The Hidden Cost of “Just Reset Their Password” Culture
Most enterprises treat password resets as a service desk ticket. They are, in fact, the symptom of a credential management strategy that quietly costs millions in time, productivity, and unmeasured risk. Here’s what it actually looks like — and how mature organisations are dismantling it.
DORA Is Live: What UK Financial Services Firms Got Wrong in Year One
The Digital Operational Resilience Act has been enforceable for over a year. UK firms providing services to EU financial entities are still mid-scope, and the early enforcement actions tell us where audit teams are looking. Here are the five gaps we see consistently in firms that thought they were ready.
Why Your SOC Is Drowning in EDR Alerts (And What Actually Helps)
The promise of EDR was high-fidelity endpoint visibility. The reality, in most enterprise SOCs, is alert volume that has overwhelmed the analyst capacity to investigate. The fix is not more analysts. Here is what is actually working.
The 5-Minute Board Brief: Explaining Cyber Risk to Non-Technical Directors
CISOs are routinely asked to brief boards on cyber risk in five to ten minutes. Most struggle with the format because the technical details that matter to security teams do not translate to the questions a board is actually trying to answer. Here is a framework that does.
API Sprawl: The Attack Surface Nobody on Your Team Owns
API exploitation became a primary initial access vector in 2025 and has accelerated through Q1 2026. The mechanics are familiar — broken authentication, excessive data exposure, business logic flaws — but the organisational problem is newer. Most enterprises do not have a single team that owns API security, which is why API sprawl continues unchecked.
What We Learned From 47 Penetration Tests in Q1 2026
We completed 47 penetration tests for clients during Q1 2026, ranging from external network assessments to threat-led penetration tests against critical national infrastructure. The findings were not the surprising part. The patterns across findings — what consistently goes wrong, and where defenders are now winning — were.
Beyond MFA: Why Session Hijacking Is the Threat You’re Not Defending Against
The story of the last decade in identity security was the deployment of multi-factor authentication. The story of the last 18 months has been the systematic defeat of MFA at scale, by attackers using techniques that bypass the authentication layer entirely. Here is what is happening, and what works against it.
Choosing Between EDR, NDR, and XDR: A Buyer’s Decision Framework
The endpoint, network, and extended detection-and-response categories overlap in vendor marketing and diverge in capability. For procurement teams, the practical question is rarely “which is better” but “which combination matches our threat model, our team, and our existing investments”. Here is the framework we use with clients.
The Quiet Risk of Shadow SaaS in UK Mid-Market Companies
UK mid-market enterprises — typically 250 to 2,000 employees — have a structural blind spot that is now driving a measurable proportion of breaches. It is not malware. It is not a sophisticated adversary. It is the SaaS application that someone in marketing signed up for last year, with a corporate credit card, and that nobody in IT has ever heard of.
AI Is Now in Your SOC. Here’s What That Actually Means.
Every detection-and-response platform in the market now claims AI as a core capability. For SOC teams who have lived through previous AI cycles, scepticism is reasonable — but this time the underlying technology has actually delivered. The interesting question is not whether AI works, but what it changes in how SOCs operate.