I hear it regularly in boardrooms across Europe: "We should only implement controls if we can demonstrate a specific risk that justifies them." On the surface, it sounds rational. Risk-based decision making is, after all, best practice. But this objection reveals a fundamental misunderstanding of how cybersecurity actually works—and it can leave organizations dangerously exposed.

In December 2022, CircleCI—the CI/CD platform trusted by thousands of tech companies—discovered malware on an engineer's laptop. By the time they caught it, attackers had spent weeks inside their production environment, harvesting customer secrets: API keys, tokens, credentials to AWS, GitHub, and databases.

In September 2024, Jaguar Land Rover suffered a crippling cyberattack that temporarily halted operations. The incident was serious enough on its own, but the real story emerged when the ripple effects became visible. Over five thousand companies felt the impact of JLR's downtime, many of them small suppliers who collectively lost an estimated £1.9 billion. These suppliers weren't hacked. They weren't the target of the attack. They couldn't operate because their customer had gone dark.

Let me guess: you've recently received an email from one of your fintech clients. Maybe it was from their legal team, or perhaps their Chief Compliance Officer. The subject line probably read something like "Urgent: Contract Amendment Required" or "DORA Compliance Requirements - Action Needed."

Small and medium-sized businesses (SMBs) are the backbone of the European economy, but their increasing reliance on digital technologies has made them a prime target for cybercriminals.

Over the past two years, I have been speaking with startup leaders about their security. What did I learn, and can I condense the entire process into ten easy-to-follow steps? A cybersecurity manifesto of sorts.

For the C-Suite of high-growth technology startups, the path to success is paved with risk. Every decision, from launching a new product to entering a new market, carries a degree of uncertainty. The ability to effectively navigate this complex risk landscape is what separates thriving startups from those that falter. This white paper provides a comprehensive guide for tech startup executives on defining and implementing risk appetite and risk tolerance. It offers practical, actionable frameworks and real-world examples to help you not only manage risk but also leverage it as a strategic enabler for sustainable growth.

Passwords are the weakest link in your business's security chain. They're a hassle to remember, a nightmare to manage, and a prime target for cybercriminals. But what if there was a better way? A way to secure your business that's not only stronger but also simpler and more user-friendly? Enter passkeys, the next-generation authentication technology that's poised to make passwords a thing of the past.

How a single word in your security policy could cost you thousands in legal fees.

Strategic insights for advancing your cybersecurity career, based on lessons learned from nearly two decades in the field.

You've been building your startup from the ground up, survived the 'Valley of Death,’ and have built a team you trust. As a result, all your employees had access to basically all your valuable assets—customer data, trade secrets, and financial information. Since then, your organization has grown larger, but you didn't think about revising this lack of compartmentalization until one day, when you discovered the hard way that your most significant security threat wasn't some hoodie-wearing hacker in a basement halfway around the world. It was someone sitting right next to you in the office, maybe even sharing coffee with you in the break room.