Insights

Given the growing cyber risk and number of significant incidents, have public companies made a proportionate investment in cyber governance and resilience? Whilst growing cybersecurity vendor revenues point to improving cybersecurity maturity, a further source of insight can be derived from how public companies report on cyber risks and threats. Westlands Advisory recently conducted a comparative analysis of cybersecurity terminology in the annual reporting of the Dow Jones Core 30 and Euronext Core 30 companies.

The United Kingdom’s 2025 Strategic Defence Review (SDR), titled “Making Britain Safer: Secure at Home, Strong Abroad,” underscores an unprecedented emphasis on cyber threats and capabilities. The review – the first “root-and-branch” overhaul of UK defence in 25 years – repeatedly highlights “cyber” as both a critical danger and a key enabler in modern defence strategy.

The advent of quantum computing presents one of the most profound shifts in cybersecurity since the invention of public-key cryptography. As quantum technology rapidly develops, it poses a direct threat to the classical encryption algorithms that underpin the global financial system, digital identities, secure communications, and data privacy. To prepare for a Quantum-Safe future, government agencies and critical infrastructure operators should start with cryptographic discovery and classification.

Governments are treating AI as a serious policy issue, shifting from advisory to enforceable guidelines to ensure AI deployment is safe and secure. These trends link to an earlier piece by Westlands Advisory, published in October 2024, predicting that strong regulation will be necessary to roll out AI safely, especially in areas such as national infrastructure and public services. As AI becomes entrenched in daily life and critical systems, this article will see how different countries are responding to AI threats, and where things may be headed in terms of cybersecurity solutions, and protection of the entire AI ecosystem.

Operational Technology (OT) environments are foundational to critical infrastructure and industrial operations. These systems control physical processes essential to energy, transport, manufacturing, and public services. As connectivity increases, so does exposure to cyber, physical, and operational risks. Yet, despite the criticality of these processes, cyber maturity remains relatively low. Asset owners need credible and trusted security consulting and managed services partners to accelerate improvements to cyber resilience.

The Middle East has invested heavily in digitalisation to diversify the economy and reduce reliance on oil revenues. However, this rapid digitalisation has resulted in an increase in cyber risk from both cyber criminals and state-sponsored actors. IBM’s X-Force 2025 Threat Intelligence Index reports that the Middle East and Africa accounted for 10% of global cybersecurity incidents in 2024, up from 4% (2022) and 7% (2023). The growing cyber threat and increasing interdependencies between digital infrastructure has led to strong local regulations to protect critical national infrastructure and enforce data sovereignty.

Investment in OT Cybersecurity has grown significantly over the last decade, resulting in leading asset owners significantly improving their cybersecurity posture. Nevertheless, more is required to balance the benefits of digitalisation with the cyber risk. Westlands Advisory’s research into trends impacting cybersecurity posture concludes that growing digitalisation and security incidents are not currently being matched by investment in cybersecurity. Furthermore, the research highlights that regulation to 2023 has had a low impact on improving the OT cybersecurity posture across most process and manufacturing industries.

In a hyperconnected world, organisations need to ensure resilience to systemic shocks. Effective incident response plans are critical for responding to and mitigating the impact of cybersecurity incidents. This requires training and exercising that replicate real-world scenarios, thereby increasing the preparedness of SOC analysts and incident response teams. WA visited Thales Ebbw Vale to gain an insight into how critical infrastructure owners use the cyber range to improve security programs.

As cyber threats evolve and intensify, organisations are increasingly exposed to new risks. Staying on top of the intelligence reporting is a challenge. This report is intended for executives that do not have the time, nor the need, to read over 20 cyber threat intelligence reports. WA has done that for you and summarised the key actions.