CiiSEC Identified Some Key Concerns and Hot Topics, here is the Advent Hot Take…

News and information from the Advent IM team.

After a slightly delayed train journey (because, of course!), I finally made it to the CiiSEC seminar – and what a day it turned out to be. I still consider myself new to the industry and so for me, the day was packed with valuable insights, lively discussions, and a few “ahhh” moments that left me plenty to reflect on. Here’s a quick rundown of some of the key takeaways that resonated with me, along with some thoughts from the Advent perspective and what value we can bring to organisations with these considerations and challenges.

 

  1. AI: The Cybersecurity Game Changer

No surprises here – AI was mentioned on almost every panel and is clearly on everyone’s radar as the future of cybersecurity. From automating threat detection to improving response times, the potential is massive. However, there’s still a lot to unpack. The challenge lies in effectively integrating AI into infrastructures, and I think this is something we’ll see evolve in the next few years. AI is not a one-size-fits-all solution, but as the tech advances, its role in cybersecurity will become even more critical.

As organisations embrace cutting-edge innovations like AI and other advanced technologies, the need for robust security and governance has never been greater… Our purpose at Advent is clear: to help your business transform securely by embedding best practices in security and building resilience at every stage of your journey. Our consultancy, training, and outsourced solutions can help to ensure that you stay compliant, mitigate risks, and implement new technologies with confidence.

Unlike others, we don’t sell products – we deliver unbiased, professional advice tailored to your unique needs. Our approach focuses on knowledge transfer, ensuring that your team is empowered with the skills and insights to manage information and physical security long after our engagement.

 

  1. Supply Chain Security: A Major Concern

The seminar placed a major emphasis on Supply Chain Security—and for good reason. As cyber threats become more sophisticated, the security of third-party vendors and partners is more crucial than ever. A breach in one part of the supply chain can have cascading effects that compromise an entire organisation. Ensuring that all parties involved uphold strong security practices is no longer optional; it’s central to maintaining good security hygiene across the board.

Supply Chain Security is nothing new for us here at Advent however and we have been advocating best practice in this area since day one. As a running example of its importance, Police forces process a significant amount of information for the safety of the public, through the meticulous investigation and prosecution of criminals. To that end, the large amounts of information/data involved requires forces to make use of Third-Party Suppliers (TPS) and Data Centre (DC) facilities to meet their obligations, any such TPS/DC needs to go through the Third-Party Assurance for Policing (TPAP) process to be audited/assessed and approved. Historically, Advent has been key to the completion of such Audits for a number of Police Forces however the benefits of completing such Audits are not limited to the Police but any organisation with a diverse supply chain.

 

  1. Cyber Hygiene: One Size Does NOT Fit All

Another highlight for me was the discussion around Cyber Hygiene. Now, this term can mean different things to different people, but here’s what I took away: there is no one-size-fits-all approach. Noticing a trend here?

Cyber hygiene isn’t some golden rule etched into stone; it must be tailored to each organisation based on its unique risk profile. What works for one company might not be applicable to another, and we need to be flexible in our approach to ensure robust security.

A perfect example of tailoring cybersecurity to meet specific needs comes from a recent project Advent IM undertook with a leading international research institution. Given their unique position and the immense value of the data they hold, the institution needed a highly specialised approach to cybersecurity.

Recognising that a one-size-fits-all strategy wouldn’t work, the institution engaged Advent IM to assess its Cyber-Hygiene and ultimately enhance its security posture. Our team provided a comprehensive range of services including vulnerability assessments, penetration testing, security architecture reviews, ISO27001 compliance, and ongoing consultancy. Through a multi-phase approach, we worked closely with the institution to ensure its systems, policies, and personnel were fully equipped to handle vulnerabilities, meet regulatory standards, and respond to security incidents.

This engagement demonstrates how cybersecurity practices—just like Cyber Hygiene—must be adapted to the unique risk profile of an organisation. By tailoring our services to this institution’s specific needs, we were able to strengthen its cybersecurity resilience and empower the institution to continue its ground-breaking research, all while safeguarding its invaluable data and infrastructure.

 

  1. The Struggle to Communicate with the Board

Communicating cybersecurity concerns to the Board is still a major challenge. Security leaders often find themselves on the outside looking in, not always recognised as a strategic business asset. This disconnect can make it difficult to secure the necessary resources for critical security initiatives and, in my opinion, represents a huge operational vulnerability. As cybersecurity professionals, we need to keep pushing for greater boardroom understanding, ensuring that cybersecurity is seen not just in a reactive light, but as a core business priority.

With MySecurityManager and MyDPO services from Advent, organisations gain access to skilled information security experts and organisational consultants, which helps bridge the knowledge gap between technical teams and the board. Our consultants can translate complex security issues into business-relevant language that is easily understood at the board level, helping to secure buy-in for cybersecurity initiatives. By offering flexible, scalable contracts that provide ongoing compliance support and risk management guidance, these services enable organisations to proactively address security concerns. This ensures that the business remains compliant with regulations and avoids potential fines, which is something the board can directly appreciate as a strategic and financial benefit.

In addition, we offer Cybersecurity Training for Business Leaders and the C-Suite to further bridge knowledge gaps and enable better conversations between security teams and leaders. This training empowers key decision-makers with the insights and understanding needed to navigate cybersecurity risks effectively, making them active participants in shaping the organisation’s security strategy.

Through regular advisory sessions and access to industry best practices, MySecurityManager helps elevate cybersecurity from a reactive concern to a strategic asset. The services position security as a critical component of business continuity and growth, aligning it with overall business objectives. With expert support included, the service assists in preparing clear, actionable reports and communication strategies for presenting to the board. This helps the board understand the current security posture and the necessary investments or actions needed to mitigate risks.

  1. Changing the Narrative: It’s Harder Than You Think

It’s easy for those of us in the industry to assume that things like enabling Multi-Factor Authentication (MFA) should be a straightforward process. However, a thought-provoking panel discussion highlighted just how difficult it can be for some organisations to implement even the most ‘basic’ protection measures. However, when we talk about ‘basic’ protections, we need to be aware that, for some, these aren’t so basic. It’s crucial to remain empathetic and recognise the barriers that exist, especially for smaller or resource-constrained businesses. Perhaps even changing the language from terms such as ‘basic’ to ‘fundamental’ will help to again bridge the gap and build trust. We certainly do not want to be undermining but instead want to be enabling.

On that note, our business is built on the trust that clients place on us. This means constantly acting with integrity and mutual respect. Transferring our knowledge to client employees enables everyone to improve their defense’s’ and costs and our proven expertise allows us to create and deliver the most appropriate solution, really pushing on that client focus. Moreover, we are totally independent and impartial in all advice and recommendations. It is not just a coincidence that the bold key words are the four pillars of our values here at Advent IM…

 

  1. Is Cyber Insurance Really Feasible?

The question on many people’s minds: is cyber insurance truly viable? Spoiler alert: it’s not… as simple as buying an umbrella policy. Cyber insurance can be complex, with numerous factors to consider when assessing risk. Are you insuring against specific types of attacks? How do you quantify the costs of a breach? As we navigate this evolving space, we need to dig deeper into the risks we’re insuring against and ensure that our policies offer meaningful coverage… yes you guessed it, come speak to us. As an established security consultancy, we have years of experience in providing Risk advice and guidance to UK and overseas organisations, allowing us to support in the identification, analysis and management / response to risks that might positively or adversely impact the realisation of its business objectives.

 

  1. Modern Threats: Small Businesses Are Still at Risk

A key point that stood out was the ongoing vulnerability of small businesses. Many are still underestimating their risks, and as cybercriminals typically target the weakest link, this presents a serious threat. Large organisations often have more robust defences, but the cybercriminals are smart enough to know that attacking smaller businesses can yield more success over time. It’s essential that small businesses recognise these risks and take proactive steps to safeguard their data and systems. This is about the only similarity that we have to the bad guys as we don’t discriminate on size either… we’ve worked with some of the UK’s largest Private Organisations, also a number of Central Government and ALB’s but notably provided support to smaller organisations like Caribbean Police Forces, Maritime Navigational Charities and Meteorology Research Institutions.

 

  1. Cybercrime Cases: Who Do DPOs Really Work For?

In one of the more intriguing discussions, the role of Data Protection Officers (DPOs) was brought into question. Do they truly work for the data subject, or are they more focused on serving the organisation’s interests? Balancing the needs of both the organisation and the individuals whose data is being protected can be tricky, but something that Advent has expertly struck a balance between by combining the interests of the data subjects (through privacy protection) with the organisation’s legal and operational needs. By providing expert advice, DPIA assistance, and flexible support, our ‘MyDPO’ service ensures that data protection is handled with fairness to both parties, allowing organisations to comply with regulations while safeguarding individual rights.

 

  1. Diversity in Cyber Leadership: A Key to Success

Last but certainly not least, a discussion on Cyber Leadership made it clear that diversity is vital to the future of cybersecurity. Strong voices like Sally Walker and Annabelle Berry made the case for diverse leadership, showing how varied perspectives lead to better decision-making and more innovative solutions. If we want to tackle the increasingly complex cyber threats of tomorrow, it’s essential to foster a more inclusive environment in cybersecurity leadership today.

All in all, it was a fantastic seminar full of learning, networking, and thought-provoking insights. Thanks to all the speakers and panellists for sharing their expertise, and to the organisers for putting together such a successful event. As always, the future of cybersecurity is an exciting one, and I’m looking forward to seeing how these key concerns and hot topics evolve in the coming year. What are your thoughts on these issues? Let me know by reaching out to me:

Jack.Hughes@advent-im.co.uk

Share this Post