10 December 2025
A Year in Review: Cyber Security 2025
As we conclude the year, cyber security issues continue to keep many people awake at night. With limited resources and suitably qualified personnel available to combat and address these issues we see don’t see 2026 as being too different unfortunately.
AI was the hot topic of 2025 and it’s likely to continue as such during 2026. Moving beyond the hype, this technology has certainly opened immediate opportunities to make our work lives more productive and efficient on the basis the risks of using AI are considered and well managed. Hopefully, in the right hands, AI can help to deliver some impactful and positive cyber security initiatives.
It has been also very entertaining to observe the number of products on the market that are now “AI driven”. We quite liked the AI mattress that combines AI algorithms, biomechanical research, and insights from over 2.3 million groups of sleep data points to give you a good night’s sleep. However, having discussed the pros and cons of owning this mattress we were rudely awoken to the possible privacy considerations.
For our last newsletter of the year we have previewed some of the themes and topics we covered in the last 12 months.
Is It a Policy, Process or Procedure?
Not all documents are created equal. Policies, processes, and procedures each play a different role in how an organisation operates, yet the lines between them are often blurred. Failing to clearly articulate the distinctions or using the terms interchangeably can lead to confusion among employees and stakeholders. In this blog we explain what each does and how to keep policies clear, focused and effective.
AI: Raising the Priority for Data and Information Governance
As AI and large language models become part of everyday operations, how organisations manage data and information is more critical than ever. Without strong governance, risks - from compliance issues to ethical concerns - grow quickly. Learn why data and information governance should be a top priority if you are adopting AI, and the steps you can take to protect assets and drive informed decision-making.
Modern Data Governance Practices to Consider for the AI Era
Data powers decisions, processes, and innovation - but when unmanaged or misused, it can quickly become a liability. As AI becomes more central to business operations, organisations need a strategic approach to ensure data is accurate, secure, and used responsibly. This blog explores modern practices to build the foundations for good data governance in the AI era.
Implementing an Effective Cybersecurity Strategy: Why a Roadmap Matters
A cybersecurity strategy is only as strong as the execution plan or roadmap behind it. Without a clear roadmap, even the best strategy will stall, leaving risks unaddressed and progress hard to measure. We explore why a roadmap is essential, how it turns high-level goals into practical action, and what organisations need to consider when building one.
Aligning Cyber Security Investments with Business Objectives
A well-designed cybersecurity strategy ensures that every investment in security contributes to broader business objectives, supporting stability, innovation and compliance. The key challenge for leaders is to develop a strategy that connects these dots, and then to translate that strategy into a clear, actionable roadmap. The right cybersecurity strategy is not something that can be copied from a template, it has to reflect the organisation’s structure, industry, maturity, resources and ambitions.
Is Your Organisation Really Prepared for a Cyber Incident?
Having a cyber security plan is one thing - being ready to act when an incident happens is another. Many organisations overestimate their preparedness and only discover gaps under pressure. This blog looks at why incident response testing is critical, how real-world simulations reveal weaknesses, and how a structured approach can strengthen your team’s ability to respond effectively.
Cyber Security Risk Register - Strengthening Risk Management
An essential tool for cyber security risk management is a cyber security risk register - a structured record of risks associated with information security, digital assets, and IT infrastructure. This blog discusses how a register enables organisations to identify, assess, and mitigate cyber risks effectively.
Identifying What Matters: Cyber Risks in Your Supply Chain
Managing cyber risks within your supply chain requires a clear understanding of what matters to your organisation. Not all systems, services, or suppliers carry the same level of importance, so being able to identify which ones are critical is the first step. We explore how a criticality analysis can help you prioritise resources, focus on the most important assets, and make smarter, risk-based decisions.
Common Challenges Organisations Face Implementing the Essential Eight Strategies
The ASD Essential Eight provides clear guidance on reducing cyber risk, but knowing what to do and actually putting it into practice are two different things. We’ve been able to assist organisations address real-world challenges when implementing the eight strategies. Understanding these challenges can help you plan more effectively and strengthen your overall cyber resilience.
Thank you for staying connected with us this year. We’ve enjoyed supporting organisations address the challenges associated with improving their cyber security posture and resilience. We look forward to sharing more insights and practical guidance during the year ahead.
Wishing you a Merry Christmas and Happy New Year.
From the Kaon Security Team.