IT risk management
Risk management is an increasingly important discipline for IT leaders, with regulatory compliance an ever-present consideration and the amount of legislation and regulation concerning data security on the rise. We examine the issues around IT risk management and the best practices that IT managers need to know.
-
News
30 Sep 2025
Apple’s first iOS 26 security update fixes memory corruption flaw
Apple issues an update for its brand new iOS 26 mobile operating system, fixing a potentially dangerous vulnerability affecting iPhones, iPads and other Mac devices Continue Reading
-
News
30 Sep 2025
Cloud provider publishes ‘tech sovereignty’ plan for UK
In the face of mounting data sovereignty concerns across Europe, UK cloud provider Civo lays out high-level plan for how the government can retain control and access of its data should the geopolitical situation sour Continue Reading
-
News
07 Oct 2025
Alert over Medusa ransomware attacks targeting Fortra MFT
Microsoft warns it is seeing potential mass exploitation of a Fortra GoAnywhere vulnerability by a threat actor linked to the Medusa ransomware-as-a-service operation. Continue Reading
-
News
07 Oct 2025
The Security Interviews: David Bradbury, CSO, Okta
Okta’s chief security officer talks security by default and explains why he thinks time is running out for the shared responsibility model Continue Reading
-
Opinion
07 Oct 2025
Building resilience in the cloud: Bridging SLA gaps and mitigating risk
The Computer Weekly Security Think Tank considers how security leaders can help assure access to the new and innovative cloud tech while minimising risk and ensuring they do not fall foul of regulators. Continue Reading
-
E-Zine
07 Oct 2025
Is the UK’s digital ID scheme doomed to fail?
In this week’s edition of Computer Weekly, we take a look at the government’s somewhat controversial plan to introduce a national, compulsory digital ID scheme. Ranil Boteju, chief data and analytics officer at Lloyds Banking Group, also runs us through how the financial services giant is planning to use agentic AI to improve the customer experience. In the third part of our buyer’s guide on cloud management and security, details about the plethora of security tools that exist for enterprises looking to manage their Amazon Web Services stacks gets the deep-dive treatment. And, in our final feature in the issue, we look at the evolution in mobile app technology within the retail space. Read the issue now. Continue Reading
-
News
06 Oct 2025
Police facial recognition trials show little evidence of benefits
In-the-wild testing of police facial recognition systems has failed to generate clear evidence of the technology’s benefits, or to assess the full range of socio-technical impacts Continue Reading
-
News
06 Oct 2025
Data sovereignty demand pushes Herabit to get S3 storage
Italian service provider gets Cubbit DS3 distributed S3 storage to provide up to 2PB of cloud services to customers demanding data sovereignty, while cutting costs by up to 50% Continue Reading
-
News
06 Oct 2025
Gartner: IT leaders need to prepare for GenAI legal issues
GenAI is being embedded into enterprise software. This has implications for governance and regulatory compliance Continue Reading
-
News
06 Oct 2025
UK government to consult on police live facial recognition use
The UK’s policing minister has confirmed the government will consult on the use of live facial recognition by law enforcement before expanding its use throughout England, but so far, the technology has been deployed with minimal public debate or consultation Continue Reading
-
News
05 Oct 2025
Nakivo expands Proxmox backup and DR capabilities in v11.1
Latest version of Backup & Replication adds MSP features, plus Proxmox VM backup functionality, while Nakivo responds to critical vulnerability it was tipped off about in February Continue Reading
-
News
01 Oct 2025
US government shutdown stalls cyber intel sharing
A key US law covering cyber security intelligence sharing has expired without an extension or replacement amid a total shutdown of the federal government, putting global security collaboration at risk. Continue Reading
-
News
30 Sep 2025
Apple’s first iOS 26 security update fixes memory corruption flaw
Apple issues an update for its brand new iOS 26 mobile operating system, fixing a potentially dangerous vulnerability affecting iPhones, iPads and other Mac devices Continue Reading
-
News
30 Sep 2025
Cloud provider publishes ‘tech sovereignty’ plan for UK
In the face of mounting data sovereignty concerns across Europe, UK cloud provider Civo lays out high-level plan for how the government can retain control and access of its data should the geopolitical situation sour Continue Reading
-
News
30 Sep 2025
Google unveils AI-powered security to trap ransomware attacks
The new security capability, available at no extra cost for most Google Workspace users, detects mass file encryption during ransomware attacks, stops the attacks from spreading and allows for restoration of files Continue Reading
-
News
29 Sep 2025
JLR tentatively restarts production, following £1.5bn government backing
Jaguar Land Rover is to resume car production after a £1.5bn government loan guarantee amid its cyber attack fallout. Debate is growing over the bailout and insurance Continue Reading
-
Opinion
29 Sep 2025
Why SLA gaps should not hinder cloud innovation
The Computer Weekly Security Think Tank considers how security leaders can help assure access to the new and innovative cloud tech while minimising risk and ensuring they do not fall foul of regulators. Continue Reading
-
News
26 Sep 2025
Over half of India-based companies suffer security breaches
Business supply chains, which include Indian companies, are at risk of attack as more than half of suppliers were breached last year Continue Reading
-
News
26 Sep 2025
Microsoft hides key data flow information in plain sight
Microsoft’s own documentation confirms that data hosted in its hyperscale cloud architecture routinely traverses the globe, but the tech giant is actively obfuscating this vital information from its UK law enforcement customers Continue Reading
-
News
26 Sep 2025
Okta CEO: AI security and identity security are one and the same
At Oktane 2025 in Las Vegas, Okta CEO Todd McKinnon describes AI security and identity security as inseparable as he tees up a series of agentic security innovations Continue Reading
-
News
25 Sep 2025
Netherlands establishes cyber resilience network to strengthen public-private digital defence
Network will connect organisations in a cyber crime defence initiative that goes way beyond information sharing Continue Reading
-
News
25 Sep 2025
Get HDD temperature right, or risk more drive failures
We talk to Rainer Kaese of Toshiba about the right temperature to run hard disk drives at. Not getting it right risks higher failure rates than what would normally be expected Continue Reading
-
News
24 Sep 2025
Oktane 2025: Okta takes aim at agentic AI governance gap
Identity specialist Okta is laying the groundwork for a number of incoming announcements designed to help its customers get to grips with the challenge of securing non-human, agentic identities. Continue Reading
-
News
24 Sep 2025
Salesforce shifts focus from AI models to agentic AI
Rather than being preoccupied with large language models, Salesforce is now focused on building AI agents, with an eye on achieving what it calls ‘enterprise general intelligence’ Continue Reading
-
News
23 Sep 2025
SolarWinds warns over dangerous RCE flaw
A newly uncovered RCE flaw in SolarWinds’ helpdesk product bypasses two previously issued fixes, and users should prioritise updates as exploitation is likely to occur Continue Reading
-
Opinion
23 Sep 2025
Rethinking identity in the age of AI impersonation
Trust in business has long hinged on human instincts but with the advent of deepfakes, it is becoming dangerous to assume too much. Continue Reading
-
News
23 Sep 2025
Jaguar Land Rover extends cyber attack-induced shutdown to October
Jaguar Land Rover is extending its production shutdown caused by the 31 August cyber attack into next month, as government ministers drop by and supply chain workers lose wages Continue Reading
-
News
23 Sep 2025
‘Our worst day’: The untold story of the Electoral Commission cyber attack
As head of digital at The Electoral Commission, Andrew Simpson’s mettle was tested when threat actors gained access to the regulator’s email systems and accessed sensitive voter data. Three years on, he tells his story to Computer Weekly Continue Reading
-
Opinion
23 Sep 2025
Digital ID risks turning UK into ‘Checkpoint Britain’
Keir Starmer is expected to announce plans for mandatory ID cards at the Labour Party Conference next week. It risks urging in an era of surveillance, digital check points, reliance on online systems, and the risk of data breaches. Continue Reading
-
Opinion
23 Sep 2025
How to fend off identity-based cyber attacks
Attackers are using legitimate credentials to walk through the front door and “live off the land”. True cyber resilience now depends on protecting identity, not just the perimeter Continue Reading
-
Opinion
22 Sep 2025
From breach to resilience: How the Electoral Commission rebuilt its cyber defences
The UK's Electoral Commission fell victim to a major cyber attack in 2022. Three years on, the organisation is reflecting on its experience and sharing the lessons it learned to help others improve their security resilience. Continue Reading
-
Feature
22 Sep 2025
Balancing IT security with AI and cloud innovation
Cyber security experts offer insights into how to manage service levels, potential lock-in clauses and security gaps in IT supplier contracts Continue Reading
-
News
19 Sep 2025
UK cyber action plan lays out path to resilience
A report produced for the government by academics at Imperial College London and the University of Bristol sets out nine recommendations to strengthen the UK’s cyber sector Continue Reading
-
News
19 Sep 2025
Pentera expands in APAC, taps AI to outsmart attackers
The penetration testing specialist is expanding its presence in the Asia-Pacific region and deploying AI-driven capabilities as it eyes acquisitions and a potential IPO Continue Reading
-
Feature
18 Sep 2025
Are AI agents a blessing or a curse for cyber security?
Agentic AI is touted as a helpful tool for managing tasks, and cyber criminals are already taking advantage. Should information security teams look to AI agents to keep up? Continue Reading
-
Feature
18 Sep 2025
The challenges posed by AI tools in education
Artificial intelligence tools to enhance productivity are being developed for use in multiple sectors, but are they sufficiently reliable for use in education or do they create other problems? Continue Reading
-
News
18 Sep 2025
Should you run VMware 7 unsupported?
In just a few weeks, VMware version 7 reaches end of life, which means Broadcom will no longer issue patches Continue Reading
-
News
17 Sep 2025
Firms urged to adopt risk-based data sovereignty strategy
Geopolitical uncertainty is forcing organisations to rethink where their data is located, but a full retreat from the public cloud is not the answer Continue Reading
-
Podcast
17 Sep 2025
Podcast: Data sovereignty and what you need to do about it
Patrick Smith, EMEA CTO of Pure Storage, talks about data sovereignty, what’s driving heightened interest in it, and how customers, the tech industry and states are preparing for it Continue Reading
-
News
17 Sep 2025
Google Cloud unveils open protocol for agentic payments
Google’s Agent Payments Protocol is an open standard developed with more than 60 global partners to create a secure standard for AI-driven transactions Continue Reading
-
News
16 Sep 2025
Exabeam: Treat AI agents as the new insider threat
As artificial intelligence agents are given more power inside organisations, Exabeam’s chief AI officer, Steve Wilson, argues they must be monitored for rogue behaviour just like their human counterparts Continue Reading
-
Opinion
16 Sep 2025
Cyber leaders must make better use of risk experts
The Computer Weekly Security Think Tank considers how security leaders can help assure access to the new and innovative cloud tech while minimising risk and ensuring they do not fall foul of regulators. Continue Reading
-
News
15 Sep 2025
Amnesty: AI surveillance risks ‘supercharging’ US deportations
Amnesty International says AI-driven platforms from Palantir and Babel Street are being used by US authorities to track migrants and revoke visas, raising fears of unlawful detentions and mass deportations Continue Reading
-
News
15 Sep 2025
Arqit to support NCSC’s post-quantum cryptography pilot
Quantum specialist Arqit will provide specialised post-quantum migration planning services to organisations preparing to address the imminent risks to traditional cryptography Continue Reading
-
News
15 Sep 2025
MI5 unlawfully monitored the phone of BBC journalist Vincent Kearney
The Investigatory Powers Tribunal heard today that the security service has conceded that it unlawfully monitored the phone data of former BBC Spotlight reporter Vincent Kearney Continue Reading
-
News
11 Sep 2025
Students an increasing source of cyber threat in UK schools
Insider threats arising from student activity now appears to be the chief cause of notifiable cyber or data breach incidents in Britain’s schools Continue Reading
-
News
11 Sep 2025
Chat Control: EU to decide on requirement for tech firms to scan encrypted messages
Law enforcement and police experts meet on Friday to decide on proposals to require technology companies to scan encrypted messages for possible child abuse images amid growing opposition from security experts Continue Reading
-
News
10 Sep 2025
Open source security and sustainability remain unsolved problem
While software bills of materials offer some transparency over software components, they don’t solve the imbalance between corporate consumption of open source software and the lack of investment in its security and health Continue Reading
-
News
09 Sep 2025
Splunk.conf: Splunk urges users to eat their ‘cyber veggies’
The dawn of AI-enabled cyber attacks makes it even more important for defenders to bring their A-game, particularly when it comes to getting the basics right Continue Reading
-
Opinion
09 Sep 2025
Lessons from Jaguar Land Rover: How can businesses prepare for cyber attacks?
A cyber attack at Jaguar Land Rover has halted production lines and caused widespread disruption. How can businesses protect themselves and mitigate the risks of such an attack? Continue Reading
-
News
08 Sep 2025
Splunk.conf: Splunk and Cisco showcase unified platform
With 18 months having elapsed since Cisco closed its acquisition of Splunk, joint platform capabilities and developments are being showcased at the annual Splunk.conf fair Continue Reading
-
Opinion
05 Sep 2025
SLA promises, security realities: Navigating the shared responsibility gap
The Computer Weekly Security Think Tank considers how security leaders can help assure access to the new and innovative cloud tech while minimising risk and ensuring they do not fall foul of regulators. Continue Reading
-
Opinion
03 Sep 2025
Bridging the SLA gap: A guide to managing cloud provider risk
The Computer Weekly Security Think Tank considers how security leaders can help assure access to the new and innovative cloud tech while minimising risk and ensuring they do not fall foul of regulators. Continue Reading
-
Feature
03 Sep 2025
Ethical challenges of LGBTQ+ data protection
America has rolled back data protection policies for the LGBTQ+ community, but what does that mean for the rest of the world? Continue Reading
-
News
02 Sep 2025
JFrog extends DevSecOps playbook to AI governance
The software security specialist is leveraging its capabilities in DevSecOps to address security, data provenance and bias in AI models Continue Reading
-
News
29 Aug 2025
ICO publishes summary of police facial recognition audit
The UK data regulator has released a summary of its facial recognition audit of two police forces Continue Reading
-
Feature
28 Aug 2025
AI and backup: How backup products leverage AI
We look at how AI helps with backup, from AI analysis of backup jobs and their integrity through natural language support functionality to ransomware and anomaly detection Continue Reading
-
News
28 Aug 2025
Microsoft refuses to divulge data flows to Police Scotland
Tech giant Microsoft is declining to share key information with Police Scotland about where the sensitive data it uploads to Office 365 will be processed, leaving the force unable to comply with UK-wide data protection laws Continue Reading
-
News
28 Aug 2025
UK cyber security centre helps expose China-based cyber campaign
GCHQ cyber security centre and its international partners release details of malicious cyber activity linked to Chinese businesses Continue Reading
-
News
27 Aug 2025
Incident response planning cuts the risk of claiming on cyber security insurance
Proper attention to incident response planning is emerging as a core cyber control when it comes to reducing the risk of having to claim on cyber security insurance, according to a report Continue Reading
-
News
27 Aug 2025
Ransomware activity levelled off in July, says NCC
Ransomware levels held steady in the month of July, although the risk remained as persistent as ever Continue Reading
-
News
26 Aug 2025
Okta makes AI identity play with Axiom acquisition
Okta says Axiom Security’s technology will reinforce its own offerings in privileged access management, especially when it comes to the growing number of non-human identities Continue Reading
-
News
25 Aug 2025
How to secure the identity perimeter and prepare for AI agents
Ping Identity CEO Andre Durand explains why identity has become the critical security battleground, how decentralised credentials will reduce data breach risks, and why AI agents will need their own identities to be trusted Continue Reading
-
Feature
21 Aug 2025
European digital sovereignty: Storage, surveillance concerns to overcome
As China and the US increase surveillance capabilities, are European companies caught in the middle of a data security storm? Continue Reading
-
News
21 Aug 2025
UK equality watchdog: Met Police facial recognition unlawful
The UK’s equality watchdog has been granted permission to intervene in a judicial review of the Met Police’s live facial-recognition (LFR) technology use, which it claims is being deployed unlawfully Continue Reading
-
News
20 Aug 2025
Microsoft starts including PQC algorithms in cyber foundations
Microsoft updates on its post-quantum cyber strategy as it continues integrating quantum-safe algorithms into some of the core foundations underpinning its products and services Continue Reading
-
News
20 Aug 2025
Commvault users told to patch two RCE exploit chains
Storage firm Commvault fixes four vulnerabilities that, when combined, create a pair of RCE exploit chains that could be used to target on-premise customers with ransomware and other nasties Continue Reading
-
Opinion
20 Aug 2025
Jack of all managed security services, or master of none?
Large managed cyber services providers rule the roost when it comes to security buying priorities, but could this be watering down the overall quality of services available on the market? Continue Reading
-
News
19 Aug 2025
Google spins up agentic SOC to speed up incident management
Google Cloud elaborates on its vision for securing artificial intelligence unveiling new protections and capabilities across its product suite Continue Reading
-
News
19 Aug 2025
ISACA launches AI security management certification
ISACA accredited security professionals can now pursue a new AI security management credential Continue Reading
-
News
19 Aug 2025
Singapore board directors to get cyber crisis training
The Singapore Institute of Directors and Ensign InfoSecurity have launched a programme to equip 1,000 board leaders with the skills to navigate high-stakes decisions during a cyber crisis Continue Reading
-
News
18 Aug 2025
L’Oréal to promote cyber resilience for Britain’s beauty salons
L’Oréal UK and Ireland will work with law enforcement, cyber educators and students, and other large organisations to help thousands of small salons across the UK improve their cyber resilience practice Continue Reading
-
News
15 Aug 2025
UK cyber leaders feel impact of Trump cutbacks
The ripple effects of US cyber security cutbacks have reached this side of the Atlantic, according to a report Continue Reading
-
News
15 Aug 2025
US trade body calls on Washington to cut cyber red tape
The US Information Technology Industry Council has called on the White House’s Office of the National Cyber Director to cut burdensome regulations in areas such as AI and incident reporting, and to do more to build a unified security regime Continue Reading
-
Feature
15 Aug 2025
The UK’s Online Safety Act explained: what you need to know
In this essential guide, Computer Weekly looks at the UK’s implementation of the Online Safety Act, including controversies around age verification measures and the threat it poses to end-to-end encryption Continue Reading
-
Opinion
15 Aug 2025
Guardian agents: Stopping AI from going rogue
AI systems don't share our values and can easily go rogue. But instead of trying to make AI more human, we need a new class of guardian agents to act as digital sentinels, monitoring our autonomous systems before we lose control completely Continue Reading
-
Opinion
13 Aug 2025
What the UK's ransomware crackdown signals for Europe
The UK government is forging a bold path as it aims to ban ransomware payments from certain organisations. Its actions could herald an inflexion point in Europe's broader response to ransomware. Continue Reading
-
News
12 Aug 2025
Eight critical RCE flaws make Microsoft’s latest Patch Tuesday list
Microsoft rolls out fixes for over 100 CVEs in its August Patch Tuesday update Continue Reading
-
News
12 Aug 2025
Researchers firm up ShinyHunters, Scattered Spider link
ReliaQuest researchers present new evidence that firms up a potential link, or outright partnership, between the ShinyHunters and Scattered Spider cyber gangs Continue Reading
-
News
12 Aug 2025
UK work visa sponsors are target of phishing campaign
Mimecast identifies a phishing campaign targeting UK organisations that sponsor migrant workers and students, opening the door to account compromise and visa fraud Continue Reading
-
News
12 Aug 2025
Workday research: 75% of employees will work with artificial intelligence, but not for it
Workday research finds 75% of workers like AI as a teammate, but only 30% want it to be the boss. Trust in the technology may grow with use, but human focus, clear roles and governance are key Continue Reading
-
Opinion
12 Aug 2025
What boards should look for in a CISO
The role of the chief information security officer has evolved dramatically over the years – and will continue to do so. What should boards really looking for when hiring a security leader in 2025? Continue Reading
-
News
12 Aug 2025
Norway fixing Big Bang e-health botch with fintech security
Experts call for Europe’s health sector to protect medical APIs with security originated from UK open banking as officials take urgent measures against unprecedented attacks Continue Reading
-
Feature
11 Aug 2025
ShinyHunters Salesforce cyber attacks explained: What you need to know
Computer Weekly gets under the skin of an ongoing wave of ShinyHunters cyber attacks orchestrated via social engineering against Salesforce users Continue Reading
-
Opinion
11 Aug 2025
How CISOs can adapt cyber strategies for the age of AI
Traditional security measures may not be able to cope with the AI reality. In order to safeguard enterprise operations, reputation and data integrity in an AI-first world, security leaders need to rethink. Continue Reading
-
News
11 Aug 2025
McCullough Review into PSNI spying on journalists and lawyers delayed
Angus McCullough KC is to present findings of an independent review of police spying on phone data of lawyers, journalists and NGOs in Northern Ireland in October Continue Reading
-
News
11 Aug 2025
Watching the watchers: Is the Technical Advisory Panel a match for MI5, MI6 and GCHQ?
Dame Muffy Calder is chair of the Technical Advisory Panel (TAP), a small group of experts that advises the Investigatory Powers Commissioner on surveillance technology. Do they have what it takes to oversee the intelligence community? Continue Reading
-
Definition
08 Aug 2025
What is the three lines model and what is its purpose?
The three lines model is a risk management approach to help organizations identify and manage risks effectively by creating three distinct lines of defense. Continue Reading
-
Definition
07 Aug 2025
What is integrated risk management (IRM)?
Integrated risk management (IRM) is a set of proactive, businesswide practices that contribute to an organization's security, risk tolerance profile and strategic decisions. Continue Reading
-
News
06 Aug 2025
NCSC updates CNI Cyber Assessment Framework
Updates to the NCSC’s Cyber Assessment Framework are designed to help providers of critical services better manage their risk profiles Continue Reading
-
Definition
06 Aug 2025
What is enterprise risk management (ERM)?
Enterprise risk management (ERM) is the process of planning, organizing, directing and controlling the activities of an organization to minimize the harmful effects of risk on its capital and earnings. Continue Reading
-
News
06 Aug 2025
Australian scaleup to bring AI-led data protection to the MoD
The UK’s Ministry of Defence is embracing AI-led data protection in the wake of a major privacy breach, enlisting Australian cyber firm Castlepoint Systems to oversee sensitive records Continue Reading
-
News
05 Aug 2025
Attacker could defeat Dell firmware flaws with a vegetable
Cisco Talos discloses five vulnerabilities in cyber security firmware used on Dell Latitude and Precision devices, including one that could enable an attacker to log on with a spring onion Continue Reading
-
E-Zine
05 Aug 2025
Digitising fan experience
In this issue, discover the latest twist regarding a secret Home Office order requiring Apple to give UK law enforcement access to users’ encrypted data stored on the Apple iCloud. Also discover how the Premier League is using digital means to reach fans, and learn about identity security in SaaS deployments. Read the issue now. Continue Reading
-
News
04 Aug 2025
Black Hat USA: Halcyon and Sophos tag-team ransomware fightback
Ransomware experts Halcyon and Sophos are to pool their expertise in ransomware, working together to enhance data- and intelligence-sharing and bringing more comprehensive protection to customers Continue Reading
-
News
01 Aug 2025
Met Police to double facial recognition use amid budget cuts
The UK’s largest police force is massively expanding its use of live facial recognition technology as it prepares to lose 1,700 officers and staff Continue Reading
-
Opinion
01 Aug 2025
The blind spot: digital supply chain is now a board-level imperative
Many companies lack visibility into complex digital supply chains, meaning hidden risks and regulatory exposure. Cyber security requires continuous mapping and board engagement Continue Reading
-
Opinion
31 Jul 2025
I lost my sister to online harms, the OSA is failing vulnerable people
Adele is a member of Families and Survivors to Prevent Online Suicide Harms campaign, a network that brings together survivors and families bereaved by online harm-related suicides. They are calling for changes to the enforcement of the Online Safety Act Continue Reading
-
News
31 Jul 2025
Palo Alto Networks to acquire CyberArk for $25bn
The deal marks Palo Alto Networks’ entry into the identity and access management space amid the growing need to secure human, machine and emerging AI agent identities Continue Reading
-
News
30 Jul 2025
Scattered Spider tactics continue to evolve, warn cyber cops
CISA, the FBI, NCSC and others have clubbed together to update previous guidance on Scattered Spider's playbook, warning of new social engineering tactics and exploitation of legitimate tools, among other things Continue Reading
-
News
30 Jul 2025
MS Authenticator users face passkey crunch time
The deadline for moving to passkeys in Microsoft Authenticator is rapidly approaching, and users are advised to take action now Continue Reading
-
News
30 Jul 2025
AI-enabled security pushes down breach costs for UK organisations
Organisations that are incorporating AI and automation into their cyber security practice are seeing improved outcomes when incidents occur, according to an IBM study Continue Reading