Category: Advent IM Blog

• by Olivia Lawlor-Blackburn
• Advent IM Blog

Who really owns cyber incidents involving information — your IT team or your Information Governance team? 🤔 IT often gets treated as the default owner, but in reality, IT is essentially the filing cabinet: they store it, move it, and protect it — but they don’t own the information inside. That responsibility sits firmly with […]

• by Olivia Lawlor-Blackburn
• Advent IM Blog

The UK is moving towards a tougher stance on ransomware payments, particularly for the public sector and regulated critical national infrastructure. Policy proposals have included a targeted ban for those sectors, alongside measures that increase incident reporting and introduce a notify-to-pay approach for organisations outside the ban.  This shift matters because it changes the shape […]

• by Olivia Lawlor-Blackburn
• Advent IM Blog

The UK Government has renewed its pledge to increase defence spending to 2.5% of GDP by 2027. The announcement, reinforced in recent speeches by Prime Minister Keir Starmer, has generated strong headlines and a sense of urgency across the sector. But beyond the political messaging, what has materially changed? In the latest episode of Risk […]

• by Olivia Lawlor-Blackburn
• Advent IM Blog

The Data (Use and Access) Act does more than introduce new legal obligations — it quietly raises the bar on organisational accountability. By making formal data protection complaints handling a regulatory requirement, the legislation shifts responsibility firmly back to organisations to resolve issues properly before they reach the regulator. This reflects a wider move in […]

• by Olivia Lawlor-Blackburn
• Advent IM Blog

Schools have always had to think about site security: keeping pupils safe, keeping the premises secure, and keeping the day moving without turning reception into passport control. What’s changed is the threat landscape and the scrutiny. It’s no longer just “will CCTV deter vandalism?” It’s also “what happens when a camera system is offline?”, “who […]

• by Olivia Lawlor-Blackburn
• Advent IM Blog

Rather than viewing Defence Cyber Certification (DCC) and Secure by Design (SbD) as similar or overlapping, it’s more accurate to see them as operating at different layers of the system and supplier lifecycle. They serve different purposes, influence different behaviours, and deliver different types of assurance. Many discussions focus on what each framework requires, but […]

• by Olivia Lawlor-Blackburn
• Advent IM Blog

The UK’s Cyber Essentials scheme is about to undergo one of its most significant evolutions in years. From 27 April 2026, all new Cyber Essentials and Cyber Essentials Plus assessments will be based on the updated Cyber Essentials v3.3 Requirements for IT Infrastructure, bringing clearer definitions, stricter security expectations, and a renewed focus on cloud‑first […]

• by Olivia Lawlor-Blackburn
• Advent IM Blog

There’s a phrase in DORA that sounds like it belongs in a Cold War handbook rather than a compliance framework: forced supplier exit.  It has the energy of someone slamming a big red button. The nuclear option. The “right, that’s it” moment.  But when you sit with it for five minutes, you realise it isn’t actually dramatic at all. It’s painfully practical. It’s what happens […]

• by Olivia Lawlor-Blackburn
• Advent IM Blog

Between Q1 2019 and Q4 2024, the Ministry of Defence (including its arms length bodies) paid roughly £52.5 billion to private sector contractors—about half to UK headquartered firms and much of the remainder to U.S. companies like Boeing and Lockheed Martin. Tussell’s analysis shows a clear pattern: the lion’s share of non UK spend goes to U.S. suppliers, […]

• by Olivia Lawlor-Blackburn
• Advent IM Blog General

Free to download — no sign‑up required The rapid rise of agentic AI is reshaping the way financial services operate, make decisions, and manage risk. But with autonomy comes a new governance challenge: how do firms stay in control when systems can act, not just assist? From Digital Transformation to Agentic AI Governance: Operational Control, […]