Insights
Perspectives on security, compliance and risk.
Latest insight
The cyber insurance renewal checklist for boards
A board-level checklist for the weeks before a cyber insurance renewal: the controls underwriters now require, the evidence to gather, and the questions leadership should confirm before anyone signs the questionnaire.
Categories
Board & governance
Cyber risk reporting for boards: what good looks like
How to report cyber risk to a board so it informs decisions rather than reassures: the metrics that matter, the ones to drop, a one-page format that works, and the cadence regulators now expect.
9 June 20268 min readCompliance
What law firms should expect from supplier security questionnaires
Why clients now send law firms detailed security questionnaires, what they typically ask, the answers that win and lose confidence, and how to turn a recurring chore into a standing evidence pack.
9 June 20268 min readBoard & governance
Questions every Managing Partner should ask about cyber risk
Ten questions that let a Managing Partner or board pressure-test the company's cyber posture in a single meeting, without needing to be technical, and what a credible answer to each one sounds like.
9 June 20269 min readCertification
Preparing for Cyber Essentials Plus: what the audit actually checks
What Cyber Essentials Plus adds over the standard certification, the five control areas the hands-on audit tests, the gaps that most often cause a fail, and how to be ready before the assessor arrives.
9 June 20268 min readOperational resilience
The ransomware readiness checklist
A practical readiness checklist covering the four stages of ransomware defence: reducing the chance of entry, limiting the spread, recovering without paying, and responding when it happens, with the questions a board should be able to answer.
9 June 20269 min readAI governance
The EU AI Act: a readiness guide for UK organisations
A plain-English walkthrough of the EU AI Act: the timeline, who is actually in scope (including UK organisations serving EU users), and a practical four-step path to audit-ready AI governance before the August 2026 high-risk deadline.
6 June 20269 min readCompliance
DORA Article 28 in plain English: what it actually means for your suppliers
A practical guide for COOs and heads of risk at FCA-regulated companies working out what DORA's third-party requirements mean in supplier audits, board papers and contract renegotiations.
12 May 202612 min readCertification
Cyber Essentials, Cyber Essentials Plus and ISO 27001: which one do you actually need?
A practical comparison for UK organisations working out which certification answers the insurer, the client supplier audit, or the procurement requirement that has landed.
8 May 202610 min readCyber insurance
What insurers are asking in 2026: the cyber renewal questionnaire, decoded
A line-by-line look at the questions UK underwriters are sending mid-market regulated companies in 2026, what each one is really asking for, and what good evidence looks like.
22 April 202610 min read