Security

'7% of organisations tackle vulnerabilities only when necessary'

A recent joint survey conducted by VDC Research, a technology market intelligence and consulting firm, and Kaspersky, a Russian multinational cybersecurity company, has highlighted an alarming trend: 7% of industrial organisations tackle vulnerabilities only when necessary. This leaves them exposed to unplanned downtime, production losses, and the reputational and financial damages that can result from possible cyber breaches. The study, entitled Securing OT with Purpose-built Solutions, illuminates the shifting landscape of cybersecurity within the industrial sector. Focusing on key industries such as energy, utilities, manufacturing, and transportation, their research surveyed over 250 decision-makers to uncover trends and challenges faced in fortifying industrial environments against cyber threats. A strong cybersecurity strategy begins with complete visibility into an organisation’s assets, allowing leaders to understand what assets need protection and to assess the highest risk areas. In environments where IT and OT systems converge, this demands more than just a comprehensive asset inventory. Organisations must implement a risk assessment methodology that is aligned with their operational realities. By establishing a clear asset baseline, organisations can engage in meaningful risk assessments that address both corporate risk criteria and the potential physical and cyber consequences of vulnerabilities. Recent survey findings reveal a concerning trend: a significant number of organisations are not engaging in regular penetration testing or vulnerability assessments. Only 27.1% of respondents perform these critical evaluations on a monthly basis, while 48.4% conduct assessments every few months. Alarmingly, 16.7% do so only once or twice a year, and 7.4% address vulnerabilities solely as needed. This inconsistent approach could leave organisations vulnerable as they navigate an increasingly complex threat landscape. Every software platform is inherently vulnerable to bugs, insecure code, and other weaknesses that malicious actors can exploit to compromise IT environments. For industrial companies, effective patch management is therefore crucial to mitigate these risks. That being said, studies reveal that many organisations encounter significant challenges in this area, often struggling to allocate the necessary time to pause operations for critical updates. Unnervingly, many organisations patch their OT systems only every few months or even longer, significantly heightening their risk exposure. Specifically, 31.4% apply patches monthly, while 46.9% do so every few months and 12.4% update only once or twice a year. These challenges in maintaining effective patch management are exacerbated in OT environments, where limited device visibility, inconsistent vendor patch availability, specialised expertise requirements, and regulatory compliance add layers of complexity to the cybersecurity landscape. As IT and OT systems increasingly converge, there is a pressing need to harmonise these traditionally disparate systems which have often relied on proprietary technologies rather than open standards. The challenge is further intensified by the rapid proliferation of Internet of Things (IoT) devices — ranging from cameras and smart sensors for asset tracking and health monitoring to advanced climate control systems. This explosion of connected devices broadens the attack surface for industrial organisations, underscoring the urgent need for robust cybersecurity measures.

'More than a third of UK businesses unprepared for AI risks'

Despite recognising artificial intelligence (AI) as a major threat, with nearly a third (30%) of UK organisations surveyed naming it among their top three risks, many remain significantly unprepared to manage AI risk. Recent research from CyXcel, a global cyber security consultancy, highlights a concerning gap: nearly a third (29%) of UK businesses surveyed have only just implemented their first AI risk strategy - and 31% don’t have any AI governance policy in place. This critical gap exposes organisations to substantial risks including data breaches, regulatory fines, reputational harm, and critical operational disruptions, especially as AI threats continue to grow and rapidly evolve. CyXcel’s research shows that nearly a fifth (18%) of UK and US companies surveyed are still not prepared for AI data poisoning, a type of cyberattack that targets the training datasets of AI and machine learning (ML) models, or for a deepfake or cloning security incident (16%). Responding to these mounting threats and geopolitical challenges, CyXcel has launched its Digital Risk Management (DRM) platform, which aims to provide businesses with insight into evolving AI risks across major sectors, regardless of business size or jurisdiction. The DRM seeks to help organisations identify risk and implement the right policies and governance to mitigate them. Megha Kumar, Chief Product Officer and Head of Geopolitical Risk at CyXcel, comments, “Organisations want to use AI but are worried about risks – especially as many do not have a policy and governance process in place. The CyXcel DRM provides clients across all sectors, especially those that have limited technological resources in house, with a robust tool to proactively manage digital risk and harness AI confidently and safely.” Edward Lewis, CEO of CyXcel, adds, “The cybersecurity regulatory landscape is rapidly evolving and becoming more complex, especially for multinational organisations. Governments worldwide are enhancing protections for critical infrastructure and sensitive data through legislation like the EU’s Cyber Resilience Act, which mandates security measures such as automatic updates and incident reporting. Similarly, new laws are likely to arrive in the UK next year which introduce mandatory ransomware reporting and stronger regulatory powers. With new standards and controls continually emerging, staying current is essential.”

‘Businesses sleepwalking into cyber catastrophe’

Security leaders have warned that ‘businesses are sleepwalking into a cyber catastrophe’ due to the rapid adoption of AI tools, alongside lacking privacy and ethics controls, amid a wave of recent high-profile cyber-attacks and data leaks. Arkadiy Ukolov, Co-Founder and CEO of Ulla Technology, a global HR platform, cautioned that many businesses are putting their data at risk by rushing off to use third-party AI tools as the main system to streamline operations. The ongoing fallout from the M&S cyber-attack, alongside other major hits against Co-op, Dior, and Harrods, has highlighted the severity of data risks and how data is protected, forcing security teams to re-evaluate their protocols. Speaking from the Viva Technology event in Paris, Arkadiy says, “Data breaches and cyber threats are relentless so it’s vital that industries such as HR, law, government, and beyond are securing every aspect of their technology stack to protect their data. Unfortunately, the speed of AI adoption means that many businesses are sleepwalking into a cyber catastrophe, leaving critical gaps in their data protection processes and putting both sensitive internal and customer data at risk. “Even in an area such as meeting transcripts, there are sensitive conversations around company financials or workplace policy updates that cannot be exposed, requiring privacy-first collection and storage methods for data to protect against a breach. Understanding the risks and putting in place enterprise-grade security and data privacy can help businesses better guard against these risks, even with the added exposure from AI.” Viva Technology, hosted this year between 11 and 14 June in Paris, is Europe’s largest startups and technology event, attracting over 150,000 attendees and 11,000 startups each year. Key themes this year include the pace of AI innovation, regulation, the importance of human control, vertical industry applications for AI, and data security.

FFT chooses Keepit for data backup

Keepit, a global provider of a cloud backup and recovery platform, today announced that it has been selected by the French Tennis Federation (FFT) to independently backup its Microsoft 365, Microsoft Entra ID, and Power BI data. The FFT chose Keepit as a sovereign backup solution, independent of major global cloud providers. The company is Danish and controls its entire hosting chain by operating its own cloud and data centres across Europe, the UK, Canada, Australia, and the US. Keepit's architecture reportedly met the FFT's requirements of security, independence, and business continuity. "Until three years ago, we had no backup solution for our cloud environments. My objective was clear: to identify a European service provider guaranteeing maximum independence", says Franck Labat, Technical Director at FFT. “Beyond this initial requirement, Keepit was able to meet additional needs that we hadn't anticipated: centralised, traceable archiving of PST files, unified management of all our data via a single platform, and, more recently, seamless integration of our directory as part of our complete migration to Entra ID.” The FFT, headquartered at Roland-Garros stadium, organises, coordinates, and promotes tennis for over 8,000 clubs throughout France. The FFT's operations also involve the management of a large number of seasonal employees as part of its event-driven activities, generating significant data flows to be processed and restored. To ensure consistent monitoring, the company needs to be able to recover data from people who have left, sometimes after short assignments, in order to pass it on to managers. The collaboration began in 2022, alongside SCC France, a partner of the FFT for over 15 years, with the initial aim of safeguarding Microsoft 365 environments. Since then, the partnership has gradually expanded to include Power BI and Microsoft Entra ID. FFT now plans to integrate any new Microsoft solution it adopts into the Keepit ecosystem. “We are particularly proud to have led this project alongside our partner SCC, offering the FFT an independent cloud backup and recovery platform that is simple to deploy and administer,” says Cyril VanAgt, Vice President Channel EMEA at Keepit. “We remain fully committed to supporting the next steps in the evolution of its cloud and Microsoft environments.” For more from Keepit, click here.

House of Lords AI summit highlights cyber threats

Technology industry leaders gathered in the House of Lords yesterday for a high-profile debate on the transformative role artificial intelligence (AI) will play in the UK jobs market. The discussion, chaired by Steven George-Hilley of Centropy PR, brought together experts to address key industry challenges, including the digital skills shortage and AI’s potential to enhance compliance and accelerate digital transformation across key areas of the UK economy. The debate highlighted the growing role of AI in reshaping traditional job roles and powering a new wave of relentless cyber threats which could damage British businesses. Key speakers, including Richard Cuda of Kasha, discussed the role AI and digital technology can play in helping entrepreneurs launch their own business. Leigh Allen, Strategic Advisor, Cellebrite, says, "In a world where police forces are under increasing strain to combat crime and national security threats, AI technology represents a key enabler in unlocking digital evidence and significantly reducing investigation times. Cellebrite delivers secure, ethical access to digital evidence, using AI to accelerate investigations while closing the digital skills gap for modern law enforcement. We don’t just respond to digital threats—we equip agencies to lead with confidence in a complex, tech-driven world." Dr Janet Bastiman, Chief Data Scientist, Napier AI, comments, "Financial crime is one of the biggest threats facing the UK economy right now, and in AI we have the answer. AI-driven anti-money laundering solutions have the capacity to save UK financial institutions £2.2 billion each year, helping to bolster compliance processes, improve the accuracy of transaction screening, and monitor transaction behaviour to more effectively identify criminal networks." Linda Loader, Software Development Director, Resonate, suggests, "AI has the potential to significantly enhance operations in the rail industry by enabling faster and more efficient services. But this must be underpinned by quality data to drive innovative solutions that prioritise security and robust protection for our critical national infrastructure. By exploring smaller AI use cases now, we can build a solid foundation and understanding for more extensive, secure transport applications in future." Chris Davison, CEO, NavLive, mentions, "By using cutting edge AI and robotics technology to create automated 2D and 3D models of buildings in real time, we can make retrofits, brownfield developments more efficient and contribute to sustainable building practices. NavLive saves architects, engineers and construction professionals time and money, by providing accurate real time spatial data across the lifecycle of a building." Richard Bovey, Chief for Data, AND Digital, states, "The AI winners are the businesses that have invested the most in AI experimentation, underpinned by years of strong data foundations, meanwhile, SMEs are quickly watching a widening AI gap. But all isn’t lost, investing in data and modern tooling can stop the slide, helping businesses to keep pace and preventing a significant competitive disadvantage from taking over." Arkadiy Ukolov, Co-Founder and CEO, Ulla Technology, says, "As AI adoption continues to skyrocket, we must ensure that privacy and data security remain a critical component of development. Most of the popular AI tools send data to third-party AI providers, which may use client data to train models. This is unacceptable for sensitive meeting discussions and confidential documents, as it opens them up to data leaks. Placing safety and ethics at the centre of the discussion is the only route that we can take forward as AI evolves." For more on cyber security, click here.

AI set to supercharge cyber threats by 2027

The UK’s National Cyber Security Centre (NCSC) has released a landmark cyber threat assessment, warning that rapid advances in artificial intelligence (AI) will make cyber attacks more frequent, effective and harder to detect by 2027. The digital divide between organisations with the resources to defend against digital threats, and those without, will inevitably increase.  Published on the opening day of CYBERUK, the UK’s flagship cyber security conference, the report outlines how both state and non-state actors are already exploiting AI to increase the speed, scale and sophistication of cyber operations. Generative AI is enabling more convincing phishing attacks and faster malware development. This significantly lowers the barrier to entry for cyber crime and cyber intelligence. Of particular concern is the rising risk to the UK’s democratic processes, Critical National Infrastructure (CNI) and commercial sectors. Advanced language models and data analysis capabilities are used to craft highly persuasive content, resulting in more frequent attacks that are difficult to detect.  Andy Ward, SVP International at Absolute Security, says, “While AI offers significant opportunities to bolster defences, our research shows 54% of CISOs feel unprepared to respond to AI-enabled threats. That gap in readiness is exactly what attackers will take advantage of." "To counter this, businesses must go beyond adopting new tools - they need a robust cyber resilience strategy built on real-time visibility, proactive threat detection, and the ability to isolate compromised devices at speed.” This latest warning forms part of the UK Government’s wider cyber strategy after announcing the new AI Cyber Security Code of Practice earlier this year. This will form the basis of a new global standard to secure AI and ensure national security keeps pace with technological evolution, safeguarding the country against emerging digital threats. For more from NCSC click here.

Infosecurity Europe launches new cyber security masterclasses

Infosecurity Europe has announced the launch of ‘Infosecurity Europe Masterclasses, powered by SANS Institute’, an exclusive new training initiative designed to equip cybersecurity professionals with hands-on, practical skills.  Developed for Infosecurity Europe 2025, the Masterclasses will offer three deep-dive sessions covering Digital Forensics, Cloud Security and Security Culture. Each masterclass will be delivered by a SANS-certified instructor and will take place in the South Gallery Rooms at ExCeL London during the event. The Digital Forensics and Cloud Security Masterclasses will be held on Tuesday 3 June, with the Security Culture Masterclass on Wednesday 4 June.  Introducing these masterclasses highlights the growing demand for specialised training as organisations contend with an increasingly complex threat landscape. Infosecurity Europe has long been a hub for industry leaders to share knowledge, explore innovative solutions, and foster collaboration. The partnership with SANS Institute builds on this and enhances the event's educational offering.  "Partnering with Infosecurity Europe and bringing hands-on masterclasses to this year’s event is a pivotal moment to elevate security readiness across the UK and Europe,” says John Davis, UK Director, SANS Institute. “This collaboration will support cyber security professionals with the practical skills they need to stay ahead of emerging threats. Continuous learning is essential in an industry that evolves at such a rapid pace, and by providing hands-on, immersive experiences, we are ensuring that security practitioners can apply cutting-edge techniques in real-world scenarios to make an immediate impact within their organisations," The masterclasses are designed to deliver practical, actionable insights and are tailored to help cyber security professionals tackle modern challenges head-on. The Digital Forensics Masterclass will be led by SANS Certified Instructor Kathryn Hedley and will provide practical experience in decoding file signatures, data recovery techniques and forensic disk image exploration. Attendees will learn how to extract and interpret critical digital evidence across platforms, equipping them with the skills to handle complex forensic investigations. This session aligns closely with industry demand, as over 50% of organisations plan to increase investment in incident response and forensics according to Infosecurity Europe’s 2025 Cybersecurity Trends Report. With 65% of cyber security leaders also planning an increase in cloud security investment, the Cloud Security Masterclass is key to guiding participants through advanced cloud security practices. Hosted by SANS Certified Instructor Simon Vernon, topics will include securing logging setups in Azure and preventing remote code execution.   On day two, the Security Culture Masterclass will be fronted by SANS Certified Instructor John Scott and will directly address key challenges faced by organisations. Infosecurity Europe’s report shows respondents citing lack of accountability and identifying communication gaps between departments as major obstacles to building a strong cyber security culture. This interactive session will address these challenges and more with a focus on embedding a resilient security culture within organisations.  Participants will engage in the Cyber42 Game Day simulation, where they will navigate real-world decision-making scenarios to strengthen their leadership and cultural impact. 

Cyber attacks drop by nearly 10%

Four in 10 (43%) of UK businesses and 30% of charities experienced cyber attacks or data breaches in the last 12 months, according to the latest Cyber Security Breaches Survey. While this marks a slight decrease from last year’s 50%, the threat level for medium and large businesses remains alarmingly high.  The average cost of the most disruptive breach was estimated at £1,600 for businesses and £3,240 for charities. The drop in incidents is attributed mainly to fewer small businesses reporting breaches – but government officials warn against complacency. With cyber threats increasingly targeting critical infrastructure, the UK Government is introducing the Cyber Security and Resilience Bill, compelling organisations to strengthen their digital defences. The survey found that 70% of large businesses now have a formal cyber strategy in place, compared to just 57% of medium-sized firms – exposing a potential gap in preparedness among mid-sized enterprises. There has been a notable improvement in cyber hygiene practices among smaller businesses, with rising adoption of risk assessments, cyber insurance, formal cyber security policies and continuity planning.  These steps are seen as essential in building digital resilience across the UK economy. However, the number of high-income charities implementing best practices such as risk assessments has declined. Insights suggest this may be linked to budgetary pressures, limiting their ability to invest in adequate cyber security measures. Sawan Joshi, Group Director of Information Security at FDM Group, comments, “Keeping banking systems online is becoming more challenging, and technology alone isn’t enough. Skilled IT teams are crucial for spotting risks early and responding quickly to prevent disruptions. Organisations need to invest in ongoing training so their staff can strengthen system defences and recover fast when issues arise. A mix of advanced monitoring, backup systems, and a well-trained workforce is key to keeping services running and maintaining customer trust.'" The Government has also confirmed that UK data centres are now officially designated as critical national infrastructure. This means they will receive the same priority in the event of a major incident - such as a cyber attack - as essential services like water and energy.

AlgoSec publishes State of Network Security Report

Global cyber security expert, AlgoSec, has released its annual The State of Network Security Report. The report provides a comprehensive and objective, vendor-agnostic analysis of today’s network security landscape by identifying key market trends, highlighting in-demand solutions and technologies, and detailing the most popular strategies being adopted by security professionals. The report identifies significant shifts in cloud platform adoption, deployment of firewalls and Software-Defined Wide Area Networks (SD-WAN), as well as Secure Access Service Edge (SASE) implementation and AI. Based on comparative findings from 2024 and 2025, AlgoSec’s research includes responses from security, network and cloud professionals across 28 countries and evaluates market leaders including Cisco, Microsoft Azure, AWS, Check Point, Palo Alto Networks and more. Key findings from the report include: • Security visibility gaps are driving a shift in security management - 71% of security teams struggle with visibility, which is delaying threat detection and response. The lack of insight into application connectivity, security policies and dependencies are proving to be a significant risk.• Multi-cloud and cloud firewalls are now standard – Businesses continue to adopt multi-cloud environments, with Azure becoming the most widely used platform in 2025.• Firewall and SD-WAN adoption grow despite complexity – Multi-vendor strategies make firewall deployment more challenging. In terms of customer base, Palo Alto Networks took the lead, but Fortinet’s NGFW is gaining traction. SD-WAN adoption jumped, with Fortinet rising from 19.1% in 2024 to 25.8% in 2025.• Zero-trust and SASE gain momentum – Zero-trust awareness is at an all-time high, with 56% of businesses fully or partially implementing it; though 20% are still in the learning phase. SASE adoption is also growing, with Zscaler leading at 35%, while Netskope has gained 15% market share.• AI and automation are reshaping security – AI-driven security tools are improving real-time threat detection, but implementation and privacy concerns remain a challenge. Automation is now critical, with application connectivity automation ranked as the top priority for minimising risk and downtime. “As businesses expand their digital footprints across hybrid and multi-cloud environments, securing network infrastructure has become a top challenge,” says Eran Shiff, VP of Product at AlgoSec. “We are seeing a major shift toward automation, orchestration and risk mitigation as key security priorities. Adoption of SD-WAN and SASE continues to rise, while awareness of AI-driven security and zero-trust principles is stronger than ever.” The full report can be accessed by clicking here. For more from AlgoSec, click here.

Datadog unveils plans for data centre in Australia

Datadog, a monitoring and security platform for cloud applications, today announced plans for a new data centre to be located in Australia. The data centre instance, which will be built on AWS, will be Datadog’s first in Australia and adds to existing locations in North America, Asia, Europe and AWS GovCloud. The Australian data centre will store and process data locally, creating sovereign capacity to help Datadog’s customers meet local privacy and security requirements and preferences. Datadog currently works with more than 1,000 organisations in Australia and New Zealand. This includes companies in the banking and financial services, retail and ecommerce, software-as-a-service and technology industries, with public sector, healthcare and higher education representing key expansion verticals. “As the ANZ Chief Technology Officer at Flight Centre Corporate, I am watching Datadog unite our entire technology ecosystem into a single pane of glass - transforming us from reactive to proactive and elevating outcomes for every level of the business,” says Grant Currey, Chief Technology Officer, Corporate ANZ at Flight Centre Travel Group. “With Datadog’s end-to-end observability, we can detect and address service quality across multiple business units. Ensuring we are proactively resolving issues before they become business critical for us,” adds Lisa Tobin, Group Executive, Technology at SEEK. “Australia is a high-priority market for Datadog; we already have a strong employee base in-region and aim to create new jobs across various practices this year,” explains Rob Thorne, Vice President for Asia-Pacific and Japan (APJ) at Datadog. “Datadog has experienced surging demand in Australia and New Zealand. Analysts forecast IT spend will reach AUD $147 billion [£70.7bn] this year, with cyber security, generative AI and cloud services to receive significant attention. We are poised to support this appetite for advanced digital capabilities across the private sector, alongside the Australian Government’s ambitions to become a top three digital government.” “We continue to invest in Australia and New Zealand, with the recent opening of our Melbourne office and the expansion of our teams there, as well as in Sydney and Auckland,” notes Yanbing Li, Chief Product Officer at Datadog. “Australian companies are innovating rapidly and rely on Datadog to support their continued cloud investments, digital transformations and AI projects. For businesses in highly regulated industries like healthcare and financial services, hosting data locally is critical - a need we’re addressing with this new data centre.” All existing Datadog products will be available with the new data centre, which is expected to open in the middle of this year. For more from Datadog, click here.