Loading...
Expert perspectives on cybersecurity strategy, compliance frameworks, and security leadership. Practical knowledge to strengthen your organisation’s security posture.
Monthly roundup of EU and global compliance developments, enforcement actions, and regulatory shifts that affect your security posture.
Real questions from clients on DORA, NIS2, ISO 27001, and GDPR — answered by Orizon's compliance advisors.
Quarterly deep-dive into emerging threat vectors, attacker techniques, and their compliance implications for regulated industries.
A step-by-step walkthrough of every clause in the ISO/IEC 27001:2022 standard — from scoping your ISMS to passing the certification audit. Written for business leaders, compliance managers, and anyone who needs to understand what the standard actually requires without reading 19 pages of normative text.
Cyber insurance premiums have fallen for 11 consecutive quarters, yet over 40% of claims are being denied. The paradox of a buyer-friendly market with stricter-than-ever underwriting requirements — and what it means for your organisation.
NIS2 and DORA do not merely impose fines on organisations. They impose personal liability on the individuals who lead them. With enforcement underway across Europe and national laws adding provisions from salary-based fines to management bans, board members can no longer treat cybersecurity as a delegable concern.
The Digital Operational Resilience Act has been enforceable for over a year. With 19 critical ICT providers now under direct EU oversight and only 25% of institutions confident in their compliance, here is what the first enforcement wave reveals.
The EU AI Act's high-risk system requirements become fully enforceable on August 2, 2026. With 50% of organisations lacking even a basic AI inventory, France already raiding offices over prohibited practices, and conformity assessments taking 6-12 months, the window for preparation is closing fast.
The average CISO earns USD 565,000 in total compensation. The global cybersecurity workforce gap has reached 4.8 million. For organisations that need security leadership but cannot justify a full-time executive hire, the fractional CISO model offers a financial case that the numbers make difficult to ignore.
Since 2018, European data protection authorities have imposed over EUR 7 billion in GDPR fines. The enforcement pattern — which sectors are targeted, which violations draw the largest penalties, and which authorities are most active — reveals where compliance teams should focus their attention.
Organisations operating across the European Union, Brazil, and India now face three distinct data protection regimes with different legal bases, consent models, cross-border transfer mechanisms, and enforcement timelines. The challenge is not choosing between them — it is building one compliance programme that satisfies all three.
The October 2025 deadline has passed. With 96,709 certificates globally and the transition complete, here is what auditors actually flagged — from Statement of Applicability failures to the new controls that caught organisations off guard.
ISO 27001:2022 covers approximately 80% of NIS2 requirements and provides the structural foundation for DORA compliance. Instead of building three separate compliance programmes, organisations can map one control framework to satisfy all three — if they know where the gaps are.
Five major EU regulations now overlap in scope, reporting obligations, and penalties. GDPR enforcement has reached EUR 5.88 billion in cumulative fines. NIS2 brings 160,000+ entities into scope. DORA mandates 4-hour incident reporting for financial services. Here is how they fit together — and where the gaps will catch you.
With the NIS2 transposition deadline behind us and enforcement accelerating across Europe, organizations classified as essential or important entities need a structured path to compliance. Here is your month-by-month action plan.
Global ransom payments fell 35% to USD 813 million in 2024, yet OT/ICS attacks surged 87% and data exfiltration now accompanies 96% of incidents. Ransomware has not declined. It has evolved into a multi-vector extortion operation that encryption-focused defences alone cannot address.
Only seven percent of small and mid-sized businesses report having sufficient cybersecurity budget. Meanwhile, 88 percent of SMB breaches now involve ransomware. The gap between threat reality and resource availability is widening — but the organisations that allocate strategically still achieve meaningful protection.
Third-party involvement in data breaches doubled to 30 percent in 2025. The average organisation manages 286 vendors — each with their own supply chain of subcontractors and software dependencies. Fourth-party risk is no longer a theoretical concern. It is an operational reality that regulations are beginning to address.
Third-party involvement in breaches has doubled to 30% according to the Verizon 2025 DBIR. With NIS2, DORA, and the CRA all mandating vendor oversight, annual questionnaires no longer qualify as risk management. Here is how to build a TPRM programme that actually works.
The global cybersecurity workforce gap has reached 4.8 million. Fifty-nine percent of European SMEs cannot hire qualified security talent. NIS2 now holds management bodies personally liable for cybersecurity oversight. For growing companies, the question is no longer whether you need strategic security leadership — it is how you access it.
63% of organisations worldwide have implemented a zero trust strategy, yet only 10% have mature programs. With 48% citing cost barriers and 49% struggling with multi-cloud complexity, the mid-market faces a distinct set of challenges that generic enterprise playbooks do not address.
Not all compliance frameworks are created equal. Learn the fundamental differences between regulations, directives, certifications, and standards — with authoritative sources, real-world examples, and a practical classification system.