The UK Government has published its 2025/2026 Cyber Security Breaches Survey, which is drawn from information received from thousands of UK businesses. The 2025/2026 survey paints a picture of a cyber threat landscape that is stable in its scale but shifting in its character. The publicity surrounding high-profile incidents has not yet resulted in a […]
About Kelly Hagedorn
Secure Connectivity for Operational Technology—UK NCSC Publishes New Guidance
The UK National Cyber Security Centre (NCSC) published guidance to help organisations design, secure, and manage Operational Technology (OT) environments. It sets out eight core principles to improve resilience, reduce exposure, and support secure architectural decision‑making. The NCSC positions these as goals rather than minimum requirements, and operators of essential services (including those within scope […]
Britain’s Financial Regulators Raise the Bar on Cyber Reporting and Resilience
Cyber risk has shifted from a technical issue to a systemic one and Britain’s financial regulators are making that reality unmistakably clear. On March 18, 2026, the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), and Bank of England announced a new, unified cyber and operational resilience framework that strengthens the requirements on how firms […]
European Commission Publishes Guidance For Companies Implementing the EU Cyber Resilience Act
On December 3, 2025, the European Commission published its first set of technical FAQs on the EU Cyber Resilience Act (‘CRA’). The CRA is an EU-wide law which lays down cybersecurity requirements for ‘products with digital elements’ (‘PDEs’), including IoT devices, hardware components, and certain software. It becomes fully applicable on December 11, 2027, with […]
New EU Regulation Clarifies Cybersecurity Rules for IoT Devices and Other ‘Products with Digital Elements’
On November 28 2025, the European Commission adopted a regulation implementing the Cyber Resilience Act (‘CRA’) – an EU-wide law which lays down cybersecurity requirements for companies that design and sell ‘products with digital elements’. PDEs can take many forms including IoT devices, hardware components, and certain software. The CRA imposes cybersecurity obligations in connection […]