The Pros and Cons of Cyber Ratings: What You Need to Know 

Cyber Ratings, also known as Security Ratings – what are they and how do you get one? Well, more on that later but Gartner insisted in 2021 that over the next 5 years Cyber Ratings will be as important as credit ratings for supply chain management and they will become a precondition of doing business.  

Enter LinkedIn: Sorry, not sorry 

Picture the scene: the CEO has read on LinkedIn that at least 65% of Cyber Attacks today are due to the negligence of a 3rd party. Although you love (or hate, a bit like marmite) your security questionnaires, you are now sifting through a sea of security vendors, all promising to protect your company from cyber threats involving third parties – with a magic number.  

What are Cyber Ratings? 

Enter cyber ratings, the ongoing trend in the cybersecurity market inspired by the beloved to all 😉 credit ratings market. Cyber ratings provide an aggregated score of a company’s cybersecurity posture based on externally observable data as analysed by Forrester. They aim to help businesses assess their own security and evaluate the cybersecurity risk of their third-party ecosystem. According to the World Economic Forum, cyber risk ratings can objectively assess an organisation’s cybersecurity posture based on various factors, including network security, data protection and incident response capabilities. It’s like having a report card that tells you where your supplier stands in the realm of digital fortification. Let’s dive into the pros and cons: 


  • Vendor Risk Management Made Easy: Say goodbye to the hassle of manually assessing your third-party vendors! Security ratings provide a convenient shortcut to evaluating their cybersecurity practices. It’s like having a personal assistant who sifts through mountains of data to give you a neat little score. Who needs hours of due diligence when you can make snap judgments based on a single number? 
  • Validation of Security Claims: Cyber ratings platforms can help companies validate the security claims made by third parties, as I’m sure you may be shocked to learn that some people may be less than truthful when a sale is in jeopardy over a security tick box. Their observed security posture can provide a sense of assurance and confidence when engaging with other businesses. It’s like having a truth serum that exposes any exaggerations or lies. 
  • Objective Assessment: Who needs subjective opinions when you can have an independent evaluation of a vendor’s cybersecurity practices? Cyber Ratings offer an “unbiased” perspective (well, at least in theory) to help you see through the smoke and mirrors. 
  • Some Transparency and Workflow Capabilities: Some cyber ratings platforms offer semi-robust process transparency and workflow capabilities. They provide detailed ratings model white papers, publicly available information, and workflow processes that enhance the understanding and usability of the ratings. 
  • Comparative Analysis: Cyber Ratings allow you to indulge in some healthy competition between your vendors. Compare their cybersecurity performance like you’re judging a beauty pageant and crown the winner with confidence. 
  • Third-Party Risk Portfolio Building: Building a diverse portfolio is not just for stock market enthusiasts! With security ratings, you can create your very own third-party risk portfolio. It’s like curating a collection of risky relationships and proudly displaying it to your colleagues. Show off your ability to identify potential vulnerabilities in your supply chain and be the envy of risk managers everywhere. 


  • Market Immaturity: The cybersecurity risk ratings market is still considered immature, being a new and unregulated industry. While accuracy and transparency have improved, Cyber Ratings heavily rely on data sources, but not all data is created equal. Some rating companies may use outdated or incomplete information, leading to inaccurate portrayals of security. It’s like basing your life decisions on Chat GPT3 and not consulting GPT4, Bing and Bard and you know, real life therapists. 
  • Limited Recourse for Low Ratings: One significant drawback of Cyber Ratings is the limited recourse or avenues for improvement if a company receives a low score. Suddenly, the ability to close a deal rests in the hands of a single number and an algorithm. This lack of recourse can be frustrating for organisations on the ‘blacklist’ (in many cases its red), raising questions about the fate of long-term valued partners, unless you want an excuse to purge them 😜 
  • Rating Reliability Roulette: The world of Cyber Ratings is a minefield of conflicting methodologies and scoring systems. Standardised metrics? Well, sort of. Different cybersecurity ratings companies may deliver varying risk scores based on the data selected for assessment. Subjectivity also creeps in with their own secret sauce in selecting and weighing criteria. So, grab a pinch of subjectivity to sprinkle on your assessment process. 
  • Stuck in the Past: Many Cyber Rating companies still cling to outdated methodologies that fail to keep up with the ever-evolving threat landscape. The lack of integrations with other risk and compliance management technologies hinders widespread adoption and effectiveness. 
  • Limited Scope: Cyber Ratings tend to focus on specific aspects of cybersecurity, conveniently ignoring other critical factors. Because who needs a holistic view of security when you can just evaluate one piece of the puzzle, right? 
  • Lack of Context with a dash of limited visibility: Context? Pfft! Cyber Ratings might not consider factors like industry specifics or your vendor’s risk appetite, disregarding relevant context. Get ready to be amazed by the wonders of publicly available information and self-reported data—surprise! It’s a mixed bag. 
  • Reliance on Historical Data: Want a blast from the past? Cyber Ratings got you covered. Their assessments might be based on historical data, which means they might miss the latest plot twists in a vendor’s security journey. It’s like predicting the future based on last year’s newspaper. 

Conclusion: Cyber Ratings – the imperfect superheroes of supply chain security evaluations. While they bring some undeniable advantages, they also come with their quirks. 

And here we are, at the end of this thrilling cyber rating journey! But before we bid adieu, let’s shine a spotlight on the true superhero of managing third parties and security ratings—  

With its cyber supply chain management feature about to release, leaps over the competition like a caped crusader, effortlessly balancing the need for security with a touch of whimsy. It’s like having a cyber butler who not only manages your third-party risks but also knows how to crack a good joke. So, whether you’re a David in a world of Goliaths or a Goliath in the world of David’s, is here to save the day, one security rating at a time. Go ahead, take control of your cybersecurity experience and let be your trusty sidekick. Together, we’ll conquer the realm of third-party management with a smile and a virtual high-five. 

Learn more about’s Cyber Security Manager next week as we launch.

Unmasking the Deal-Breaker: How Your Cyber Posture Can Make or Break Big Sales

Alright, fellow SMEs, picture this: You’re on the brink of sealing that shiny new deal with the huge prestigious account you’ve been pursuing for five long years. The sales team can practically taste their well-deserved commissions, and it seems like a done deal. But suddenly, one of the techies from the potential client demands to know your Cyber Posture 😱. They want concrete evidence that you’ve got what it takes, with the receipts, to bounce back from the darkest corners of the web and protect their precious data. Now, while you may be frantically Googling “what is a cyber posture and how do I get one,” they have an entire security team working on their side, casting doubt on your credibility as a small fry. 

Are they being paranoid or just drunk on the power of knowing you want the sale at any cost? Well, truth be told, they’re not entirely wrong. Data doesn’t lie. According to the European Union Agency for Cyber Security, between January 2020 and July 2021, 32% of cyberattacks targeting supply chain businesses resulted in data theft and breaches of internal processes and 65% of attacks today happen due to the negligence of a third party. 

But fear not, SMEs of the world 😎! Before Sales starts making voodoo dolls out of you, or the board grills you about your Cyber Posture, this guide will show you how to impress potential clients with your Cyber ninja skills and secure that deal ASAP. 

Moving gif of a suited man asking for advice on Cyber Posture

Rock Solid Assessment

First things first, get your risk assessment game on point. Conduct a comprehensive analysis of potential threats, vulnerabilities, and risks lurking in the shadows. Identify weaknesses and showcase how you plan to address them. Your potential clients want to see that you’ve left no stone unturned in understanding and mitigating the risks that could compromise their valuable data. Here’s a quick FAQ from our mothership on risk assessments  

Armor of Security Measures: 

Equip yourself with an impressive arsenal of security measures that will make your potential clients nod in approval. Show them your state-of-the-art firewalls, cutting-edge encryption methods, and multi-factor authentication protocols. Demonstrate that you’ve built a fortress 🏰around their data, leaving no room for cyber villains to penetrate your robust defenses. 

Cartoon super hero with the text data is in safe hands for Security Measures

Superhero Training Program: 

Every superhero needs to hone their skills, and your team is no exception. Develop a top-notch training program that transforms your employees into cyber guardians. Train them on the latest cybersecurity best practices, from spotting suspicious emails to handling social engineering attacks. Make it engaging, inject your signature humor, and keep everyone on their toes. And don’t forget to document it all as proof, for the ultimate flex on your Cyber Posture. 

Incident Response Superpowers:

When trouble strikes, you need to unleash your incident response superpowers. Show your potential clients that you’ve got a well-rehearsed plan to handle any cyber threat that comes your way. Outline the steps you’ll take in the event of an incident, from isolating affected systems to swiftly restoring operations. Prove that you’re a master of disaster, ready to tackle any challenge head-on. Need help? Check out our free guide on incident response planning

Validation and Compliance Credentials: 

No showcase of cyber posture would be complete without the necessary validation and compliance credentials 🏆. Highlight any certifications or audits you’ve undergone, such as SOC2, Cyber Essentials or ISO 27001, to demonstrate that your security practices meet industry standards. These credentials provide reassurance to your potential clients that you’ve undergone rigorous scrutiny and emerged victorious. 

So now, you’re fired up 🔥and ready to go – that’s great news! But here’s the not-so-great news: These folks love their questionnaires, and they’re going to send you a document that’s hundreds of pages long. You’ll have to answer every single question, ‘securely’ by email, resulting in a never-ending thread. But fear not, for once you conquer that task, you’ll be in the clear and deserving not just of a raise, but maybe even those elusive bonuses floating around for saving the day. 

The moral of this story? As an SME, you’re often seen as the weak link, and you’ll always have to prove your Cyber worth. That’s precisely why we built – to make your life easier during the show-and-tell sessions. And here’s the most exciting part (well, at least for us): our new Supply Chain Manager feature is ready to be launched! So, make sure to check back here at the end of the month for all the exciting details. 

Sign up for a free trial of Premium. Free forever plans available.

The top 10 arguments for increasing your company’s cyber security budget 

We get it, it’s 2023 and you’re trying to stretch that IT budget as far as possible, but let us ask you this – what’s worse than spending a few extra pennies on your cybersecurity budget? Being the next victim of a cyberattack, that’s what! Think your business is too small to be targeted? Think again, because according to Accenture’s Cybercrime study, nearly 43% of cyber-attacks are targeted at SMBs. Those hackers are always on the prowl for vulnerable targets, and your business could be next on their list. That’s why it’s essential to invest in cybersecurity, and in this post, we’ll give you the top 10 arguments for increasing your company’s cybersecurity budget. (You’re welcome, IT manager.) 

2 jars, one empty 'before breach' the other full 'after security breach'
  1. Protect your business’s reputation: A cyberattack can do more than just damage your business’s finances; it can also tarnish your reputation. A data breach can make your customers lose trust in your business, and it can take years to rebuild that trust. In fact, according to a study by ISACA nearly 1 in 3 consumers stopped doing business with a company known to have compromised cybersecurity. 
  1. Avoid costly legal battles: In the event of a cyberattack, your business could be held liable for any damages incurred by your customers. This could result in costly legal battles that could bankrupt your business. In fact, the average cost of a data breach is $4.35M, according to a study by IBM. 
  1. Keep your customers’ data safe: Your customers trust you with their personal and financial information, and it’s your responsibility to keep that data safe. A data breach can result in the theft of your customers’ data, and it can take years to recover from the damage. Think it only happens to the Amazon’s of the world, think again, in fact, according to a  study by Verizon, 58% of data breach victims are small businesses, so that means you. 
  1. Stay ahead of the curve: Cybercriminals are always coming up with new ways to attack businesses knowing that there are so many easy targets out there and no one really wants to spend money on protection. By investing in cybersecurity, you can stay up to date with the latest security trends and protect your business from new and emerging threats. 
  1. Protect your intellectual property: Your business’s intellectual property is one of its most valuable assets, and a cyberattack can result in the theft of that property. By investing in cybersecurity, you can protect your business’s intellectual property and prevent it from falling into the wrong hands, you know, those competitors out there who want to take you out. 
  1. Avoid downtime: A cyberattack can cause significant downtime for your business and while some of your team will be happy watching the series finale of Succession until systems are restored, the result for you is lost revenue and productivity. A benchmark study by CISCO found that 40% of the small businesses that faced a severe cyber-attack experienced at least eight hours of downtime. And this downtime accounts for a major portion of the overall cost of a security breach. By investing in cybersecurity, you can minimise the risk of a cyberattack and avoid costly downtime. 
  1. Protect your supply chain: Your business’s supply chain is essential to its success, and a cyberattack on one of your suppliers could have a significant impact on your business. By investing in cybersecurity, you can protect your supply chain and minimise the risk of a cyberattack. (Check back here real soon, is launching a Supply Chain Manager feature). 
  1. Ensure compliance: Many industries have regulations governing the protection of data, and failing to comply with these regulations can result in significant fines and penalties. By investing in cybersecurity, you can ensure compliance with these regulations and avoid costly fines and penalties. 
  1. Demonstrate your commitment to cybersecurity: Investing in cybersecurity demonstrates your commitment to protecting your customers’ data and your business’s assets. This can help you win the trust of potential customers and differentiate yourself from your competitors. Plus, it has a knock-on effect on your team, not only will your IT manager be able to sleep at night again, but those employees who might be vulnerable to personal attacks like phishing will be better aware of the risks that they pose to the business. 
  1. Personal Liability: If all of the above wasn’t enough, let’s hit you where it hurts. As a CEO or business owner, do you want to be held responsible for a breach and potentially face financial penalties? The mood is swinging, and two legal cases in the US suggest that regulators and prosecutors are becoming more determined to take personal action against directors and senior executives who fail to deal adequately with cybersecurity breaches. Investing in cybersecurity is not just about protecting your business but also protecting yourself and your personal liability. 

In conclusion, cybersecurity is not something to be taken lightly. By investing in cybersecurity, you can protect your business’s reputation, avoid costly legal battles, keep your customers’ data safe, stay ahead of the curve, protect your intellectual property and avoid downtime. 

Or, how about protecting your company at low cost with a tool like At, we offer a low-cost solution for businesses to manage their cybersecurity needs.   

Sign up for a free trial of Premium. Forever free plan available. 

NIST Framework 101: A Guide for IT Managers in SMEs 

Hey there, IT managers in SMEs, we need to talk about something important: the NIST framework. Wait, don’t click off this post and jump to Twitter just yet! We know that the words “framework” and “compliance” make your eyes glaze over and your mind starts wandering to thoughts of that new Star Wars movie (spoiler alert there isn’t but there are 1000 new series on the Disney Channel we can pull apart). But trust us, understanding the NIST framework is crucial for your company’s cybersecurity. And don’t worry, we’ll try to make it fun…or at least tolerable and if we fail at that, get somebody or something else to do it, but more of that at the end. 

What is the NIST Framework?

So, what is the NIST framework? Well, NIST itself stands for National Institute of Standards and Technology, and their framework CSF also known as 800-171 is basically a set of guidelines for organisations to manage and reduce their cybersecurity risks. Think of it as a roadmap for protecting your company’s sensitive information from hackers and other cyber threats. And trust us, you don’t want to mess around with cyber criminals. They’re like the Sith Lords of the internet, only less cool and more destructive. 

Why should I care about NIST?

Now, we know what you’re thinking: “Why should I care about the NIST framework? I’ve got too many other things to worry about, such as a reduced budget and Kevin from accounts forgetting his password every 5 seconds. But here’s the thing: the NIST framework can help you do your job better and avoid potential disaster. It provides a common language for talking about cybersecurity across your organisation, helps you identify and prioritise your cybersecurity risks, and gives you a roadmap for implementing effective security controls. 

“But how do I know if my company is following the NIST framework?” you ask. Good question! There are a few tools out there that can help you map your cybersecurity posture against the NIST framework, such as the Cybersecurity Capability Maturity Model (C2M2) from the US Department of Energy. These tools can give you a better understanding of where your company stands in terms of cybersecurity and help you identify areas for improvement.  

Cartoon character with fed up look on his face with the title 'Not sure if complaint or compliant

I’m busy, can I get help?

If you want a tool that holds your hand all the way, consolidates your security tools in one place, maps your Cyber Posture against NIST and gives you insights and actions to Cyber Resilience then we are going to have to shamelessly drop in our own tool as well, 

So, IT managers, we urge you to take the NIST framework seriously. Don’t let the Sith Lords of the internet wreak havoc on your company’s sensitive information. Use the NIST framework as your guide through our app and may the force be with you. And Kevin, seriously, enough already. 

Sign up for your free premium trial of now. Forever free plans available.  

Stay tuned to our blog for updates on the latest developments and revisions to the NIST framework, including the biggest reform in its history, as it continues to evolve to meet the ever-changing cybersecurity landscape 

The top 10 worst cybersecurity habits that your teammates may be guilty of 

As an IT manager in an SME, one of your top priorities is ensuring the security of your company’s data and systems. However, even with the best security measures in place, the actions of individual employees can pose a significant threat to your company’s cybersecurity. Yes, those who claim to be your work buddies are the very reason for giving you sleepless nights or being the cause of you getting pinged by your boss on a Saturday evening as you were just about to grab a pint at the pub. 

We’re going to outline the top 10 worst cybersecurity habits that your teammates and maybe even you, may be guilty of, and what you can do to help them improve their habits and, in turn, keep you sane. 

1. Using weak passwords

You might think that 12345678 is a cliché, but sadly it’s still used by many employees. Weak passwords are one of the easiest ways for hackers to gain access to your company’s systems and data. As an IT manager, you can encourage your team to use strong, complex passwords that are at least 12 characters long and contain a mix of upper and lowercase letters, numbers, and special characters. You can also implement password policies that require employees to change their passwords regularly and prohibit the use of common passwords. If all else fails, start a dedicated Slack channel for naming and shaming, there must be a plug-in that helps make a firework gif of their name and faux paux. 

2. Sharing sensitive data

Sharing sensitive data over unsecured channels is a common mistake made by employees who may not understand the risks. Email, chat, and file sharing services are often unsecured, and using them to share sensitive data can expose the data to unauthorised access. To mitigate this risk, it’s important to encourage employees to use secure channels, such as encrypted email or file sharing services with password protection. An effective way to explain the risks is to use an analogy: sharing sensitive data on unsecured channels is like shouting your secrets in a public place. To illustrate this point to the non-believers, you could show a slide show of baby photos projected onto the wall in the break room that someone’s mum uploaded to Facebook. 

3. Ignoring software updates

Ignoring Patch Tuesday is going to bite you in the butt one day, and while it feels like the updates are the devil’s work and cause more problems than they solve, software updates often contain important security patches that fix vulnerabilities that could be exploited by hackers. As an IT manager, you can ensure that all devices and software are up to date by implementing automated update processes and regularly reminding employees to install updates. Failure to abide by your rules and you can threaten to block TikTok and Instagram in the office, nobody still uses Facebook anymore and Musk has ruined Twitter so you’re good with those two as a threat. 

4. Clicking on suspicious links

We’re not going to lie, phishing emails and links are becoming increasingly sophisticated. But clicking on a suspicious link is like playing Russian roulette with your company’s data. To help your colleagues avoid this, provide cybersecurity training that teaches them how to identify and report phishing attempts. And if they still fall for it, maybe consider hiring a fake Nigerian prince to run around accounts and teach them a lesson. 

5. Ignoring two-factor authentication

We get it, entering a code in addition to a password can be annoying. But two-factor authentication is an extra layer of security that makes it more difficult for hackers to gain access. As an IT manager, you can require the use of two-factor authentication for all company accounts. And if they still resist, ask the CEO to take the tea and coffee hostage or if you’re in a fancy office, the Kombucha until they all get on board. 

6. Neglecting endpoint protection

Neglecting endpoint protection is a huge risk for your company’s IT infrastructure. Ensure that all endpoints have up-to-date security software, firewalls, and intrusion prevention systems. Monitor these measures regularly for potential vulnerabilities. Failure to do so can lead to a devastating security breach that compromises sensitive company data and exposes the company to significant financial and reputational damage. We have no suggestions for suitable punishments on this one; it’s probably on you. 

7. Using public Wi-Fi networks

Public Wi-Fi networks are often unsecured, which means that any data transmitted over the network could potentially be intercepted by hackers. To help your colleagues avoid this risk when they “escape home” to go to Starbucks on their WFH days, provide a secure VPN (virtual private network) for remote access to company systems. And if they still insist on using public Wi-Fi, have their device play annoying songs on loop, and as loudly as possible, once a non-company network is detected. 

8. Leaving devices unattended

Common sense, I hear you cry, but when they’re not paying for the device, do you think they’re watching it while they run around collecting all the swag at that conference the CEO forced them to attend? Public places can make devices an easy target for theft or unauthorised access. As an IT manager, you can implement policies that require employees to lock their devices when they step away from them. Any culprits “forgetting” will receive a glitter bomb package to their home address. 

9. Using personal devices for work

Look, you get it, everybody loves their phone. It’s with them all the time, it knows their secrets, and it even talks to them (in a non-creepy way, we hope). But just because it’s their constant companion doesn’t mean it should be used for work too. Using personal devices for work can be a major security risk if the devices aren’t properly secured, or if they’re lost or stolen. It’s like inviting a stranger into your home and hoping they won’t steal your TV (or in this case, your company’s sensitive data). As an IT manager, you can implement policies that require employees to use company-issued devices for work purposes. Any detractors (careful, it’s probably your boss) will receive the “car key sellotaped to the roof” treatment. Let them work to get home at 5pm on a Friday. 

All joking aside, we had fun writing the wish list of punishments for failure to abide by the rules, but the one rule is that you need employees to trust and feel they can admit mistakes to you. This is key for number 10 on the list. 

10. Failing to report security incidents

Finally, one of the worst cybersecurity habits an employee can have is failing to report security incidents. Whether it’s a lost laptop, a phishing email, or a suspected data breach, employees need to be vigilant and report any incidents to their IT manager immediately (that’s you, by the way). Failure to do so could result in serious consequences for the company, including regulatory fines, lost business, and damage to the company’s reputation. As an IT manager, you can encourage a culture of transparency and openness when it comes to cybersecurity incidents and ensure that employees know how to report incidents quickly and effectively. 

You might just want to pull out that stress ball, say a few mantras, Netflix and chill, or whatever your calm-down pill might be for all rule-breaking. We do recommend signing up for a free trial of Premium in (forever free available) for all your Cyber Security management needs. makes cybersecurity easy for small and medium-sized businesses by enabling IT managers without specialised cyber expertise to achieve cyber resilience effortlessly. Our platform is user-friendly, action-orientated and facilitates effective communication with partners and executives using KPIs tailored to their technical proficiency. 

How to Make Reduced Cybersecurity Budgets Work in Your Favor with A Guide for IT Managers

The rise of expectations and the fall of the IT Manager’s budget  

Buried amongst too many disparate projects, implementations, meetings, support cases, report writing, and, of course, security alerts, today’s IT Manager is over-familiar with having their capacity stretched and consequently, operating at a suboptimal level. In the same breath, Forbes very recently published an assessment of the pressure CISOs have faced since the pandemic took hold in 2020, highlighting how ‘IT leaders are now being asked to tackle more complex digitisation projects at a time when IT budgets are growing less quickly’. Tru dat.  

Throw in the frustration of being perpetually misunderstood by pretty much all your string-holding-stakeholders, plus a growing list of rather mundane responsibilities, and anyone would be forgiven for throwing the towel in, or, dreaming of outer space.   

So what is that nagging feeling that despite your difficult reality, there must be another dimension in which you could carry out your role comfortably and with more freedom? 

Where them budgets at  

In January, ComputerWeekly reported the latest Forrester research that also concludes IT budgets are under even more pressure – in fact IT spend is expected to fall by more than 3% in 2023. The promising news is (yes there is always a way of spinning it), ‘Forrester believes organisations will want to focus their technology spending on how they can best achieve cost savings and operational efficiency’.  

Do we sense an eye roll there from IT Managers? Cutting budgets further is a good thing? At least we can give you good no bullshit news in that department as will generate the facts and the figures on all things Cyber Security to present to stakeholders in a way they can understand and give you the best chance of securing what budget is lurking around – to achieve exactly those two things cited; Cost savings and operational efficiency!  

“But your boss thinks you’re already doing this, so how do you go about asking for budget to do what they think they’re already paying you to do?”

Grant the CTO at knows first-hand how this feels. Time to turn things on their head and show that your business case supports broader, commercial strategic planning to achieve long-term savings.  – don’t make the mistake of positioning your request as little more than additional IT expenditure that no non-techie can begin to fathom ( has a free plan btw).  

Forbes Technology Council Member and author of the article mentioned earlier, Shane Buckley, lists ‘bringing ROI to the forefront when determining your cost savings strategy’ as one of the top five tactics CISOs should consider when budgeting amid economic uncertainty. Whether or not you report into or work alongside a CISO day-to-day, adopting an approach that supports this advice is unlikely to go amiss. And it’s when those real monetary savings based on NCSC values attributed to the cost of breaches and attacks – easily accessible via the dashboard – come in very handy.  

Low investment, low risk 

As if we needed a reminder, Buckley references that security postures are under more scrutiny than ever in light of survey results that revealed 80% of U.S.-based organisations were hacked in 2021, and 60% of those paid a ransom (argh). Of course, life would be a little simpler if today’s global economic environment could be summed up as ‘post-pandemic’, but not only are IT leaders finally revising the knee-jerk decisions made to accommodate the overnight switch to remote or hybrid working, they’re feeling the not-insignificant pinch as a result of war in Ukraine, widespread disruption impacting transportation and supply chain, plus global political instability.  

Cue To our point, Buckley points out ‘this might mean cutting back on spending and turning to one-stop solutions’. So let’s focus less on the associated cost of trialling a breakthrough platform, and more on the fact that something like is a major enabler when it comes to reducing existing IT and cyber security spend, shrinking the over-crowded landscape of digital solutions that the past couple of years left in their wake, and condensing your entire cyber security experience into one (easily personalised) dashboard where automation and easy to understand KPI’s like CyberScore and ROI ensure your FTE can steadily begin to focus on more valuable work.  

The dimension 

Pay close attention: is that the door to another dimension? Yes, the dimension where you can sign up for free to take control of your Cyber Security experience with Sign Me Up. 

ChatGPT and the Cybersecurity Landscape: Insights from a US Spy Chief

ChatGPT will make hackers more efficient (but it won’t mean cyber doomsday). As well as coming for all of our jobs, everyone’s favourite AI chatbot is going to be a potent weapon for cybercriminals, a US spy chief has warned. 

But there is a silver lining here – Rob Joyce, director of the NSA’s Cybersecurity Directorate has played down the idea that ChatGPT and other generative AI will be some kind of magic bullet for criminals. 

Speaking at CrowdStrike’s Government Summit this week, Joyce said, ‘The technology’s impressive. It is really sophisticated. Is it going to, in the next year, automate all of the attacks on organisations? Can you give it a piece of software and tell it to find all the zero-day exploits for it? No.’

Instead, Joyce believes it will help crooks craft better phishing lures and better ransom notes – and ‘optimise the workflow’ for cybercrime gangs. 

Joyce also believes that generative AI could be helpful for defence teams – and that we’ll see new tools in the coming year. 

He said, ‘So for the next year we are going to be very focused: what tools come out that will … give us the advantage as defensive folks.’

So far, artificial intelligence is not a substitute for human intelligence, or threat intelligence: at, we aim to simplify cybersecurity with a dashboard that offers an overview at a glance with actionable insights, to boost human brains, even the cyber novice ones. Sign up for a free account to take control of your Cyber Security experience.

Notorious cybercrime marketplace seized in ‘Operation Cookie Monster’

In what we believe to be the first cybercrime operation named after a hairy blue Muppet, international law enforcement have seized the notorious Genesis Market. 

The dark web marketplace’s website now bears the logos of the FBI along with dozens of other police organisations in Europe and beyond.

“Genesis marketplace was an invite-only cybercrime institution that held data on account holders from almost all major websites,” our CEO Mark Lamb said in Security Week

“The operators offered customers a pre-made package on victims, enabling them to access accounts and execute attacks quickly, with all the information they needed to commit fraud. Unfortunately, very few victims were aware they had been compromised until money was stolen or goods were purchased, as there was nothing malicious for threat detection tools to alert on.”

Britain’s NCA (National Crime Agency) described Genesis as ‘one of the most significant access marketplaces in the world’. 

The site was invitation-only – but now it’s clearly a club that most members will wish they hadn’t joined. 

Lamb says in another publication, Silicon Republic, “This is another coup for the FBI that follows a long string of recent takedowns. It will be interesting to see if the operators of Genesis are caught, because given the scale of the operation they were running, the FBI will not let them off lightly.”

To see what Lamb built to protect organisations from Cyber Crime, sign up for free and try out

Microsoft brings ChatGPT to cybersecurity – as a co-worker

The future seems to be arriving a little quicker than most people imagined – as Microsoft announced this week that the cybersecurity co-worker of the future will be a robot. 

As part of the global frenzy around ChatGPT, Microsoft is to bring the insanely popular chatbot to cybersecurity in the form of Microsoft Security Copilot

Rather than simply running the GPT-4 generative model which is helping youngsters around the world cheat on their exams, it also runs a security specific model developed by Microsoft. 

Microsoft promises the security ‘bot can do clever things such as look up info on vulnerabilities and deliver information on recent security incidents, based on data from the organisation (which is not shared outside the organisation). 

The way it works is not dissimilar to Microsoft’s ChatGPT-powered Bing, with a search box where security pros can type a query, receiving a reply based on the app’s knowledge set (which in this case includes the company’s own data). 

It’s an interesting idea – but could it just be yet another tool for cybersecurity professionals to have to learn to navigate? 

At, we simplify cybersecurity with a dashboard that lets IT Managers and business leaders see their security overview at a glance with recommend actions – no robots or weird conversations with AI required.

Let’s start with your Cyber Score (get to the green)

Author: Grant Roy, CTO,

Our story has been in the making for a long time, but this is the first time I’m telling it out loud. It’s humbling to believe someone’s listening (hi!).

When you’re an electrical engineer (bear with me, I will land this analogy), I’m willing to bet that you would do all it takes to prevent your next-door neighbours from finding out. Why? Because no matter how many times you explain that you design protection systems, at the first sign of a fault with their lawnmower, they’ll be hollering over the fence with certainty that you can fix it.

If you’re reading this as a fellow IT Manager (Hi, I’m Grant the CTO), you know what I’m talking about. People may think you’re pretty introverted, but you have one of the noisiest jobs going. You’re swamped, but you’ve come to accept that your non-technical peers and seniors will never quite understand. And now that you’ve been tasked with making tough calls on cybersecurity, it can feel like everyone, including the board, thinks that cybersecurity is simply a part of IT.

Helping you get it done

I can’t lie, the platform is the tool that finally lets you do the Cyber part of your job how you were always supposed to be doing it (and always hoped to be doing – password resets are SO DULL). So, to help you take control, guide tricky conversations in your favour, and reclaim your buried potential, let’s start by knowing how well you are doing.

Get started with your CyberScore

You can’t improve what you can’t measure, so what’s the first rule for managing your cybersecurity? Know your baseline. (Drum roll, please. CyberScore enters the conversation). It’s the ultimate representation of your organisation’s cyber posture, like a credit score, but cooler and easier to understand. The beauty of CyberScore is that it provides a simple visual representation that even non-technical stakeholders can understand. It’s a common language that everyone in your organisation can speak. And it’s the line in the sand between where you are and where you need to be.

With, you can generate a CyberScore before integrating any tool or software through the Attack Surface module. The platform uses custom logic to calculate your CyberScore using attested data to generate KPIs, it also considers your Compliance Posture. But if you want the extra secret sauce to getting a clearer picture of your Cyber Posture and Cyber Threat Level, that’s when you add (integrate) the data from your tools for a ‘verified’ score. You know, for those pesky suppliers or partners who don’t want to take your ‘tick a box’ word for it.

How do I explain risk to non-technical people?

For non-technical stakeholders, all you need to do is get to the green. That’s the target CyberScore that everyone can understand. The next step is then explaining that you need to stay in the green, but one step at a time. Once you’re all on the same page, you can work on improving your score step by step and getting the budget to be able to do so.

But what we’re really talking about here is the board, right? Yeah, having John in accounts on board is never a bad thing, but you’d like the CEO to understand that Cyber is a business risk, on equal footing with revenues and expenditure. And you’d like an easier way of asking for some pennies to mitigate that risk and even push some of that crippling responsibility back up the chain of command.

So let’s get them on board. is a super-visual platform that makes communication about cybersecurity easy. You can generate easy-to-understand reports with just a click of a button, which can be sent to your CEO or any other senior decision-maker in your organisation. When you need additional insights, they’re ready and waiting for you. Simplicity isn’t such a bad thing and avoids the risk of alienating your budget holders and senior decision-makers with information they simply don’t need to understand.

But what happens if you want to get down to the technical details?, has you covered with its Technical Drilldown feature, allowing you to dive deep into the nuts and bolts of your Cyber Posture.

1000 tools and a spreadsheet

Our solution is built on solving the most frustrating challenges we’ve encountered, particularly information overload. With so many disparate systems in operation, it can be hard to keep track of everything, and the opportunity to use a tool like has the power to free you from all the legacy issues associated with the job. We solved this problem by bringing everything together in one platform. It’s a game-changer for anyone looking to simplify their cybersecurity management. One tool to rule them all, if you will. You may think I’m biased since I work for, but you don’t have to take my word for it, sign up.

Choose your own adventure

Your CyberScore is just the beginning of your experience, and it’s central to everything else, from getting a grip on your compliance with the Compliance Manager to managing suppliers/partners in the Supply Chain Manager to finding gaps in your Cyber Posture and plugging them with the Marketplace. And all of the above.

I’m ready for

Have you heard enough and are raring to go? Try Premium on a free trial today by signing up for a free account in a few easy steps, and once you’re in, choose the onboarding that’s right for you – Access our huge knowledge base of technical information, follow our interactive product tours, or even request a live demo, and you may even get me or the CEO. The entire experience is so upfront, it’s borderline rude. We’ve tried HARD to think of everything you haven’t, and we’re only here to make you feel good about it.