June 24, 2026
This article explains fourth-party risk – the hidden vulnerability from your vendors’ sub-processors. While organisations lack direct audit rights over these hidden relationships, regulations like GDPR and DORA hold them legally liable for any breaches.
June 16, 2026
Treating all vendors as critical partners strains resources. This article advocates for risk-based supply chain tiering, categorising vendors by data access and business impact to prioritise assessments and optimise security.
June 9, 2026
This article explains that a vendor’s patching latency – the time it takes to remediate critical vulnerabilities – is a reliable predictor of data breaches, highlighting why static compliance audits fail to guarantee real-time security.
June 7, 2026
The article argues that traditional, point-in-time vendor audits fail against fast, AI-driven exploits. To meet regulations like GDPR’s 72-hour reporting rule, organisations must shift from annual reviews to continuous threat monitoring.
June 5, 2026
Compliance audits offer only a point-in-time snapshot of a specific scope. True cybersecurity requires continuous monitoring of an organisation’s actual, evolving external attack surface against live threats.
May 1, 2026
In this dynamic environment, the NIS2 Directive stands as a pivotal piece of legislation, representing a significant stride forward in bolstering cybersecurity across the European Union.
April 23, 2026
The European financial sector faces increasing cyber threats and operational disruptions. Consequently, the sector is now subject to the Digital Operational Resilience Act (DORA). This article, the second part of our essential guide, follows our initial overview of DORA in “Digital Operational Resilience Act: Essential Guide – Part 1”. We now delve into the specific technical cybersecurity requirements and controls mandated by DORA.
