Einblicke

Einblicke in Cybersicherheit

Analysen und Handlungsempfehlungen zu Cybersicherheit, regulatorischen Pflichten und operativer Resilienz — geschrieben für die Menschen, die die Verantwortung tragen.

AI Security
en

Anthropic's Fable 5 and the New Logic of AI Export Controls

Two weeks after a US government directive withdrew Anthropic's most capable models from all users — including the restricted group created specifically to handle them — neither model has returned to service.

Weiterlesen
Security Advisory
en

Vulnerability Management: Prioritisation Is the Real Challenge

Vulnerability management is no longer about scanning systems and producing long lists of findings. Most organisations already have more vulnerabilities than they can fix immediately. The real challenge is prioritisation.

Weiterlesen
Security Advisory
en

Crisis Management: When Cyber Becomes a Business Event

Not every cybersecurity incident becomes a crisis. But when cyber disruption affects customers, operations, revenue, safety, regulatory obligations, or public confidence, it becomes a business crisis.

Weiterlesen
Security Advisory
en

Incident Response: The Plan Must Work Before the Incident Happens

Incident response is one of the clearest indicators of cybersecurity maturity. The question is not whether an organisation has a document called an incident response plan. The question is whether the organisation can execute it under pressure.

Weiterlesen
Security Advisory
en

Threat Intelligence: Turning External Signals into Better Decisions

Threat intelligence is most valuable when it improves decisions. Too often, organisations collect threat feeds, reports, indicators, and alerts without translating them into action.

Weiterlesen
Security Advisory
en

Cyber Resilience: Moving Beyond Prevention to Continuity

Cyber resilience is the ability of an organisation to prepare for, withstand, respond to, and recover from cyber disruption. It recognises a hard truth that not every attack can be prevented.

Weiterlesen
Security Advisory
en

Cybersecurity Insurance: Insurance Is Not a Substitute for Resilience

Cybersecurity insurance has become an important part of enterprise risk management, but it is often misunderstood. It does not replace security controls, incident response capability, governance, or operational resilience.

Weiterlesen
Regulatory Advisory
en

CRA Awareness: Cybersecurity Is Becoming a Product Requirement

The EU Cyber Resilience Act introduces cybersecurity requirements for products with digital elements. It entered into force on 10 December 2024, making cybersecurity a product lifecycle obligation for manufacturers, software providers, importers, and distributors.

Weiterlesen
Regulatory Advisory
en

NIS2 Awareness: Cybersecurity Accountability Is Expanding Across Essential Sectors

NIS2 represents a major expansion of cybersecurity expectations across the European Union, placing stronger emphasis on management responsibility, cyber risk governance, incident reporting, and supply chain security.

Weiterlesen
Regulatory Advisory
en

DORA Readiness and Awareness: Digital Resilience Is Now a Regulatory Expectation

The EU Digital Operational Resilience Act entered into application on 17 January 2025 and applies to a broad range of financial entities. Its objective is to strengthen the ability of financial entities to withstand, respond to and recover from ICT-related disruption.

Weiterlesen
Security Advisory
en

Governance, Risk and Compliance: Why GRC Must Become Operational, Not Administrative

Governance, risk and compliance is often misunderstood as documentation, policy ownership, and audit preparation. Effective GRC should connect business objectives, risk appetite, controls, accountability, evidence, and decision-making.

Weiterlesen
Security Advisory
en

Third-Party Risk Management: From Vendor Questionnaires to Continuous Assurance

Third-party risk management is moving beyond annual questionnaires and static due diligence packs. That model is no longer sufficient for the speed, complexity, and dependency levels of modern digital business.

Weiterlesen
Security Advisory
en

UK CAF: A Practical Framework for Cyber Resilience

The UK National Cyber Security Centre's Cyber Assessment Framework is designed to help organisations assess and improve cyber security and resilience, focusing on outcomes rather than simply prescribing a list of controls.

Weiterlesen
Security Advisory
en

ISO 27001: Building a Management System for Information Security

ISO/IEC 27001 remains one of the most recognised international standards for information security management. Its value lies not only in certification, but in the management system it creates.

Weiterlesen
Security Advisory
en

Cyber Hygiene: The Basics Still Prevent the Most Damage

Cyber hygiene refers to the foundational security practices that reduce the likelihood and impact of common attacks. It may not sound sophisticated, but it remains one of the most important areas of cybersecurity.

Weiterlesen