.jpg)
In a recent webinar earlier this month, Continual CEO Oliver Crofton interviewed cybersecurity expert Jamie Akhtar, CEO of CyberSmart, to get his perspective on the shifting cyber risk landscape. Speaking to an audience of compliance, HR, and legal leaders, Jamie outlined why cybersecurity is no longer just an IT problem - it’s a governance, culture, and business resilience issue.
One of the biggest shifts in recent years is regulatory. While GDPR dominated headlines, another EU law - the NIS2 Directive - has quietly expanded the compliance net. Under NIS2, as many as 300,000 organizations across Europe, including suppliers to critical industries, must meet stringent cybersecurity standards.
The UK’s post-Brexit response, the Cybersecurity and Resilience Bill (CSRB), mirrors these obligations. Both frameworks require timely incident reporting, stronger security practices, and robust evidence of compliance.
For businesses, this marks a departure from flexible “risk-based” approaches. Regulations are now prescriptive, leaving little room for interpretation. Compliance leaders must not only know which rules apply to their organisations but also establish processes, documentation, and cultural practices to meet them.
While regulation is tightening, the cyber threat landscape is simultaneously worsening. Jamie highlighted ransomware’s resurgence as a prime example.
Five years ago, ransomware dominated headlines, before seemingly fading. But today, it’s back with a vengeance; now delivered “as-a-service,” where criminal groups rent out attack tools just like SaaS software. With low barriers to entry, virtually anyone can launch sophisticated campaigns.
Attackers also exploit automation and AI to scale their operations. Phishing emails, once riddled with typos, now appear polished and convincing, often mimicking trusted services like Amazon. New tactics emerge constantly, but old ones resurface too, catching organizations off guard when defences lapse.
The result: a constant arms race where criminals innovate faster than many organizations can respond.
Beyond regulation and threats, the third major driver is digital acceleration. Organisations are rapidly adopting cloud services, industrial IoT systems, and AI models.
AI in particular creates both promise and peril. Companies want to harness it for productivity and insight, but few fully understand the risks of feeding sensitive data into models or deploying AI without governance. This new frontier raises critical questions about security, privacy, and accountability.
Throughout the discussion, one theme was clear: cybersecurity is not just an IT problem. It’s a business resilience issue that touches governance, risk, compliance, and culture.
For compliance and HR leaders, the key takeaways are:
The conversation painted a sobering picture of the cyber landscape in 2025: more regulation, more sophisticated attackers, and more complexity from digital transformation. Yet the message was also empowering.
By treating cybersecurity as a governance and cultural priority, not just a technical one, organisations can build resilience. As Jamie put it, the goal is to “raise the bar” across all businesses, making cybercrime less profitable and less effective.
For compliance leaders, this means moving beyond box-ticking to drive genuine organisational change. Cybersecurity in 2025 isn’t about acronyms and firewalls, it’s about people, processes, and resilience at the heart of business strategy.
You can view the full interview on YouTube here: https://youtu.be/lubgz36EgMw
Experience the power of supplementing your ethics and compliance program with AI. Schedule a personalised demo now to see how our advanced platform can give you clearer risk insights and better corporate governance.
We are also available on the details below.
