IT governance

IT governance provides the core workflows and processes that help IT managers to oversee the successful functioning of the IT department, and to prove the value of IT to the business. Regulations and compliance are just as important as technological and management skills, and we highlight the best practice in IT governance and the example of successful IT leaders.

Feature 11 Jul 2023
Norwegian data privacy experts sound alarm over generative AI

Hundreds of millions of people embrace generative artificial intelligence, blissfully ignorant of what it’s doing to data privacy. Continue Reading
News 24 Apr 2023
Finland and Estonia deepen cross-border digital partnerships

Finland and Estonia, two global tech pioneers, are increasingly sharing their expertise Continue Reading

News 13 Nov 2023

Lloyds Bank warns over rising threat of crypto scams

Report by Lloyds Banking Group finds there has been a 23% increase in cryptocurrency scams in 2023 compared with last year, targeting mostly younger investors Continue Reading
News 13 Nov 2023

Victims’ legal action over 2015 Carphone Warehouse breach moves forward

A class action against Currys Retail over the 2015 data breach of Carphone Warehouse customers has been granted permission to move forward in the courts Continue Reading
Opinion 10 Nov 2023

Breached? Don't panic… if you created a robust IR plan

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
News 10 Nov 2023

UN disarmament body calls for global action on autonomous weapons

UN draft resolution highlighting the dangers of autonomous weapons passes with overwhelming majority Continue Reading
Opinion 10 Nov 2023

How the Online Safety Act will impact businesses beyond Big Tech

The Online Safety Act will impact an estimated 100,000 online services in the UK and overseas Continue Reading
News 10 Nov 2023

Ransomware attack on major Chinese lender disrupts financial markets

The financial services arm of one of the world’s largest banks was taken offline by a supposed LockBit ransomware attack, causing problems for US markets Continue Reading
Opinion 09 Nov 2023

The best IR plans are well-revised and deeply familiar

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
News 09 Nov 2023

UK government does not see need for specific AI legislation

The UK government does not currently see the need for new artificial intelligence legislation, as many regulators are already dealing effectively with AI-related harms Continue Reading
News 09 Nov 2023

The Security Interviews: Why cyber needs to integrate better

Cyber security is an intensely technical field, but we shouldn’t ignore the soft skills of communication and collaboration. Wipro’s Tony Buffomante explains why a robust security posture is dependent on a security team engaging with the wider organisation Continue Reading
News 08 Nov 2023

Former Post Office manager has no memory of preparing witness statement in legal dispute

Evidence of computer problems was omitted from the witness statement of a former Post Office manager in a legal battle with a subpostmaster blamed for unexplained accounting shortfalls Continue Reading
News 08 Nov 2023

Data-sharing management gap highlights cyber risk, says report

Organisations are struggling to secure their use of communications tools to share data with third-party partners and suppliers, and in the process are exposing themselves to heightened levels of risk, according to a report Continue Reading
News 08 Nov 2023

AI Summit not the place for human rights, says French finance minister

Despite commitments at the UK’s AI Safety Summit to respect and protect human rights, the French finance minister said it was not the right forum to discuss signatories' human rights records Continue Reading
Opinion 08 Nov 2023

The plan for the inevitable cyber attack: Get the gist of NIST

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
News 08 Nov 2023

Iconic Singapore hotel caught up in major data breach

The Marina Bay Sands resort in Singapore uncovered a data breach of its guest loyalty programme last month Continue Reading
News 08 Nov 2023

King’s Speech misses the mark on cyber law reform, says campaign

A group of activists who want to reform the UK’s computer misuse laws to protect bona fide cyber pros from prosecution have been left disappointed by a lack of legislative progress Continue Reading
News 08 Nov 2023

The Security Interviews: ISC2’s Clar Rosso on cyber diversity and policy

Computer Weekly catches up with ISC2 CEO Clar Rosso to talk about diversifying the cyber workforce and supporting cyber pros as they keep up with growing compliance and security policy demands Continue Reading
Opinion 07 Nov 2023

Enhancing security: The crucial role of incident response plans

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
News 07 Nov 2023

Unesco unveils seven-point anti-disinformation plan

United Nations body outlines seven proposals for civil society, governments, regulators and tech platforms to adopt to combat the source of disinformation Continue Reading
News 07 Nov 2023

AI Safety Summit review

Computer Weekly takes stock of the UK government’s AI Safety Summit and the differing perspectives around its success Continue Reading
Opinion 06 Nov 2023

IR plans: The difference between disaster and recovery

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
News 06 Nov 2023

Shadow IT use at Okta behind series of damaging breaches

Okta now believes the initial access vector in a series of damaging breaches was one of its own employees who used a corporate device to sign into their personal Google account Continue Reading
Opinion 03 Nov 2023

Incident response planning requires constant testing

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
News 02 Nov 2023

Admins told to take action over F5 Big-IP platform flaws

Two vulnerabilities in the widely used F5 Networks Big-IP platform are now being exploited in the wild Continue Reading
News 02 Nov 2023

UK workers exhibit poor security behaviours, report reveals

Report by KnowBe4 has found that four in five UK workers do not make security-conscious choices, whether in-office, remote or hybrid working Continue Reading
Opinion 02 Nov 2023

Use existing structures to build your incident response plan

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
Opinion 02 Nov 2023

Law Commission misrepresented experts when it changed rule on computer evidence

The Law Commission repeatedly quoted vague, arm-waving, un-evidenced comments by judges who offered no insight into anything beyond their own technical ignorance. The law change made miscarriages of justice inevitable. Continue Reading
News 02 Nov 2023

EU digital ID reforms should be ‘actively resisted’, say experts

Over 300 cyber security experts have called for the EU to rethink its proposals for eIDAS digital identity reforms, saying some of the provisions risk damaging user privacy and security Continue Reading
News 01 Nov 2023

AI Summit: 28 governments and EU agree to safe AI development

In a joint communique at the UK government’s AI Safety Summit, all participating governments agreed to deepen their cooperation around the risks associated with artificial intelligence Continue Reading
Opinion 01 Nov 2023

Incident response planning is vulnerable to legacy thinking

What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
News 01 Nov 2023

Darktrace CEO Poppy Gustafsson on her AI Safety Summit goals

As the AI Safety Summit at Bletchley Park takes place, Computer Weekly caught up with Darktrace CEO Poppy Gustafsson to find out what one of the UK’s most prominent AI advocates wants from proceedings Continue Reading
News 31 Oct 2023

British Library falls victim to cyber attack

The British Library is experiencing a major IT outage following a cyber incident of an undisclosed nature Continue Reading
News 31 Oct 2023

Biden’s AI plans focus on US workers’ protection

The US president has issued an Executive Order that sets out his administration’s strategy for AI safety and security Continue Reading
News 31 Oct 2023

SEC sues SolarWinds, alleging serious security failures

SolarWinds and its CISO have been charged with fraud and internal control failures by the US authorities amid allegations of a series of cyber security failings leading up to the 2020 Sunburst attacks Continue Reading
News 30 Oct 2023

UK government AI Summit already branded ‘missed opportunity’

The dominance of big tech firms, a focus on speculative risks over real-world harms, and the exclusion of affected workers, mean the AI Safety Summit is a wasted opportunity, say civil society groups Continue Reading
News 30 Oct 2023

Frontier AI Taskforce starts recruitment drive

The second progress report from the Frontier AI Taskforce reveals new hires plus vacancy posts for software and research engineers Continue Reading
News 27 Oct 2023

Tech firms cite risk to end-to-end encryption as Online Safety Bill gets royal assent

Tech firms continue to be concerned that the Online Safety Bill could undermine end-to-end encryption despite government reassurances Continue Reading
News 27 Oct 2023

Domestic abuse charities surface fresh worries over NHS data sharing

With new NHS data access options coming into effect at the end of October, a group of campaigners including womens' charities and the BMA have warned that the revived GP-patient data sharing scheme risks putting vulnerable people at risk Continue Reading
News 27 Oct 2023

‘Egregious’ to link passport data with facial recognition systems

The Scottish biometrics watchdog has spoken out against the UK policing minister’s plans to integrate passport data with police facial recognition systems Continue Reading
News 27 Oct 2023

UK regulators confident they are ready for AI safety governance

MPs at a recent artificial intelligence governance meeting were keen to hear how Ofcom, the FCA and the ICO are preparing for UK AI legislation Continue Reading
News 26 Oct 2023

ChatGPT, Bard, lack effective defences against fraudsters, Which? warns

Consumer advocacy Which? warns that popular generative AI tools are vulnerable to loopholes that render existing protections against malicious usage easily bypassed Continue Reading
News 26 Oct 2023

Sunak sets scene for upcoming AI Safety Summit

Prime minister Rishi Sunak has outlined how the UK will approach making AI safe, but experts say there is still too big a focus on catastrophic but speculative risks over real harms the technology is already causing Continue Reading
News 26 Oct 2023

Boardrooms losing control in generative AI takeover, says Kaspersky

C-suite executives are increasingly fretful about what they perceive as a ‘silent infiltration’ of generative AI tools across their organisations Continue Reading
News 25 Oct 2023

UK Finance paints mixed picture of fraud as losses top £500m

UK losses to fraud in the first six months of the year topped £500m, but a slight decline in overall crime rates was observed, according to UK Finance’s latest data Continue Reading
News 25 Oct 2023

1Password caught up in Okta support breach

After breaches at BeyondTrust and Cloudflare, 1Password, a third customer of Okta operating in the same space, has revealed that it too was impacted in a breach of the IAM house’s support systems Continue Reading
News 24 Oct 2023

Michelle Donelan reaffirms UK's commitment to AI safety

In a keynote speech, the secretary of state for science, innovation and technology discussed the UK's pro-innovation approach to AI safety Continue Reading
News 24 Oct 2023

Research team tricks AI chatbots into writing usable malicious code

Researchers at the University of Sheffield have demonstrated that so-called Text-to-SQL systems can be tricked into writing malicious code for use in cyber attacks Continue Reading
Opinion 24 Oct 2023

The new data landscape: how will the new UK-US data bridge affect businesses?

With the UK-US data bridge coming into effect on 12 October 2023, find out what steps your organisation can take to take advantage of, and remain compliant with, the new framework Continue Reading
News 24 Oct 2023

Kaspersky opens up over spyware campaign targeting its staffers

Kaspersky has shared more details of the TriangleDB spyware that was used against its own workforce by an unknown APT group Continue Reading
News 24 Oct 2023

Customers speak out over Okta’s response to latest breach

Customers of identity specialist Okta have been attacked via a compromise of its systems, and are claiming Okta’s response leaves something to be desired Continue Reading
News 24 Oct 2023

Suzy Lamplugh Trust treads path to improved cyber resilience

Personal safety charity enlists the support of the London Cyber Resilience Centre to improve staff awareness and strengthen its overall cyber resilience Continue Reading
News 23 Oct 2023

Taxpayers to fund a further £150m for Post Office IT scandal

Total bill for the scandal goes well over £1bn, as subpostmaster campaign leader considers private prosecutions of Post Office executives Continue Reading
Feature 23 Oct 2023

Joining the dots for a seamless digital transformation journey

It is often the small things that have the greatest impact on a successful digital transformation project Continue Reading
News 20 Oct 2023

Computer Weekly contributor named Godfather of UK Security

Advent IM founder Mike Gillespie was among those honoured at the eighth annual Security Serious Unsung Heroes Awards Continue Reading
News 20 Oct 2023

CDO interview: Carter Cousineau, vice-president of data and model governance, Thomson Reuters

The news and information provider places a premium on responsible and ethical use of artificial intelligence, and central to that is the governance of data and the models surrounding it Continue Reading
News 19 Oct 2023

Nuclear regulator raps EDF over cyber compliance

The Office for Nuclear Regulation says EDF has come up short on needed measures to improve cyber security standards at several critical UK nuclear facilities Continue Reading
News 19 Oct 2023

Sellafield local authority unsure if data was stolen six years on from North Korea ransomware attack

Senior managers at an ‘Achilles heel’ local authority for Europe’s biggest nuclear site ‘still don’t know what was lost’ in a 2017 cyber attack, according to a council source Continue Reading
Opinion 19 Oct 2023

DORA: Moving into a new era of digital resilience

The EU’s Digital Operational Resilience Act will come into force in just over a year, the majority of risk management professionals are only at the beginning of their planning journey. Kate Needham-Bennett of Fusion Risk Management explains how to get things moving Continue Reading
News 19 Oct 2023

Post Office auditors presumed subpostmasters were ‘on the fiddle’ or ‘in a muddle’

Public inquiry into Post Office scandal hears how head office staff routinely made negative assumptions about subpostmasters in small branches Continue Reading
News 18 Oct 2023

What are the cyber risks from the latest Middle Eastern conflict?

The outbreak of war between Hamas and Israel in October 2023 has seen a wide variety of accompanying cyber attacks from hacktivists and other groups. We look at the risks to organisations Continue Reading
News 17 Oct 2023

Five Eyes issues five tips on thwarting nation state threats

Intelligence chiefs from the UK, Australia, Canada, New Zealand and the US have published guidance on building resilience against nation state cyber threats Continue Reading
News 17 Oct 2023

Alert sounded over dangerous Cisco IOS XE zero-day

Cisco warns customers using its IOS XE software of a newly discovered vulnerability that could enable a threat actor to take over their systems Continue Reading
Opinion 16 Oct 2023

T Levels expand the work-ready tech talent base and now include a specialism in cyber security

T Levels are creating a pathway into the technology sector, from software development to cyber security, for people who feel a more academic route is not for them Continue Reading
News 12 Oct 2023

Scottish biometrics watchdog outlines police cloud concerns

Police Scotland’s response to the biometrics commissioner’s formal information notice ‘did not ameliorate’ his concerns about the sovereignty and security of the sensitive biometric information being uploaded to cloud infrastructure that is subject to intrusive US surveillance laws Continue Reading
News 11 Oct 2023

Public sector buyers of AI tech must interrogate its suitability

The Ada Lovelace Institute has published a review on public sector use of artificial intelligence foundation models, looking at the risks and opportunities associated with the technology, and how these can be dealt with from the early stages of procurement onwards Continue Reading
News 10 Oct 2023

MGM faces £100m loss from cyber attack on its casinos

MGM Resorts has provided further details on the fallout of the hack targeting its casinos in early September, confirming that a range of personal information has been stolen and that it will likely cost the firm around $100m Continue Reading
News 06 Oct 2023

Data-sharing strategy needs business buy-in

A Forrester Consulting survey for Capital One Software has found that data experts and businesspeople have differing views on success Continue Reading
News 05 Oct 2023

Red Cross issues rules of engagement for hackers in conflicts

The digital rules of engagement are the first time cyber activity has been looked at by the conflict watchdog, but a number of hacker groups have already come out and said they will not be following them Continue Reading
News 05 Oct 2023

Policing minister wants to use UK passport data in facial recognition

The policing minister’s plans to integrate the UK’s passport database with police facial-recognition systems have been met with criticism from campaigners, academics, and the biometrics commissioner for England and Wales Continue Reading
News 05 Oct 2023

Ransomware dwell times now measured in hours, says Secureworks

Ransomware payloads are now being deployed and executed within 24 hours in more than 50% of cases, according to Secureworks’ annual report Continue Reading
News 04 Oct 2023

IR35: HMRC completes first phase of CEST upgrades with Ocelot platform migration

HMRC has confirmed that its online IR35 status checker tool has completed its migration to a new platform, as the government tax collection agency’s revamp of the service continues apace Continue Reading
Feature 04 Oct 2023

Ransomware: All the ways you can protect storage and backup

We survey the key methods of ransomware protection, including immutable snapshots, anomaly detection, air-gapping, anomaly detection, and supplier monetary guarantees Continue Reading
News 04 Oct 2023

ICO issues guidance on workplace surveillance

Guidance on employee monitoring covers how employers can conduct their digital surveillance lawfully, transparently and fairly, and warns against businesses intruding on their workers’ private lives Continue Reading
News 03 Oct 2023

Cyber experts urge EU to rethink vulnerability disclosure plans

The European Union’s proposed cyber security vulnerability disclosure measures are well-intentioned but ultimately counterproductive, as making unmitigated vulnerabilities public knowledge increases the risk of their exploitation by various actors, experts claim Continue Reading
News 03 Oct 2023

IT decision-makers confident they can handle tech disruptions

The majority of IT decision-makers polled in a recent survey have admitted their organisations has been adversely affected by IT failures Continue Reading
News 03 Oct 2023

RSA and other crypto systems vulnerable to side-channel attack

A researcher has found that a flaw in RSA is still vulnerable – a quarter of a century after it was first discovered Continue Reading
News 03 Oct 2023

Public sector needs systemic reform of capacity to innovate

Improving the public sector’s capacity to innovate requires a culture of innovation underpinned by people, skills and new ways of working with the private sector Continue Reading
News 03 Oct 2023

Top science journal faced secret attacks from Covid conspiracy theory group

A conspiratorial group of extreme Brexit lobbyists mounted an extraordinary campaign against one of the world’s most prestigious science journals – part of a series of joint investigations between Byline Times and Computer Weekly Continue Reading
News 29 Sep 2023

First subpostmaster Horizon conviction overturned in Scotland

Scotland has seen its first Post Office Horizon conviction overturned, taking the UK total to 92 Continue Reading
News 29 Sep 2023

Government ‘breached privacy’ of Horizon victims with compensation offer, says lawyer

The government breached the privacy of victims of the Post Office Horizon scandal through making a compensation offer public Continue Reading
News 29 Sep 2023

Scottish watchdog urges wider biometric oversight

Scotland’s biometrics watchdog urges Scottish Parliament to extend oversight of biometric information to include the entire criminal justice system, not just police Continue Reading
News 28 Sep 2023

US lawmakers write to AI firms about ‘gruelling’ work conditions

Lawmakers have written to nine tech companies – including Amazon, Google and Microsoft – about the working conditions of those they employ to train and maintain their artificial intelligence systems, giving them until 11 October 2023 to respond Continue Reading
News 28 Sep 2023

Businesses disconnected from realities of API security

Business leaders feel confident they’ve got a handle on API security, but at the same time, incidents are through the roof, according to a report Continue Reading
Feature 28 Sep 2023

Automated cloud IR: Empowering cyber with AI-powered playbooks

As cyber threats increasingly target cloud infrastructure, demand for robust and reliable incident response measures is through the roof. Find out why you might want to consider bringing artificial intelligence into play Continue Reading
Opinion 28 Sep 2023

Security Think Tank: To encrypt or not to encrypt, that is the question

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
News 28 Sep 2023

Security and risk management spending to grow 14% next year

Growth in public cloud services will stand out over the next 12 months, as Gartner projects an overall 14% increase in cyber spending in 2024 Continue Reading
News 28 Sep 2023

Yahoo picks Intigriti to run crowdsourced bug bounty programme

Digital media brand Yahoo is setting up a crowdsourced bug bounty programme with ethical hacking specialist Intigriti, and is reaching out to the Capture the Flag community to participate Continue Reading
News 27 Sep 2023

City of Las Vegas masters cyber incident response with Darktrace

The high-rolling city of Las Vegas experiences unique cyber security challenges rarely seen elsewhere. CIO Mike Sherwood reveals how he turned to Darktrace to help address incidents quicker and with confidence Continue Reading
News 26 Sep 2023

UK government quietly disbands data ethics advisory board

The government has disbanded its Centre for Data Ethics and Innovation’s advisory board in favour of pulling the relevant artificial intelligence (AI) and data knowledge from a pool of external experts Continue Reading
News 26 Sep 2023

Cover-ups still the norm in the wake of a cyber incident

Almost half of organisations that have experienced a cyber incident did not report it to the appropriate authorities, according to a report Continue Reading
News 26 Sep 2023

Crest and IASME to deliver upcoming NCSC Cyber Exercise programme

Crest and IASME have been tasked with assuring that security services providers signing up to a soon-to-launch NCSC Cyber Incident Exercising scheme are up to the job Continue Reading
Opinion 25 Sep 2023

Security Think Tank: Three ways to identify the best encryption use cases

The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
News 25 Sep 2023

Apple fixes three vulnerabilities found by spyware researchers

Apple has patched three more vulnerabilities uncovered by spyware and surveillance researchers at The Citizen Lab Continue Reading
News 22 Sep 2023

CMA unblocks Microsoft/Activision deal without cloud gaming

Microsoft’s Activision buy looks set to get the thumbs-up after a deal that stops the two companies from distributing cloud gaming to UK consumers Continue Reading
News 22 Sep 2023

UK-US data bridge to open to traffic on 12 October

Government forges ahead with the implementation of the UK-US data bridge, which will come into effect for real just under three weeks from now Continue Reading
News 22 Sep 2023

Cyber experts set out plan to secure future US elections

A group of experts are setting out to enhance election cyber security in the United States, and restore public faith in a process tainted by interference and misinformation in the past Continue Reading
News 22 Sep 2023

Lords begin inquiry into large language models

Lords will examine the risks and opportunities of large language models and look at how government can effectively manage them in the coming years Continue Reading
Opinion 22 Sep 2023

Fear is the mind-killer: Governance key to safety in the cyber dunes

Whether you’re tasked with protecting your organisation against cyber threats or ravenous subterranean worms, getting the basics of governance and risk management right counts for a lot and choosing the right framework will remove a huge burden from security teams and executives Continue Reading
News 21 Sep 2023

‘Top’ ransomware gangs favour smaller businesses

Despite high-profile attacks on prominent organisations, the world’s most prolific ransomware operations tend to target smaller businesses Continue Reading
News 21 Sep 2023

Poor digital experience a blocker for cyber resilience

Organisations that neglect the digital employee experience are not only vulnerable to employee attrition, but putting themselves at increased cyber risk, an Ivanti report finds Continue Reading
Feature 20 Sep 2023

Toyota car plant outage shows database capacity planning is vital

How could database deletes and re-organisation take out car production for 36 hours at 14 plants? We drill down into the details of database capacity planning Continue Reading