What not to do in a disaster

Scaling Securely: What High-Growth Firms Get Right

What happens when your business grows faster than its foundations can handle? In this episode of Phishing for Trouble, IO [https://www.isms.online/]’s Rebecca Harper and David Holloway explore why the companies that scale successfully aren’t necessarily the ones that achieve compliance fastest. They’re the ones that build security, privacy and governance into the way they operate from the very beginning. They’re joined by cyber leader Purvi Kay, whose experience spans government, aerospace and FTSE 100 boardrooms and Andy Ellis [https://origin.csoandy.com/bio/] cybersecurity advisor, former Chief Security Officer at Akamai and author of 1% Leadership. Hear why “security debt” can quietly build as startups race to grow, why compliance should be treated as a product featureand how resilience becomes a competitive advantage as organisations scale. From secure-by-design principles and embedded security teams to risk appetite, customer trust and leadership accountability, this episode explores what high-growth firms get right and why resilience is about far more than passing an audit. Find out more at ISMS.online [https://www.isms.online/]

You’re compliant, are you resilient?

What happens when a cyber attack doesn’t just disrupt your business, but stops it completely? In this episode of Phishing for Trouble, IO’s Rebecca Harper and David Holloway explore why resilience has become a defining business challenge fororganisations of every size. Using the Jaguar Land Rover cyber attack as a case study, alongside insights from cybersecurity expert Pierre Noel and Professor Ciaran Martin, founding CEO of the UK National Cyber Security Centre, they unpack the growing gap between compliance and genuine operational resilience. Hear why businesses are moving from prevention to preparedness, why supply chain resilience matters now more than ever, and why the organisations best placed to survive disruption are the ones building resilience into every part of their operations. Find out more at ISMS.online [https://www.isms.online/]

Boardroom to Breakroom: Building a Culture of Compliance

Why do organisations still struggle to turn security policy into real-world behaviour?  In this episode of Phishing for Trouble, IO [https://www.isms.online/]’s Rebecca Harper and David Holloway explore how regulations like NIS2 place direct accountability on senior leaders whilst, in many organisations, compliance still lives on paper and not in practice. They’re joined by Professor Steven Furnell [https://www.nottingham.ac.uk/computerscience/people/steven.furnell], Professor of Cyber Security at the University of Nottingham, an expert in the intersection of human, technological and organisationalaspects of cyber security and full of good advice on turning policy into real action.  Hear how having a policy isn’t the same as people understanding how it applies directly to them and their job,the importance of moving away from ‘tick box’ compliance and how, wrongly handled, security training and tests can feel punitive, rather than supportive.  Because if staff are using unapproved processes or shadow I.T. and A.I, it might actually be a clue to what resources the business is lacking and a cue to ask the questions that fillthe gaps compliantly. Find out more at ISMS.online [https://www.isms.online/]

Supply Chain Dominoes: Why Their Risk Is Now Your Risk

What happens when a third-party company suffers a security breach, way down the supply chain – and the people who suffer are your customers? In this episode of Phishing for Trouble, IO [https://www.isms.online/]’s Rebecca Harper and David Holloway explore how, even if your systems are strong, a weak supplier can shut you down, how regulators and investors are demanding stronger supplier governance, and what you need to do about it. They’re joined by Madelein Van Der Hout, a senior analyst in cyber security and risk at Forrester [https://www.forrester.com/about-us/] who digs into the detail of recent high-profile breaches and what questions businesses should be asking, and the University of Oxford’s Professor Ciaran Martin - founding CEO of the UK National Cyber Security Centre [https://www.ncsc.gov.uk/] and one of the UK’s leading voices on cyber resilience. Hear how the cost of a supply chain breach can be more than financial, ways to identify risk and dig deeper into supplier assurances, and how to cope with the regulatory landscape as it evolves and develops Because it’s not just the disruption and damaged reputation a breach can cause, it can affect the profitability of both suppliers and clients, and employee job stability. Find out more at ISMS.online [https://www.isms.online/]

AI: Trust, Ethics, and Getting It Right from the Start

What happens when employees start using AI toolsfaster than organisations can govern them? In this episode of Phishing for Trouble, IO [https://www.isms.online/]’s Rebecca Harper and David Holloway explore why AI governance has quickly become a business-critical issue, from shadow AI and data privacy risks to accountability, trust and emerging regulation. They’re joined by Professor Andrea Isoni, who works with organisations navigating AI governance and risk and A-LIGN’s [https://www.a-lign.com/] Patrick Sullivan, VP of Strategy and Innovation, who advises businesses on AI strategy, governance and emerging technologies.   Hear why governance is no longer just about compliance, but about building resilience, visibility and trust as AI becomes embedded across organisations. Find out more at ISMS.online [https://www.isms.online/]   AI Governance hub: AI Governance | [https://www.a-lign.com/service/ai-governance-hub]ISO 42001Readiness Checklist: Guide to AI Compliance [https://www.a-lign.com/lp/iso-42001-checklist-uki?utm_source=google&utm_medium=cpc&utm_campaign=GS-UK-ISO42001-LowIntent-E&utm_term=iso%2042001%20checklist&utm_content=engine:google|campaignid:21677819469|adid:712871670133|gclid:Cj0KCQjwk_bPBhDXARIsACiq8R23q6WCxv2vFIfl5Vn3YBrzqXJKskTeThjE6KB54ciJNksjbihVnYwaAqNiEALw_wcB|adgroupid:164073734821|matchtype:e&gad_source=1&gad_campaignid=21677819469&gbraid=0AAAAADtWNIYYt13jizbgaU57rg9kyXnN4] Blog by Patrick Sullivan: Why AIGovernance Stopped Being Theoretical and What Leaders Must Do Next | A-LIGN [https://www.a-lign.com/articles/ai-governance-what-leaders-must-do-next]