at board level

With more CISOs stepping away from the boardroom, and in an increasingly active and intelligent cyber threatscape featuring ransomware and highly targeted social engineering attacks, it’s likely that their board director peers aren’t qualified to step up to the ownership of cyber security responsibilities.

AI-driven threats are introducing new challenges for the development of overall corporate security policy. AI requires a different approach to cyber security than the traditional cyber security methods employed. Security policies will need to be reviewed and revised on a regular basis, to ensure the safe and responsible use of AI within an organisation to protect its biggest assets – data and people.

Added to this, Cyberfort’s own customer research has revealed a concerning complacency – that many businesses consider a Cyber Essentials Plus (CE+) certification sufficient to keep their organisation secure and fulfil board requirements. With high profile breaches continuing to dominate the media agenda, this is a high-risk strategy.

Limitations of CE+

The cybersecurity needs of today’s business have superseded the Government-backed certification scheme launched in 2014, Cyber Essentials Plus (CE+), which was recommended as the minimum standard of cyber security for organisations. Although CE+ covers basic areas which might previously have been sufficient to counter cyber risks – patch management, access control, malware protection, secure configuration, and boundary firewalls – it lacks information on real-time threat detection and response, which is an essential tool for the earliest threat detection.

CE+ wasn’t designed to protect organisations against advanced persistent threats (APTs), targeted attacks, or any evolving techniques by criminal groups, which are so prevalent today. According to the UK Information Commissioner’s Office (ICO), over 80% of successful cyber incidents begin with phishing, yet CE+ has no requirements around simulated phishing or awareness training beyond general advice.

Costs and consequences of gaps in protection

There are some serious risks for SMEs investing in and relying on CE+ alone. To start with, there are hefty fines payable for non-compliance, with the average ICO fine for a serious cyber incident in the UK being £153,722 in 2024.

Insurers are also upping their demands, with some underwriters insisting on evidence of 24/7 monitoring and incident response plans to stay covered. Business partnerships are also becoming dependent on a company’s cybersecurity posture, with rising expectations of ISO 27001 or sector- specific certifications such as NHS DSPT or PCI-DSS compliance.

With significant risks and responsibilities to protect a business’ data and people, it is essential to have information security representation at board level. Research by the World Economic Forum shows that those organisations that have strong executive involvement in cybersecurity are 400% more likely to repel or rapidly recover from an attack.

The consequences of a breach in terms of reputational and financial damage can’t be ignored. Hiscox’s 2024 Cyber Readiness Report reveals that almost half (47%) of organisations struggled to attract new customers following a successful cyber attack. The costs and recovery time can also be extensive. In 2024, the average ransomware incident led to 21-24 days of downtime and cost $2.73 million, according to NinjaOne.

Five ways to elevate cybersecurity protection

In taking the following cybersecurity measures, SMEs will have the best chance of being protected in the event of a cyber attack:

Real-time threat detection and response – The use of Security Operations Centres (SOC), Security Information Event Management (SIEM) platforms, and Endpoint Detection and Response (EDR) are the most effective ways to counter a cyber attack.

Phishing and social engineering resilience – This is the only way of outsmarting social engineering attacks where emails are highly personalised and look like they are coming from a known person.
Cloud and hybrid environment protection – CE+ still assumes a traditional network perimeter, ignoring many risks associated with modern SaaS, IaaS, and BYOD environments. The complexities of growing ecosystems are allowing vulnerabilities to grow.
Business continuity and incident response planning – Almost unbelievably, there is no requirement under CE+ to prove you can recover from a ransomware attack or data breach. Inclident response planning is the only way to fully understand potential risk.
Third-party and supply chain risk – Attackers often access their targets through exploiting third party vendors or contractors. As CE+ does not assess or govern these relationships, it’s up to each business to engage with their supply chain to fully understand risk levels.

Key steps that cyber security leaders must take

To ensure a cohesive and effective cybersecurity strategy that can counter today’s cyber threats and stay compliant, information security decision-makers must take four key actions:

Ensure board-level oversight of cyber risk through regular briefings, KPIs, and executive ownership
Commission an independent cyber risk assessment that goes beyond Cyber Essentials+
Invest in detection and response capabilities – whether in-house or outsourced
Adopt a recognised security framework such as the NCSC’s Cyber Assessment Framework, NIST Cyber Security Framework(CSF) 2.0, or ISO 27001

Ensuring strategies align to today’s cyber threats

With AI introducing a new complexity to cybersecurity threats, business leaders must keep up with the latest tactics, such as advanced detection capabilities, to identify threats as they arise. This means going beyond CE+ and adopting new tools and measures aligned to their risk levels.

While CE+ is a strong starting point for SMEs, it’s not enough. Business directors and cyber security teams must unite to elevate their security approach and defend what’s theirs in an increasingly hostile threat landscape.

Read the article on SME Today here: https://www.smetoday.co.uk/technology/why-its-essential-smes-boost-security-measures-beyond-cyber-essentials/

28^th July 2025, Newbury

Cyberfort, announced today that it has joined Vanta, the leading AI trust management platform, Managed Service Provider (MSP) Partner Program, enabling partners to grow their business and deliver more value to their clients by transforming trust into a marketable advantage.

Vanta is the leading trust management platform that helps simplify and centralise security and compliance for organisations of all sizes. Over 12,000 companies including Atlassian, Duolingo, Icelandair and Ramprely on Vanta to build, maintain and demonstrate their trust, all in a way that’s real-time and transparent.

Cyberfort will be using the Vanta platform to supplement their market leading Governance, Risk and Compliance (GRC) consultancy services. The GRC services Cyberfort provides enables organisations to make sure they are compliant against key regulatory frameworks including ISO 27001, ISO 42001, DORA, GDPR, NIST CSF 2.0, and SOC2.

Glen Williams Cyberfort CEO commented

“Many organisations are facing skills gaps and effective process management challenges in relation to Governance, Risk and Compliance. With data protection regulations evolving, governance becoming more complex and security compliance with industry standards crucial to a business’s success, organisations need access to the right skills, platforms and processes. We are delighted to be partnering with Vanta. The Vanta and Cyberfort partnership brings together two experts in their field, with a perfect match that compliment each other’s services. The Vanta platform with its automations, integrations and prebuilt frameworks alongside our accredited consultants will enable our customers to efficiently manage Governance, Risk and Compliance processes both today and in the future.”

Elliot Goldwater, SVP of Sales and Partnerships, Vanta said

“We’re thrilled to welcome Cyberfort to our MSP Partner Program, which offers the fastest and simplest approach to continuous security monitoring and automated compliance for managed service providers”

“By putting Vanta’s market-leading AI trust management platform as the cornerstone of their security managed service offering, Cyberfort can expand their clients’ security while building their own competitive advantage.”

At the foundation of the MSP Partner program is Vanta’s trust management platform that simplifies and centralises security program management by providing full visibility into an organisation’s risk. Vanta enriches those findings with contextual data, and helps organisations remediate issues and track progress as a single source of truth for their security posture. Vanta’s MSP Partner Program features a multi-tenant management console, world-class partner support and flexible billing integration, making it seamless for partners to deliver value to their clients while scaling up their business. For more information about Vanta’s MSP Partner Program, visit: https://www.vanta.com/msp.

Vanta’s Service Provider ecosystem strengthens customers’ security posture by partnering with the most prominent virtual Chief Information Security Officers, managed security service providers, and advisory/consulting firms. With Vanta as their foundational tool, partners are able to offer an expansive breadth and depth of security offerings, increasing overall client satisfaction.

Cyberfort is an all-encompassing Cyber Security services provider. We are passionate about the cyber security services we deliver for our customers which keeps their people, data, systems and technology infrastructure secure, resilient and compliant. Over the past 20 years we have combined our market leading accreditations, peerless cyber security expertise, strong technology partnerships, investment in our future cyber professionals and secure locations to deliver a cyber security experience for customers which enables them to achieve their business and technology goals in an ever-changing digital world.

Featuring Glen Williams, Cyberfort CEO

Boards across the UK — and indeed the world — are under pressure to evolve for the digital age. But who’s leading the change?

There was a time when technology was treated as a support function — something for the CIO to handle, outside the boardroom and out of scope for most non-executives. That time has passed.

Digital transformation, cybersecurity, and artificial intelligence now sit squarely in the path of corporate strategy, and boards are being challenged to adapt. Investors, regulators, and risk committees are asking whether boards truly understand the technologies shaping their businesses — and whether they are capable of overseeing them responsibly.

Yet recent data paints a stark picture. Fewer than 15% of large UK companies identify a named board member or committee responsible for cyber oversight. Only 3% of new FTSE 350 non-executive director (NED) appointments in 2022 came from a cybersecurity background. And in a global Deloitte survey, just 14% of boards reported that AI appears on every meeting agenda.

For years, boards approached cyber risk as a technical or compliance issue — a matter for the IT function. That’s now shifting. “It is no longer just about reactively putting firewalls in place or ticking boxes for compliance,” said Glen Williams, CEO of Cyberfort. “The conversation has evolved to focus on proactive resilience — especially as AI has started to shape both the threat landscape and the potential solutions.”

This shift has revealed significant capability gaps. According to Spencer Stuart’s UK Board Index 2024, digital transformation experience is now one of the top three criteria in NED recruitment briefs — yet the talent pool remains limited. Heidrick & Struggles notes a growing demand for directors with operational tech expertise, rather than just plc credentials.

Williams is seeing that trend first-hand. “Boards want people who can challenge assumptions, ask the right questions of their executive teams, and provide insight when critical tech-related decisions are on the table,” he said. That includes directors with experience in cybersecurity, data governance, and cloud infrastructure — but also those with backgrounds in inclusive innovation and change leadership.

James Lei, COO at Sparrow, confirmed that boards are increasingly open to non-traditional candidates. “Non-executive director appointments increasingly prioritise candidates with strong backgrounds in technology, data science, and cyber governance,” he said. “Boards are becoming more open to recruiting beyond traditional public company executives, welcoming leaders from tech firms and startups who bring fresh perspectives and agility.”

Still, the pace of change has been uneven. “Some boards are fluid and adaptable,” said Ciaran Bollard, CEO of the Corporate Governance Institute. “Others are very prone to groupthink and traditionalism, and so will not actively seek to branch out into experience from tech or startups.”

Changing the game

One consequence of this shifting landscape is a redefinition of what it means to be “board ready.” Technical literacy, once a desirable add-on, is increasingly seen as a prerequisite. According to Odgers Berndtson, there has been a 60% rise in mandates for digital or cyber-risk NEDs across FTSE 350 and large private companies.

That change isn’t limited to new appointments. Many boards are investing in upskilling for existing members. The National Cyber Security Centre now offers a free governance training package for board use, while the Institute of Directors and CGIUKI have launched dedicated AI bootcamps. Major consultancies such as PwC and KPMG are also running board-focused modules on AI assurance and quantum-resilient cyber controls.

“Forward-thinking boards are doing both,” said Williams. “Upskilling existing board members is essential but so is bringing in fresh expertise that accelerates that learning and brings a different lens to the table.”

Bollard agrees that board learning and succession planning are central to bridging the capability gap. “Board committees are a very important aspect of ensuring expertise in particular areas like Risk and AI,” he said.

Despite growing awareness, many boards still struggle to manage digital risk at the right level. “Too many boards are still structured around models that were built for a different era,” said Williams. “AI in particular is not just a technological issue but presents a governance challenge that cuts across every committee — from audit to risk to strategy.”

Failure to adapt can have real-world consequences. When TSB suffered a catastrophic IT migration failure in 2018, an independent review found that the board lacked deep integration experience and relied too heavily on executive assurances. In 2023, Capita was hit with a ransomware breach that cost £25 million — and faced scrutiny for lacking a dedicated cyber-risk director. At the British Library, a cyberattack led to months of disruption after vulnerabilities in ageing infrastructure were left unaddressed.

The risk environment is growing more complex. “Cybersecurity is a dynamic industry where new threat vectors are appearing faster than ever,” said Sam Thornton, COO of Bridewell. “A continuous improvement and upskilling programme should be an ongoing requirement for individuals operating in the sector.”

That means rethinking oversight structures, too. Some boards are responding by establishing dedicated digital or risk committees. Tesco now operates a Technology & Data Committee at board level, chaired by an independent NED with a CIO background. NatWest recently elevated its Chief Digital & Data Officer to the main board. Rolls-Royce appointed a former Microsoft UK CEO to a newly created digital oversight role, folding cyber risk into its Safety and Sustainability Committee.

What boards should do next

For boards still catching up, several practical steps can help close the risk-readiness gap:

Conduct a digital skills audit of the board and its committees to identify critical shortfalls in oversight capacity.
Establish a formal responsibility for cyber, AI, or digital risk within an existing committee — or create a dedicated subcommittee.
Allocate recurring agenda time to technology risk, not just in response to incidents but as part of strategic oversight.
Invest in independent board training, such as the NCSC’s Cyber Governance Toolkit or specialist AI literacy sessions.
Engage with external advisors or digital non-executives who can provide challenge and independent perspective on technology investments and risk.

Each of these actions supports a more resilient, responsive board — one capable of meeting today’s risks and preparing for tomorrow’s.

What next-gen boards look like

These are not isolated moves — they point to a broader shift in what effective governance will require. Progressive boards are moving beyond token appointments and one-off workshops. They are rethinking structure, culture, and competence.

“Boards that embrace continuous learning, diverse thinking, and cross-functional collaboration will be much better placed to thrive in this new complexity,” said Williams.

Thornton notes that investor scrutiny is also playing a role. “Cyber budgets are coming under increased pressure and therefore the discussions around cyber risk are becoming more common place in the boardroom,” he said. That pressure, he suggests, is driving organisations to mature faster in their risk assessments and board-level readiness.

According to John Young, Principal Consultant at TSG Training, the most resilient boards are those that strike a balance. “Balancing these approaches helps boards maintain continuity while injecting the knowledge needed to navigate rapidly evolving digital landscapes,” he said.

Mehdi Paryavi, Chairman of the International Data Center Authority, takes a wider view. “Boards must be highly aware of risk management in creating and maintaining their data and digital assets,” he said. “Cybercrime and cyberterrorism today is not just about potential financial loss, but the real existential threat these attacks pose to all organizations.”

The challenge for UK boards is no longer awareness; it’s action. The technological landscape is evolving faster than most governance models were designed to handle. That makes structure, training, recruitment, and cultural adaptation all the more urgent.

“If the board cannot adapt,” said Bollard, “then its structure is not fit for purpose: plain and simple.”

For those willing to evolve, the opportunity is clear: to build boards not only fit for today, but ready for whatever comes next.

Read the article on Business Quarter here: https://businessquarter.substack.com/p/boardroom-skills-for-the-next-economy

Featuring Rob Vann, Cyberfort Chief Security Officer

What is malware as a service (MaaS), why is it so popular with adversaries, and what can businesses do to protect themselves from this growing threat?

Advanced attack capabilities are becoming accessible to almost anyone as adversaries offer platforms that can be used by cybercriminals with little expertise. A prime example of this is malware as a service (MaaS), an out-of-the-box solution similar to software as a service (SaaS) that allows even low skilled criminals to access tools to carry out sophisticated cyberattacks.

Over the last year, MaaS has been growing in popularity. Research shows there was a distinct surge in separate malware campaigns delivering the same payload in 2024, suggesting hackers are increasingly procuring tools from MaaS platforms.

Recent Darktrace research found the MaaS model was responsible for 57% of all cyber threats detected in the second half of 2024, up 17% from the first half of the year. Meanwhile, a report from WatchGuard reported an “astronomical surge” in malware threats in the third quarter of 2024, surpassing 420,000 – a 300% increase on the previous quarter’s figures and the largest quarterly rise it has ever observed.

So, what exactly is MaaS, why is it so popular with adversaries and what can businesses do to protect themselves against this growing threat?

MaaS – a subscription-based model

Much like SaaS, MaaS offers a subscription-based model. This sees technically skilled developers rent out malware to other cyber criminals, who use it for malicious purposes.

MaaS offers advanced capabilities to those lacking the technical expertise to develop the tools themselves, says Boris Cipot, senior security engineer at Black Duck. “This accessibility has driven rapid growth in the MaaS market, and it continues to expand at a significant pace.”

Because attackers no longer need to develop their own malware, the barriers to entry are much lower, says Nathaniel Jones, VP, security and AI strategy at Darktrace. “Criminals can operate attacks almost like a legitimate business, processing payments and creating subscription-based or one-off payment models.”

Like legitimate services, tools on offer also receive regular updates, incorporating plugins that exploit newly-discovered vulnerabilities.

MaaS offerings are extensive and can be “highly sophisticated and structured”, says Ian Porteous, regional director of security engineering and UK&I at Check Point Software. “Many include marketplace portals on the dark web, user-friendly interfaces for managing malware campaigns – and even technical support services.”

Another benefit of MaaS to cybercriminals is the anonymity it provides, with attackers able to use the malicious tools within the platform without revealing their identity or even operating under a specific name or group.

“Payments are often made via cryptocurrency, and with profit sharing, bonuses, promotions and other partner or associate benefits further confusing the financial transaction flows,” explains Rob Vann, CSO at Cyberfort.

It is also available relatively cheaply, depending on the package. Basic malware kits can typically be rented for around £80 ($108) to £400 ($543) per month, with more complex packages costing thousands. “Despite crackdowns, MaaS persists due to anonymized transactions on dark web marketplaces and evolving tactics that exploit weaker defences in vulnerable industries,” says Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster university.

AI-enhanced MaaS

The growth of MaaS is a concern on its own. But experts warn malware kits are getting better at what they do due to technology such as AI. This is enabling attackers to create “adaptive malware that can evade traditional security measures”, says Matt Riley, data protection and information security officer at Sharp UK and Europe.

For example, AI tools could generate payloads designed to fool antivirus and machine learning-based detection models, disguising true intent by masquerading as legitimate code, says Vann.

Porteous points to OpenAI’s February 2025 report. “This highlights how North Korean-affiliated actors have used ChatGPT to research cyber intrusion techniques, develop PowerShell scripts for automation, and debug code for remote desktop protocol attacks. Given these findings, it is highly likely that MaaS operators are leveraging AI in similar ways.”

One of the most immediate impacts of AI on cyber crime is its ability to generate more convincing phishing attacks, says Porteous. “Generative AI can create highly personalized phishing emails that lack the grammatical errors and other red flags that security professionals have traditionally relied on to detect scams. MaaS platforms can integrate AI-powered tools to automate and scale these phishing campaigns with unprecedented efficiency.”

In the future, AI could be used for marketing and sales, too. Although there is no real evidence of this yet, there are indications that marketplaces are starting to utilize AI to drive interactions between the most lucrative vendors and partners, says Vann. “We expect to see the use of AI to build and leverage strong MaaS platforms, establish reputations for payments, and select partner relationships, special offers and other promotions to continue to drive financial performance in this area of cybercrime.”

What should businesses do about MaaS?

MaaS is being used more widely than ever before and it’s easy to see why. With this in mind, businesses should ensure they are in a solid position to defend against attacks utilising the criminal model.

It starts with good cyber hygiene. Make sure you do the basics well, says Vann. “Ensure that you aren’t the softest target, enforce multi factor authentication (MFA) and make sure security tooling is up to date and functioning correctly.”

Meanwhile, train employees with real world examples of deepfakes, AI-crafted phishing emails and other advanced techniques, he advises.

Layered cybersecurity strategies are “crucial”, adds Curran. “Advanced endpoint protection with AI is key to stopping smart malware. If a system does become compromised, network segmentation can limit the spread.”

Email filtering solutions should be in place and a zero trust security model will ensure no user or device is automatically trusted, say Curran. Investing in cyber threat intelligence and “a solid incident response plan” will help organizations to detect and mitigate threats faster, Curran adds.

At the same time, Curran emphasizes the importance of regularly backing up critical data offline. “This will ensure a swift and seamless recovery when – not if – an organization is attacked. This can even avoid the need to pay a ransom when critical systems are required back online quickly.”

Regularly updating and patching software to close vulnerabilities is “another vital step”, says Riley. “Cybercriminals often exploit outdated systems, and without these updates, even the most sophisticated defences can be bypassed.”

Read the article on IT Pro here: https://www.itpro.com/security/malware/malware-as-a-service-explained-what-it-is-and-why-businesses-should-take-note

Featuring Glen Williams, Cyberfort CEO

The twist being that our rundown is based entirely on the views of 12 partner leaders

In a year in which cyber-attacks have begun piercing our daily lives, what have been the most potent and memorable incidents?

Who better to ask than a dozen leaders of MSSPs, consultancies and IT partners working on the front line of cybersecurity day in day out?

Whether it be the empty shelves and eyewatering losses at Marks & Spencer, or the tragic news last week of a patient death linked to an NHS attack, cybersecurity is now never far from the headlines.

At a government level, all eyes are now on cyber – cyber spending is a key component of new NATO plans to raise defence spending to 5% of GDP, while Australia this month introduced mandatory reporting of ransomware payments.

But what are the most signficant cyber-attacks of 2025 so far, and what implications does each have for how channel partners position their services?

Panel

Glen chose to speak about the Legal Aid Agency Attack

When: April

What happened?

The government initially became aware of a cyber-attack on the Legal Aid Agency’s online digital services on 23 April.

But on 16 May, it discovered the attack “was much more extensive than originally understood” and that the group behind it had accessed “a large amount of information relating to legal aid applicants”.

Three of our 12 panellists ranked this cyber-attack among the year’s most significant in the form of Chorus MD Nicola Saner, Cyberfort CEO Glen Williams and CyXcel Co-founder and COO Jano Bermudes.

“Investigations by the NCSC and NCA are ongoing, raising serious concerns about data privacy,” Williams said of his reasoning.

“Still early days for this one, but it’s eye catching due to the impact on the legal system in general, the scale of data stolen and the amount of time this may take to resolve,” Saner said when asked to justify her decision.

Channel takeaway

While investigations are ongoing, Saner claimed the cybersecurity industry can already glean some potential lessons from the cyber-attack.

“The implication for cybersecurity (again maybe not fully understood yet) seems to be a timely reminder about the risks of old and unpatched systems, a lesson well understood but again one which many organisations (especially in challenging financial times) struggle to deal with,” she said.

Read the full article on IT Channel Oxygen and find out what other panel members chose as their most significant cyber attack of 2025: https://itchanneloxygen.com/14-most-significant-cyber-attacks-of-2025-so-far-with-a-twist/11/