AI Can Detect Threats — But It Can’t Fix Human Decisions
The Moment That Doesn’t Look Like Risk A message comes through on Teams. It appears to be from someone senior: short, direct, and straightforward. They need something sorted quickly. There is a sense of urgency, but nothing that feels unusual or out of character. Requests like this happen all the
How Employees Actually Make Security Decisions at Work
The Reality of Workplace Decisions There’s an assumption built into most cybersecurity training. That when an employee is faced with something suspicious, they will recognise the moment, pause what they are doing, and apply what they have been taught. That they will step out of the flow of work, assess
What Is Behaviour-Led Cybersecurity Training?
In our previous article, Why Knowledge Alone Isn’t Enough, we explored why traditional cybersecurity awareness training often fails to prevent real-world cyber incidents. Cybersecurity incidents are frequently attributed to human error. An employee clicked a malicious link, approved a fraudulent payment, or shared information with someone they believed to be
Behaviour-Led Cybersecurity Training: Why Knowledge Alone Isn’t Enough
Cybersecurity has become part of everyday conversation in modern organisations. Major ransomware attacks, data breaches, and online fraud incidents are now widely reported in the news, and most employees are well aware that cyber criminals regularly target businesses through phishing emails, fraudulent messages, and other forms of social engineering. In
Why Charities Are Becoming a Prime Target for Cybercriminals
Charities occupy a unique position within society. They exist to support communities, protect vulnerable individuals, and address challenges that many other organisations are not equipped to handle. From local community initiatives to large international organisations, charities are built on trust — trust from donors, volunteers, beneficiaries, and the public. People
Data Theft in Law Firms: Why the Real Risk Isn’t Technical
Law firms are among the most trusted institutions in professional life. Clients disclose commercially sensitive strategies, personal histories, financial arrangements and future intentions on the understanding that those matters will be handled with discretion and care. Confidentiality is not a marketing claim within legal practice; it is an ethical obligation
The Cyber Security and Resilience Bill: What It Means for UK Businesses
At the time of writing, the Cyber Security and Resilience Bill is progressing through Committee Stage in the House of Commons. That means it is being examined line by line, debated, amended and refined before moving further through the legislative process. It is not yet law, and details may still
The Other Side of the Mirror: What Confident Cybersecurity Culture Really Looks Like
A finance assistant receives an email from a long-standing supplier. The tone is familiar. The branding is correct. The request is straightforward: bank details have changed, and future payments should be redirected to a new account. Nothing about the email feels dramatic. It does not look like a cyberattack. It
Compliance Isn’t Safeguarding: Is 36 Minutes of Cyber Training Enough for Schools?
Compliance, Confidence and Safeguarding Responsibility Each year, schools across the UK complete the cyber security awareness training produced by the National Cyber Security Centre in support of the Department for Education Cyber Security Standards. The module takes approximately thirty-six minutes to complete and concludes with a downloadable certificate confirming that
