Resources
& insights.
Practical cybersecurity guidance, threat intelligence, and compliance resources for UK businesses.
AI threat & governance insights
New for 2026. Articles, audit observations, and field notes on how AI is changing what attackers do — and what UK firms should do about it.
The AI threat landscape
Canonical reference covering six categories of AI-augmented attacks observed in 2026.
ServiceAI Usage Audit
Find out which AI tools your employees are using. Lead-gen for AI Governance.
ServiceAI Governance & Compliance
Ongoing engagement to make AI use safe, sanctioned, and defensible.
Cybersecurity & compliance insights
Shadow AI in UK Firms: The Inventory Problem Nobody Has Solved
Most UK firms have no idea which AI tools their employees use, what data flows to them, or what the vendor terms of service grant. The first step out of this is not a policy — it is an inventory.
From Principles to Enforcement: Where UK AI Regulators Stand in Mid-2026
The UK chose a principles-based, sector-led path to AI regulation. Eighteen months in, the picture is no longer principles — it is enforcement signals from ICO, FCA, PRA, MHRA and SRA. Here is what each regulator actually expects today.
The EU AI Act for UK Firms: Extraterritorial Reach, August 2026 Milestones, and What To Do Now
UK firms thought Brexit removed EU regulatory risk. The EU AI Act caught up with that thinking. Article 50 transparency obligations, GPAI rules and Commission enforcement powers all enter into force on 2 August 2026 — and the Act reaches UK firms whose AI output is used in the EU.
AI-Augmented BEC: Deepfakes, Look-Alike Domains, and the New Fraud Playbook
Business email compromise was already the most expensive cyber attack category by reported loss. AI has now industrialised the parts that used to fail — voice mismatch, language errors, time-to-target. Mid-market UK firms need to update their controls or accept the new loss rate.
The Hidden Cost of Fragmented IT Vendors: Why Mid-Market UK Firms Are Consolidating
A typical 100-person UK firm now runs 15 to 20 separate IT vendors. The licence spreadsheet looks under control. The integration debt, finger-pointing, and contract sprawl underneath it are not. There is a quieter cost than the line items.
Cyber Essentials Certification: A Practical Guide for UK Businesses
The UK government's Cyber Essentials scheme is now a prerequisite for many public sector contracts. Here's what it covers, who needs it, and how to get certified efficiently.
UK GDPR and Cybersecurity: What Boards Need to Know in 2026
UK GDPR places explicit obligations on organisations to implement 'appropriate technical and organisational measures' — which the ICO now interprets as including mature cybersecurity controls. Here's what that means for your board.