Cyber Security

'More than a third of UK businesses unprepared for AI risks'

Despite recognising artificial intelligence (AI) as a major threat, with nearly a third (30%) of UK organisations surveyed naming it among their top three risks, many remain significantly unprepared to manage AI risk. Recent research from CyXcel, a global cyber security consultancy, highlights a concerning gap: nearly a third (29%) of UK businesses surveyed have only just implemented their first AI risk strategy - and 31% don’t have any AI governance policy in place. This critical gap exposes organisations to substantial risks including data breaches, regulatory fines, reputational harm, and critical operational disruptions, especially as AI threats continue to grow and rapidly evolve. CyXcel’s research shows that nearly a fifth (18%) of UK and US companies surveyed are still not prepared for AI data poisoning, a type of cyberattack that targets the training datasets of AI and machine learning (ML) models, or for a deepfake or cloning security incident (16%). Responding to these mounting threats and geopolitical challenges, CyXcel has launched its Digital Risk Management (DRM) platform, which aims to provide businesses with insight into evolving AI risks across major sectors, regardless of business size or jurisdiction. The DRM seeks to help organisations identify risk and implement the right policies and governance to mitigate them. Megha Kumar, Chief Product Officer and Head of Geopolitical Risk at CyXcel, comments, “Organisations want to use AI but are worried about risks – especially as many do not have a policy and governance process in place. The CyXcel DRM provides clients across all sectors, especially those that have limited technological resources in house, with a robust tool to proactively manage digital risk and harness AI confidently and safely.” Edward Lewis, CEO of CyXcel, adds, “The cybersecurity regulatory landscape is rapidly evolving and becoming more complex, especially for multinational organisations. Governments worldwide are enhancing protections for critical infrastructure and sensitive data through legislation like the EU’s Cyber Resilience Act, which mandates security measures such as automatic updates and incident reporting. Similarly, new laws are likely to arrive in the UK next year which introduce mandatory ransomware reporting and stronger regulatory powers. With new standards and controls continually emerging, staying current is essential.”

AI set to supercharge cyber threats by 2027

The UK’s National Cyber Security Centre (NCSC) has released a landmark cyber threat assessment, warning that rapid advances in artificial intelligence (AI) will make cyber attacks more frequent, effective and harder to detect by 2027. The digital divide between organisations with the resources to defend against digital threats, and those without, will inevitably increase.  Published on the opening day of CYBERUK, the UK’s flagship cyber security conference, the report outlines how both state and non-state actors are already exploiting AI to increase the speed, scale and sophistication of cyber operations. Generative AI is enabling more convincing phishing attacks and faster malware development. This significantly lowers the barrier to entry for cyber crime and cyber intelligence. Of particular concern is the rising risk to the UK’s democratic processes, Critical National Infrastructure (CNI) and commercial sectors. Advanced language models and data analysis capabilities are used to craft highly persuasive content, resulting in more frequent attacks that are difficult to detect.  Andy Ward, SVP International at Absolute Security, says, “While AI offers significant opportunities to bolster defences, our research shows 54% of CISOs feel unprepared to respond to AI-enabled threats. That gap in readiness is exactly what attackers will take advantage of." "To counter this, businesses must go beyond adopting new tools - they need a robust cyber resilience strategy built on real-time visibility, proactive threat detection, and the ability to isolate compromised devices at speed.” This latest warning forms part of the UK Government’s wider cyber strategy after announcing the new AI Cyber Security Code of Practice earlier this year. This will form the basis of a new global standard to secure AI and ensure national security keeps pace with technological evolution, safeguarding the country against emerging digital threats. For more from NCSC click here.

Cyber attacks drop by nearly 10%

Four in 10 (43%) of UK businesses and 30% of charities experienced cyber attacks or data breaches in the last 12 months, according to the latest Cyber Security Breaches Survey. While this marks a slight decrease from last year’s 50%, the threat level for medium and large businesses remains alarmingly high.  The average cost of the most disruptive breach was estimated at £1,600 for businesses and £3,240 for charities. The drop in incidents is attributed mainly to fewer small businesses reporting breaches – but government officials warn against complacency. With cyber threats increasingly targeting critical infrastructure, the UK Government is introducing the Cyber Security and Resilience Bill, compelling organisations to strengthen their digital defences. The survey found that 70% of large businesses now have a formal cyber strategy in place, compared to just 57% of medium-sized firms – exposing a potential gap in preparedness among mid-sized enterprises. There has been a notable improvement in cyber hygiene practices among smaller businesses, with rising adoption of risk assessments, cyber insurance, formal cyber security policies and continuity planning.  These steps are seen as essential in building digital resilience across the UK economy. However, the number of high-income charities implementing best practices such as risk assessments has declined. Insights suggest this may be linked to budgetary pressures, limiting their ability to invest in adequate cyber security measures. Sawan Joshi, Group Director of Information Security at FDM Group, comments, “Keeping banking systems online is becoming more challenging, and technology alone isn’t enough. Skilled IT teams are crucial for spotting risks early and responding quickly to prevent disruptions. Organisations need to invest in ongoing training so their staff can strengthen system defences and recover fast when issues arise. A mix of advanced monitoring, backup systems, and a well-trained workforce is key to keeping services running and maintaining customer trust.'" The Government has also confirmed that UK data centres are now officially designated as critical national infrastructure. This means they will receive the same priority in the event of a major incident - such as a cyber attack - as essential services like water and energy.

AlgoSec publishes State of Network Security Report

Global cyber security expert, AlgoSec, has released its annual The State of Network Security Report. The report provides a comprehensive and objective, vendor-agnostic analysis of today’s network security landscape by identifying key market trends, highlighting in-demand solutions and technologies, and detailing the most popular strategies being adopted by security professionals. The report identifies significant shifts in cloud platform adoption, deployment of firewalls and Software-Defined Wide Area Networks (SD-WAN), as well as Secure Access Service Edge (SASE) implementation and AI. Based on comparative findings from 2024 and 2025, AlgoSec’s research includes responses from security, network and cloud professionals across 28 countries and evaluates market leaders including Cisco, Microsoft Azure, AWS, Check Point, Palo Alto Networks and more. Key findings from the report include: • Security visibility gaps are driving a shift in security management - 71% of security teams struggle with visibility, which is delaying threat detection and response. The lack of insight into application connectivity, security policies and dependencies are proving to be a significant risk.• Multi-cloud and cloud firewalls are now standard – Businesses continue to adopt multi-cloud environments, with Azure becoming the most widely used platform in 2025.• Firewall and SD-WAN adoption grow despite complexity – Multi-vendor strategies make firewall deployment more challenging. In terms of customer base, Palo Alto Networks took the lead, but Fortinet’s NGFW is gaining traction. SD-WAN adoption jumped, with Fortinet rising from 19.1% in 2024 to 25.8% in 2025.• Zero-trust and SASE gain momentum – Zero-trust awareness is at an all-time high, with 56% of businesses fully or partially implementing it; though 20% are still in the learning phase. SASE adoption is also growing, with Zscaler leading at 35%, while Netskope has gained 15% market share.• AI and automation are reshaping security – AI-driven security tools are improving real-time threat detection, but implementation and privacy concerns remain a challenge. Automation is now critical, with application connectivity automation ranked as the top priority for minimising risk and downtime. “As businesses expand their digital footprints across hybrid and multi-cloud environments, securing network infrastructure has become a top challenge,” says Eran Shiff, VP of Product at AlgoSec. “We are seeing a major shift toward automation, orchestration and risk mitigation as key security priorities. Adoption of SD-WAN and SASE continues to rise, while awareness of AI-driven security and zero-trust principles is stronger than ever.” The full report can be accessed by clicking here. For more from AlgoSec, click here.

Datadog unveils plans for data centre in Australia

Datadog, a monitoring and security platform for cloud applications, today announced plans for a new data centre to be located in Australia. The data centre instance, which will be built on AWS, will be Datadog’s first in Australia and adds to existing locations in North America, Asia, Europe and AWS GovCloud. The Australian data centre will store and process data locally, creating sovereign capacity to help Datadog’s customers meet local privacy and security requirements and preferences. Datadog currently works with more than 1,000 organisations in Australia and New Zealand. This includes companies in the banking and financial services, retail and ecommerce, software-as-a-service and technology industries, with public sector, healthcare and higher education representing key expansion verticals. “As the ANZ Chief Technology Officer at Flight Centre Corporate, I am watching Datadog unite our entire technology ecosystem into a single pane of glass - transforming us from reactive to proactive and elevating outcomes for every level of the business,” says Grant Currey, Chief Technology Officer, Corporate ANZ at Flight Centre Travel Group. “With Datadog’s end-to-end observability, we can detect and address service quality across multiple business units. Ensuring we are proactively resolving issues before they become business critical for us,” adds Lisa Tobin, Group Executive, Technology at SEEK. “Australia is a high-priority market for Datadog; we already have a strong employee base in-region and aim to create new jobs across various practices this year,” explains Rob Thorne, Vice President for Asia-Pacific and Japan (APJ) at Datadog. “Datadog has experienced surging demand in Australia and New Zealand. Analysts forecast IT spend will reach AUD $147 billion [£70.7bn] this year, with cyber security, generative AI and cloud services to receive significant attention. We are poised to support this appetite for advanced digital capabilities across the private sector, alongside the Australian Government’s ambitions to become a top three digital government.” “We continue to invest in Australia and New Zealand, with the recent opening of our Melbourne office and the expansion of our teams there, as well as in Sydney and Auckland,” notes Yanbing Li, Chief Product Officer at Datadog. “Australian companies are innovating rapidly and rely on Datadog to support their continued cloud investments, digital transformations and AI projects. For businesses in highly regulated industries like healthcare and financial services, hosting data locally is critical - a need we’re addressing with this new data centre.” All existing Datadog products will be available with the new data centre, which is expected to open in the middle of this year. For more from Datadog, click here.

Industry experts react to World Backup Day

Today, 31 March, marks this year's World Backup Day, and industry experts say that it once again offers a timely reminder of how vulnerable enterprise data can be. Fred Lherault, Field CTO at Pure Storage, says that businesses cannot afford to think about backup just one day, every year, and predicts that 2025 could be a record-setting year for ransomware attacks. Commenting on the day, Fred says, “31 March marks World Backup Day, serving as an important reminder for businesses to reassess their data protection strategies in the wake of an ever-evolving, and ever-growing threat landscape. However, cyber attackers aren’t in need of a reminder, and are probing for vulnerabilities 24/7 in order to invade systems. Given the valuable and sensitive nature of data, whether it resides in the public sector, healthcare, financial services or any other industry, businesses can’t afford to think about backup just one day per year. “Malware is a leading cause of data loss, and ransomware, which locks down data with encryption rendering it useless, is among the most common forms of malware. In 2024, there were 5,414 reported global ransomware attacks, an 11% increase from 2023. Due to the sensitive nature of these kinds of breaches, it’s safe to assume that the real number is much higher. It’s therefore fair to suggest that 2025 could be a record setting year for ransomware attacks. In light of these alarming figures, there is no place for a ‘it won’t happen to me’ mindset. Businesses need to be proactive, not reactive in their plans - not only for their own peace of mind, but also in the wake of new cyber resiliency regulations laid down by international governments. “Unfortunately, while backup systems have provided an insurance policy against an attack in the past, hackers are now trying to breach these too. Once an attacker is inside an organisation’s systems, they will attempt to find credentials to immobilise backups. This will make it more difficult, time consuming and potentially expensive to restore.” Meanwhile, Dr. Thomas King, the CTO of global internet exchange operator, DE-CIX, offers his own remarks about the occasion. Thomas explains, “World Backup Day has traditionally carried a very simple yet powerful message for businesses: backup your data. A large part of this is 'data redundancy' – the idea that storing multiple copies of data in separate locations will offer greater resilience in the event of an outage or network security breach. Yet, as workloads have moved into the cloud, and AI and SaaS applications have become dominant vehicles for productivity, the concept of 'redundancy' has started to expand. Businesses not only need contingency plans for their data, but contingency plans for their connectivity. Relying on a single-lane, vendor-locked connectivity pathway is a bit like only backing your data up in one place – once that solution fails, it’s game over. “In 2025, roughly 85% of software used by the average business is SaaS-based, with a typical organisation using 112 apps in their day-to-day operations. These cloud-based applications are wholly dependent on connectivity to function, and even minor slow-downs caused by congestion or packet loss on the network can kill productivity. This is even more true of AI-driven workloads, where businesses depend on low-latency, high-performance connectivity to generate real-time or near real-time calculations. “Over the years, we have been programmed to believe that faster connectivity equals better connectivity, but the reality is far more nuanced. IT decision-makers frequently chase faster connections to improve their SaaS or AI performance, but 82% severely underestimate the impact of packet loss and the general performance of their connectivity. This is what some refer to as the 'Application Performance Trap' – expecting a single, lightning-fast connection to solve all performance issues. But what happens if that connectivity pathway becomes congested, or worse, fails entirely? “This is why 'redundant' connectivity is essential. The main principle of redundancy in this context is that there should always be at least two paths leading to a destination – if one fails, the other can be used. This can be achieved by using a carrier-neutral Internet Exchange or IX, which facilitates direct peer-to-peer connectivity between businesses and their cloud-based workloads, essentially bypassing the public Internet. While IXs in the US were traditionally vendor-locked to a single carrier or data centre, neutral IXs allow businesses to establish multiple connections with different providers – sometimes to serve a particular use-case, but often in the interests of redundancy. Our research has shown that more than 80% of IXs in the US are now data centre and carrier neutral, presenting a perfect opportunity for businesses to not only back up their data, but also back up their connectivity this World Backup Day.” To read more about World Backup Day, visit its official website by clicking here. For more from Pure Storage, click here. For more from DE-CIX, click here.

Genetec and TSP to unite at Data Centre World

Genetec has announced that it is joining forces with its Unified Elite partner, Total Security Protection (TSP), at Data Centre World in London for the fourth consecutive year. The duo will present their unified data centre security solutions, designed to meet the evolving security needs of the data centre industry. As data centres are now officially classified as Critical National Infrastructure by the UK Government, they require the same rigorous protection and oversight as the likes of energy grids and water supplies. This designation underscores the importance of robust physical and cyber security measures to mitigate potential threats. For more than a decade, Genetec and TSP have worked together to provide bespoke security solutions that safeguard facilities, ensure compliance, and maintain seamless operations for data centre clients. Their collaboration specifically offers a unified approach to data centre security through the deployment of Genetec Security Center, a unified platform which integrates video surveillance, access control, automatic number plate recognition (ANPR) and intrusion detection in a single interface. Backed by accreditations including NSI, ISO 27001, CAPSS 2023, and SOC II, their solutions meet both physical security and cyber security compliance standards. Genetec will be located at stand DC515 during the upcoming Data Centre World exhibition, taking place at London ExCel from 12-13 March 2025.

Industry experts comment on Data Privacy Day

With today (28 January) marking Data Privacy Day - an annual event seeking to raise awareness and promote privacy and data protection best practices - industry experts have marked the occasion by presenting a range of views on the latest trends and challenges that have arisen since last year's occasion. - Dr Ellison Anne Williams, Founder and CEO of Enveil, comments, “Data Privacy Day serves as a crucial reminder to safeguard sensitive information in an era where data dominates. As we navigate an increasingly interconnected world and transformative technologies such as AI grow their foothold in the digital economy, finding ways to protect data privacy and mitigate risk will be essential. “Privacy Enhancing Technologies (PETs) enable, enhance, and preserve data privacy throughout its lifecycle, securing data usage and allowing users to capitalise on the power of AI without sacrificing privacy or security. Organisations that truly prioritise data will incorporate PETs as a foundational, business-enabling tool that will fortify data-driven capabilities and enable data to be leveraged securely across silos and boundaries. “This year’s Data Privacy Day theme is ‘Take control of your data’, but that sentiment should not be limited to our personal data footprint. Businesses need to be proactive in their approach to data protection and commit to a future where PETs are woven into the very fabric of digital strategy. This will empower users to responsibly and securely harness innovative tools, such as AI and Machine Learning, in line with global regulations and compliance requirements.” - Edwin Weijdema, Field CTO EMEA & Cybersecurity Lead at Veeam, adds, “This year, Data Privacy Day seems a little different. With significant cyber security regulations coming into force around the world, most notably NIS2 and DORA, it feels like a lot has changed since we marked this day just 12 months ago. “And it has. We’ve seen corporate accountability given increasing weight when it comes to data resilience thanks to NIS2. It’s no longer a case of passing the buck – responsibility ultimately sits with the C-suite. Simultaneously, data resilience is shifting from a ‘cyber security requirement’ to a tangible business differentiator. At the moment, breaches and ransomware are still a ‘when’, not an ‘if’ - and I don’t see this changing. As C-suites become ever more aware, they’ll be demanding to see evidence of their organisation's data resilience, from their internal teams and any third-party partners. “Data Privacy Day is a good chance to reflect on how much can change in a year. After all, organisations can’t rely on markers like this to nudge them on the importance of data resilience - it needs to be a priority 365 days a year.” - James Blake, VP Global Cyber Resiliency Strategy at Cohesity, comments, "On Data Privacy Day, it's crucial to recognise that focusing solely on compliance will only lead to companies tying themselves in knots reacting to the swarm of active or planned regulatory requirements, as well as data legislation coming into force across multiple national and state jurisdictions. If we look at Germany alone as an example, there are 17 state laws on top of national and EU requirements. The most effective way to ensure data privacy compliance is by building robust and repeatable operational capabilities. This involves programmatically conducting comprehensive data audits to identify, categorise, and secure sensitive information. Implementing robust encryption protocols, including migrating to encryption methods resilient to emerging quantum computing attacks, is essential. Additionally, consider working with technology companies who can offer immutable data that can provide an extra layer of security, ensuring data cannot be altered or deleted, thus protecting against ransomware attacks, data breaches and the unnecessary financial loss accrued because of downtime. Appointing security champions in each business unit to educate their peers on tailored data privacy processes based on data classification levels is an important step. By embedding these practices, compliance with varying regulatory requirements will naturally follow." - Adrianus Warmenhoven, a cyber security expert at NordVPN, comments: “As debates continue over whether data, oil, or land holds the greatest value, in cyber security, the answer is unequivocal: data. Personal data, unlike physical assets, can be copied, stolen, or sold without leaving visible traces, creating significant financial and reputational risks. “Apps are a major culprit, often exposing sensitive information through excessive permissions, missed updates, or unauthorised data sharing. Keeping software current is not just a personal safeguard; it also helps protect your network of contacts from phishing attacks through outdated systems. The good news is that while it may seem like an uphill battle to get on top of your data privacy, it’s never been easier to manage how much you share.” To protect people’s privacy on apps, Adrianus offers these preventive measures: Always download apps from official stores - Unofficial apps may not check how safe it is before it is available to download, increasing the risk of modifications by criminals. Familiarise yourself with the data permissions required by apps - Head to your settings and review and adjust these permissions as necessary, particularly sensitive ones like access to your camera, microphone, storage, location, and contact list. Before downloading any app, read its privacy policy - Understand what information it will track and share with third parties. If the privacy level is unsatisfactory, consider an alternative. You can usually find this in the description on your mobile device’s app store. Limit location access only when using the app - It is difficult to justify why some apps need to know your location at all times, so do not give it to them. Avoid using social media accounts to log in, because doing so can allow unnecessary data exchange. Delete any apps you no longer use - This helps to prevent them from collecting data in the background. For more on data privacy, click here.

Palo Alto Networks partners with air transport expert

SITA, a specialist in air transport technology, has reached a significant agreement to partner with Palo Alto Networks, a global cyber security expert, to deliver comprehensive cyber security protection for mission-critical airports applications. As part of the agreement, Palo Alto Networks’ AI-powered cyber security platforms will be added into SITA’s CyberSecurity portfolio. SITA will provide the management and operation from its CyberSOC. The platform will safeguard access from remote sites, mobile workforce and airport assets such as check-in workstations, self-service kiosks, tablets, smartphones and baggage scanners, enabling smooth passenger flows whilst also avoiding downtimes and reducing turnaround times where efficiency of operations is a key priority. The partnership will focus on delivering advanced cyber security solutions (including Palo Alto Networks' Next Generation Firewalls (NGFW), Prisma SD-WAN Instant-On Network (ION) Devices, and Palo Alto Networks Prisma Access) to provide comprehensive network security, connectivity and cloud-based protection, all managed by SITA. This innovative development, called SITA Managed Security Service Edge (SSE) and consisting of Palo Alto Networks technologies, offers a complete suite of network security services (such as Secure Web Gateways, intrusion detection, threat intelligence, next generation antivirus or WildFire, DNS protection, SSL decryption and data loss prevention), all seamlessly delivered from Palo Alto Networks’ dedicated cloud platform. As a specialised subset within SITA’s Secure Access Service Edge (SASE) framework, SSE delivers robust and innovative world-leading security measures to protect digital infrastructure and implements the kind of advanced protection demanded by all CISOs and compliance authorities - including the National Institute of Standards and Technology (NIST) and ISO 27000. Martin Smillie, SITA Senior Vice President for Communications and Data Exchange (CDE), says, “The need to protect vital digital applications within the transportation industry has never been more acute, given the ever-evolving threat from cyber attacks. This agreement delivers industry-leading cyber security protection for our airport, airline and other customers, in mission critical areas of their operation. Managed by SITA CyberSOC, this combines Palo Alto Networks' best-in-class AI-powered, cloud native endpoint and application protection, all optimised and future-proofed to combat cyber threats.” Patricia Murphy, VP EMEA & LATAM Ecosystems at Palo Alto Networks, adds, “SITA has provided innovative answers for communications and data exchange to the aviation industry for the past 75 years, and is now expanding into other areas of transportation also. This partnership will begin a transformation of cyber security in the air transport industry, helping ensure that critical systems are protected with the most advanced cyber security platforms available - fostering a safer and more efficient environment for air travel worldwide.” Palo Alto Networks will help to provide the current and next generation of cyber security protection and software for SITA Secure Service Edge at mission-critical areas of aviation and other areas of transport. Palo Alto Networks leverages its Precision AI proprietary AI system to detect and outpace potential cyber threats, providing next-generation cyber security to thousands of customers globally across all industry sectors. Its platforms and services are supported by cutting-edge threat intelligence and state-of-the-art automation. For more from Palo Alto Networks, click here.

Tech leaders gather to discuss AI Opportunities Action Plan

Technology industry leaders gathered in London this week to discuss the government’s AI Opportunities Action Plan, launched by Prime Minister, Keir Starmer, earlier this week. The meeting, which took place on Wednesday at The Savoy Hotel in central London, saw digital experts discuss the implementation and practicalities of adopting the much-hyped initiative, which is backed by a £14bn investment and set to create over 13,000 jobs. Key attendees included Feryal Clark MP, Minister for AI and Digital Government, who summarised the government’s AI roadmap, and Steven George-Hilley, Founder of Centropy PR. Speaking at the event, John Lucey, VP EMEA North for Cellebrite, commented, “We’ve seen the importance of AI and digital policy this week with the launch of the AI Opportunities Actions Plan poised to position the UK as a global AI leader. Data will play a central role in Britain’s AI future, requiring comprehensive data management systems and data privacy protocols to ensure that AI is trained on trustworthy data and that data inputs don’t breach privacy laws. “In key sectors such as policing and defence, for example, organisations need to be able to trust AI systems to deliver accurate results in a safe manner, maintaining client confidentiality while automating manual processes to drive efficiencies. For AI to be truly successful, it will require investment in data practices and training.” Meanwhile, cyber expert, Andy Ward, SVP International for Absolute Security, stated, “As the UK positions itself as a global AI leader, it’s important that a security-first approach is taken to AI innovation and development to mitigate cyber risks. AI-powered threats are growing increasingly sophisticated, targeting sensitive data from public sector bodies and high-profile individuals, right the way down to small businesses. “Recognising these threats and building cyber resilience frameworks to protect critical IT systems can help organisations to remain operational in the face of threats, allowing them to push forward with innovative AI solutions while limiting potential risks.” Ben Green, Chief Revenue Officer at adCAPTCHA, observed, “The evolution and widespread adoption of AI is showing no signs of slowing down, requiring collaboration between the public sector and industry to shape the UK’s AI future. There’s no question of the benefits that AI can bring, but we must also be mindful of the risks, with trends such as AI-enabled bot attacks continuing to threaten businesses and drain marketing revenues through manipulating ad auctions. “Understanding the threats that AI could pose, as well as where it can be a vital solution, is crucial to the UK’s ambitious AI leadership.”