As anyone in the UK knows, the only year that matters in the school year. Here’s a summary of what our research team has seen over the last school year, and what we expect for the next year.
Over the past 12 months, we have explored a wide range of topics, offering insights into everything from data breaches and operational resilience to the rise of artificial intelligence (AI) in cybersecurity. Some month-by-month highlights are below:
September 2023 – November 2023: Data Breaches Becoming More Evident
- We saw a surge in reported data breaches, highlighting major incidents such as the Electoral Commission hack. We delved into how human errors and unpatched vulnerabilities have become major contributors to these breaches. The focus was on the long-term impact these incidents have on individuals, particularly the lack of recourse when personal data is leaked.
- We explored the importance of conducting cybersecurity risk assessments and how these define security for an organisation. By examining potential threats and vulnerabilities, businesses can adopt a proactive stance on risk management, which is essential for preventing costly data breaches.
- We focused on the importance of creating robust information security policies. Not the most exciting topic for many, but definitely necessary to set the rules for an organisation and help the Board communicate expectations. We discussed how tailored security policies are essential for managing sensitive data, ensuring compliance with industry regulations, and safeguarding businesses from emerging threats.
December 2023 – February 2024: AI and Regulation in Cybersecurity
- With the rapid advancement of AI technologies, we explored the growing role of AI and the likely regulation coming.
- Our predictions for 2024, focused on the impending cyber security regulations. This covered AI, SEC disclosure rules and EU regulation like NIS2 and DORA. We also looked at changes to UK privacy regulation that might happen. These trends would shape how businesses approach security throughout the year.
- We explored third party vendor assurance techniques, and the challenges facing small-to-medium sized organisations in the UK.
- We also raised a flag for information security governance. NIST CSF has brought governance into its security model, and we tried to explain why it’s so critical in driving and shaping an organisation’s cyber security posture.
March 2024 – June 2023: Building Trust in Security
- Trust between businesses and their clients is a critical element in the digital age. We introduced the Reconfort Assurance Sentinel service. This provides insights into how companies can communicate trustworthiness through transparency and compliance with security standards, making it a cornerstone of business relationships.
- We provided simple tools for boardrooms to assess whether cyber security was being managed effectively. We also shared some simple steps for a board to assess the status of an IT project.
- We raised the challenge of managed service providers running security for an organisation. While MSPs often provided real value through their IT service, running security too was a little like marking their own homework. We also highlighted how MSPs were often expected to secure organisations without being commissioned to do so by their clients, and stressed the importance of a transparent relationship.
Looking Forward: Technology risk Trends in the Next 12 Months
As we look ahead to the coming year, we expect some trends to continue. Some highlights:
- AI tool adoption will continue at pace, despite many public shortfalls and shortcomings. This hype cycle may be easing, but there remains real value in the technologies, and it will only get better.
- Broad pervasive attacks of public names and aggregated services will continue at a pace.
- The UK will announce a digital resilience timescale to match EU legislation.
- UK audit and corporate governance reform will drive UK-based organisations to think about technology risk in general (not just cyber or privacy).
In an ever-changing digital world, staying informed and prepared is key. We will continue to monitor these developments and provide insights to help businesses navigate the complex technology risk landscape.