If Part 8 answered the question 'what does a vCISO do?', this article answers the one that tends to follow it: 'why not just hire a proper CISO?'
Henry is the Managing Director of ITbuilder. He is also a CISM professional with over 7+years experience leading cyber security strategy and transformation initiatives across public and private sector clients. He has a strong track record of delivering maturity assessments, cyber governance models, and Secure by Design programmes in FS, Public Sector and E&U
If Part 8 answered the question 'what does a vCISO do?', this article answers the one that tends to follow it: 'why not just hire a proper CISO?'
Martyn's Law has become a pivotal moment for UK business resilience. For senior leaders—especially those in operational or IT roles—the legislation signals a fundamental shift:...
At this point in the series, the governance gap should be a familiar concept. You understand why certifications are not enough, why your MSP cannot fill it, why the board needs to...
Artificial intelligence is now central to day-to-day business operations in the UK. But with its rise comes a fundamental shift in how SME directors must approach GDPR...
There is a specific skill at the centre of cyber governance that does not get enough attention.
Navigating data protection compliance used to be about checklists and policies. While the right controls mattered, the shifting regulatory landscape is making one thing clear:...
Risk does not wait for an owner to be appointed before it starts accumulating. That is perhaps the most important thing to understand about the governance gap.
For many directors of UK SMEs, cyber resilience has moved from a technical topic to a boardroom concern. The investment in security tools, incident response plans, and regulatory...
If your organisation has a managed security service, you are in reasonable company. The majority of UK SMEs now outsource at least some element of their security operations — and...
Cybersecurity regulation is no longer an afterthought for UK businesses. The King’s Speech 2026, delivered on 13 May, placed cyber risk and resilience at the centre of national...
Cyber Essentials is genuinely useful. That needs to be said clearly, because this article is about its limits - and those limits only matter in the context of something worth...
Few business leaders are surprised by the headlines: cyber attacks are now part of daily business life. But the gap between technical controls and genuine business risk is...
There is a phrase that comes up in almost every conversation about cyber risk with business leaders: 'We've got that covered.'
Cyber resilience has become a boardroom priority, driven by escalating cyber threats and renewed calls from UK government ministers for all businesses to take action. With...
You sit in the quarterly review. The slide deck is full of numbers. Patch rates. Vulnerability scores. Incident counts. The person presenting knows exactly what it means. You nod.
Reports of accelerated cyber threats and warnings from the National Cyber Security Centre...
Many organisations have strong cyber security in place, yet still struggle to understand their true cyber risk. The challenge is not visibility of activity, but clarity of meaning...
UK SMEs are facing a more persistent and targeted cyber threat landscape than ever before. Ransomware, credential‑based attacks, and supply‑chain compromise are no longer rare...
In today’s increasingly digital financial marketplace, operational resilience and cyber security have never been more critical. The Digital Operational Resilience Act (DORA) is a...
Moving offices—even if it’s just down the hall—can be a surprisingly complex process for your IT infrastructure. Hidden inside every move are dozens of small tasks, each with the...
We’ve all seen the headlines recently.
Recent disruptions to your regular work routine have probably seen you getting to grips with team collaboration tools such as Microsoft Teams.
A cluttered mind makes for a cluttered desk, and visual chaos feeds mental chaos – it’s a perpetual loop. While our minds don’t have an ’emptiable’ recycling bin, we can...