The EU's Digital Operational Resilience Act (DORA) comes into force tomorrow (Jan 17th) but new research shows that 43 percent of the UK's financial organizations are set to miss the deadline for compliance, with 20 percent expecting to do so by at least four months.

Although the UK is outside the EU its strong financial ties with Europe mean firms operating in or interacting with EU markets will need to align with DORA standards to continue their business relationships.

The number of ransomware victims reached an all-time high with more than 1,600 in Q4 2024 alone according to the latest GuidePoint Research and Intelligence Team's (GRIT) annual Ransomware and Cyber Threat Report.

The number of attackers peaked too with a 40 percent year-on-year increase in active threat groups. GRIT identified more than 88 total active threat groups in 2024, including 40 newly observed adversaries.

A new report from HP Wolf Security reveals that attackers are hiding malicious code in images on file hosting websites like archive.org, as well as using the same loader to install the final payload.

These techniques help attackers avoid detection, as image files appear benign when downloaded from well-known websites, bypassing network security like web proxies that rely on reputation.

Cloud adoption is at the heart of digital transformation, providing organizations with the agility and flexibility they need to stay competitive in today's rapidly changing marketplace.

A new report from Fortinet looks at the latest trends, challenges, and strategies shaping cloud security, include safeguarding sensitive data, ensuring regulatory compliance, and maintaining visibility and control across increasingly complex hybrid and multi-cloud environments.

A newly-released report from Swimlane shows that a worrying 68 percent of organizations say remediating a critical vulnerability takes them more than 24 hours.

The survey of 500 cybersecurity decision-makers across the US and UK reveals that 37 percent cite the top challenge in prioritization as a lack of context or accurate information. Similarly, 35 percent report this lack of context hampers their remediation efforts.

While moving systems to the cloud delivers many benefits, it also leads to complex dynamic environments that can be a real challenge when it comes to keeping them secure.

With the launch of a new Large Language Model (LLM)-powered cloud detection engine, Sweet Security aims to cut through the noise and allow security teams to tackle these environments with greater precision and confidence.

SIEM (security information and event management) is currently one of the cybersecurity field’s most active markets. It holds the promise of making sense of the disparate data sources across enterprise environments to detect and respond to malicious activity.

Over the past year, we’ve witnessed a wave of innovation, mergers and acquisitions and consolidation in this area, largely driven by AI advancements and the push toward the AI-native security operations center (SOC). But there's also a 'data paradox' involved in balancing cost with importing and storing as much data as possible.

New research from the eSentire Threat Response Unit (TRU) shows a shift towards browser-based threats last year as more traditional email malware declines.

Moving onto 2025 the report predicts an increase in politically motivated cyberattacks, with adversaries disrupting the physical infrastructure of the Internet to disrupt internet access. It also expects we’ll see continued growth in ransomware attacks against all industries, abuse of certificate authority, and further increase in browser-based threats to deploy malware.

Despite the excitement around AI as a transformative force, many enterprises are struggling to adopt the technology in meaningful ways, according to a new survey from Unily.

This has resulted in a growing gap between AI 'haves' and 'have nots,' where enterprises adopting AI tools for their people are making quicker gains than those without. At the same time employees who are open to using AI tools increasingly want more exposure to them and may even choose employers who are early AI adopters over those who are slower to adapt.

The majority of CISOs are taking on responsibilities beyond cybersecurity, including business risk, IT oversight, and digital transformation. Three percent of CISOs attribute their raise to taking on larger scope, while others see it reflected in merit increases.

New research from IANS Research and Artico Search surveyed over more than 830 CISOs and other security leaders to understand the key trends and challenges reshaping CISO role.

Smaller businesses are just as vulnerable to cybersecurity issues as larger ones, more so in some cases as they have fewer resources to devote to protection.

New research from UK cloud services firm Six Degrees looks at the concerns of UK SMEs. It finds 35 percent cite AI-related threats as their top concern, outranking malware (25 percent), scams and other fraud (25 percent), phishing (25 percent), and ransomware (23 percent).

Artificial intelligence will be unleashed across the UK to deliver a decade of national renewal under a new plan announced by the government.

The Prime Minister has agreed to take forward all 50 recommendations set out in the AI Opportunities Action Plan released last year, in a plan to make the UK ‘irresistible’ to AI firms looking to start, scale, or grow their business.

GraphQL -- in case you haven't heard of it -- is a rapidly rising query and manipulation language for APIs. It's designed to make APIs fast, flexible and developer-friendly, and it moves the complexity of data fetching from the client to the server side.

We spoke to Pete Crocker, director of solutions engineering at OpsMill, to learn why it's increasingly being employed as an alternative to the more established REST API.

Despite being an effective tool for safeguarding sensitive information, encryption remains underutilized by many organizations, leaving them vulnerable to cyber threats.

Many companies still rely on perimeter security measures, viewing encryption as optional rather than essential. Misconceptions about the complexity and cost of encryption further hinder its adoption, leading to a reactive approach that often waits for a data breach before taking action.

In 2024, ransomware groups claimed responsibility for 5,461 successful ransomware attacks on organizations worldwide. Of these 1,204 were confirmed by the targeted organizations, according to analysis by Comparitech.

Across the 1,204 confirmed attacks, 195.4 million records have been breached. These figures for 2024 are lower than those recorded in 2023 (1,474 attacks affecting 261.5 million records), though they are expected to rise as reports often come in months later.