That's Christmas 365: Win-Win for Planet & People: SocialBox.Biz Sustain...

That's Christmas 365: Win-Win for Planet & People: SocialBox.Biz Sustain...: Age UK Westminster client with computer Corporates Partner with SocialBox.Biz to Achieve Impact Goals & Empower Underserved Communities ...

Offensive Security Becomes Business-Critical as UK Faces Major Cyber Incidents

The scale, frequency, and sophistication of cyberattacks in the UK have escalated sharply throughout 2025, causing widespread operational disruption and mounting economic damage. 

Recent data and high-impact incidents show that organisations can no longer rely on periodic audits or reactive security measures. 

As a result, organisations are being challenged to rethink their security strategy and embrace an offensive mindset.

Major UK Attacks Rise By Over 50%

The National Cyber Security Centre’s (NCSC) Annual Review 2025, covering the period from September 2024 to August 2025, underscores the severity of the situation. 

During this time, the NCSC handled 204 nationally significant cyber incidents, an increase of more than 50% compared to the previous year. 

The review also reported four high impact attacks every week, each capable of disrupting essential services across the country and causing widespread operational and economic disruption.

In worst case scenarios, such attacks could compromise not only business operations but critical national infrastructure too. 

The government is now urging organisations to take stronger action to protect the UK economy and make cyber resilience a board-level responsibility.

The economic stakes are equally stark. The recent cyberattack against Jaguar Land Rover, which is thought to be the largest cyber incident in UK history, has been estimated to cost the UK economy £1.9 billion. This led to Jaguar Land Rover having to shut down systems across their factories and offices, with knock-on effects extending to as many as 5,000 organisations in its supply chain.

Richard Horne, CEO of the NCSC, issued a clear warning. He told That's Technology: “Cyber security is now a matter of business survival and national resilience. The best way to defend against these attacks is for organisations to make themselves as hard a target as possible.”

Offensive Security: Thinking Faster Than the Attacker

Keith Poyser, Vice President for EMEA at Horizon3.ai, explains organisations can only become “harder targets” by adopting an offensive, attacker-like mindset: 

“Organisations must think faster than potential attackers. All attack surface, ongoing penetration testing is the only reliable way to determine whether hackers can break in and whether an organisation’s security controls are genuinely effective. 

"Validate your defences in the context of your environment, don’t guess or rely on noisy low relevance vulnerability lists alone”

Although penetration testing has existed for decades, it's traditionally been conducted only annually or quarterly, and purely by humans, which is no longer adequate given the speed at which attackers evolve. We have already seen AI tools misused to rewrite attacks on the fly adapting to defences or detection technologies.

Continuous, autonomous pentesting via platforms such as Horizon3.ai’s NodeZero® Offensive Security Platform allow organisations to validate their security posture as frequently as needed, even daily, without the cost, delays, or limitations of manual-only tests. With them, businesses can emulate attacker techniques in live environments and integrate them seamlessly with agile and DevOps workflows, aligning security testing with how software is actually built and deployed today.

Horizon3.ai’s own Cybersecurity Report UK 2024/25 which collected responses from managers with IT level responsibility in 150 UK organisations confirms many organisations aren't taking the right approach to face today’s rapidly evolving threat landscape.

When asked whether they take a purely defensive stance against cyber threats, or if they conduct offensive exercises to identify risks and vulnerabilities, results showed 34% reported using only defensive measures, 21% focus on defence but occasionally conduct offensive exercises, and only 12% conduct offensive exercises internally. A further 15% were unsure how to approach this, while 18% said they outsource offensive exercises entirely.

Another question asked which technology, solution or practice they believed would significantly improve their security. 12% said they would want more budget funds, while 37% said they want to know exactly where they are vulnerable so they can proactively address weaknesses, a clear indication of the need for autonomous penetration testing. 26% responded that they would need to convince the leadership that cybersecurity must be a top priority.

Cybersecurity Must Become a Board-Level Responsibility

Government bodies, industry regulators, and customers are increasingly urging CEOs, boards, and senior leaders to take explicit, personal ownership of cyber risk. This shift reflects a broader recognition that cybersecurity is now a core component of organisational stability, operational continuity, and economic resilience.

Penetration testing plays a pivotal role in meeting these heightened expectations and has become a cornerstone of both operational and economic resilience. By continuously validating defences, organisations can reduce their Mean Time to Remediate (MTTR), lower the cost of fixing weaknesses, and significantly strengthen their overall security posture. Regular testing also supports risk-based vulnerability management, enhances audit readiness, and creates a verifiable record of due diligence—ultimately easing the burden of compliance.

Due Care and Due Diligence as Foundations of Cyber Risk Management

In cybersecurity, two fundamental principles form the backbone of effective risk management: due care and due diligence (Paired with a duty to know). Due care refers to the proactive steps an organisation takes to protect its systems, data, and users, such as enforcing security policies, fixing weaknesses, and carrying out regular risk assessments.

Due diligence, on the other hand, is the ongoing validation of whether those protective measures are actually working. It involves activities such as penetration testing, reviewing third-party risks, and verifying alignment with industry standards. Where due care is about implementing safeguards, due diligence is about proving they stand up in real-world conditions.

Keith Poyser added: “Together, they ensure  organisations are not only putting security controls in place but also continuously confirming their effectiveness. Continuous pentesting is central to this process, providing the evidence organisations need to demonstrate their cyber resilience.”

www.horizon3.ai

That's Christmas 365: Celebrating a Classic. The ZX Spectrum Deluxe Coll...

That's Christmas 365: Celebrating a Classic. The ZX Spectrum Deluxe Coll...: If you’re someone who remembers booting up a cassette tape on an 8-bit home computer in the early 1980s, or you simply love vintage gaming h...

That's Christmas 365: A Fantastic Christmas Gift Businesses can Give: So...

That's Christmas 365: A Fantastic Christmas Gift Businesses can Give: So...: In a call to action for sustainable practices, SocialBox.Biz, London's leading Community Interest Company for ethical and secure IT reus...

That's Christmas 365: The Ultimate Guide to Choosing Christmas Gifts for...

That's Christmas 365: The Ultimate Guide to Choosing Christmas Gifts for...: Discover the best Christmas gift ideas for Star Trek fans, from collectables and books to clothing, tech and budget-friendly treats that wil...

That's Business: Puredrive Energy CEO Named Family Business Entrepr...

That's Business: Puredrive Energy CEO Named Family Business Entrepr...: Cheltenham-based battery manufacturer, Mark Millar has been named entrepreneur of the year for the second year running. Puredrive Energy i...

That's Business: The Top 5 Blogging Platforms Available Today

That's Business: The Top 5 Blogging Platforms Available Today: Starting a blog has never been simpler. Whether you’re launching a personal journal, building a brand, or growing a business, choosing the r...

That's Business: Why Your Business Should Launch a Blog – And Why C...

That's Business: Why Your Business Should Launch a Blog – And Why C...: In today’s digital marketplace, a business blog is no longer a “nice-to-have”.  It’s one of the most cost-effective, trust-building, search...

Tewke announces TewkeAI Voice Controlled Home Assistant Alongside Google at Slush

Smart tech company, Tewke, has today announced TewkeAI, their first foray into voice-controlled home assistance.

Tewke was invited by Google to present this week at Slush in Helsinki as the accelerator programme they were part is coming to a close.

Tewke has been part of the Google for Startups Accelerator: AI For Energy, since September 2025, being advised by Google’s experts in AI to bring the next stage in Tewke’s vision of making smart simple to every home.

TewkeAI is a new ‘view’ within their flagship home automation device, Tap, coming in the first half of 2026. Tap’s beautiful and easy to install drop-in replacement for existing light switches, enables people to very easily have a home automation system without the need to rewire. Existing features include real-time energy information and home health reports. 

Thanks to TewkeAI, Tap will now enable everyone in the house to ask anything and receive an on screen text response.

TewkeAI is powered by Google Gemini and provides an elegant and intuitive interface that everyone in the home can interact with to assist in their everyday tasks. Request a weather update, read the headlines or get the answer to a nagging question, all on the vibrant OLED display. The user interface for TewkeAI has been designed to continue the premium design approach that users have come to expect from Tewke devices. This follows on from the initial preview launch of Tap, and it being awarded the Red Dot for design in 2024.

As with everything Tewke does, privacy is front and centre, so with its new AI chat bot. instead of having a microphone that is always listening for a command word, the microphone only listens for speech when the user swipes to the TewkeAI view and holds the onscreen button. Having a voice chatbot on Tap helps democratise the accessibility of home assistants to all users within the household, rather than having to interface via a mobile app, whilst simultaneously providing more peace of mind than ‘always listening’ home speakers.

Rowan Dixon, Tewke’s Co-founder and COO, told That's Technology: “As Tap is a device created for everyone in the home, we have designed our first version of TewkeAI to be as intuitive to use as possible. We are incredibly proud to be announcing this ahead of its 2026 release as guests of Google, here at Slush.”

Piers Daniell, Tewke’s Founder and CEO added: “Tap is making a real difference to how people live within their homes, from changing the way people interact with lighting, to saving energy in houses across the UK. TewkeAI is the next step in us bringing the future of home automation and energy saving to homes, to enable our vision of creating the future of a smart grid”.

The Tewke Tap was recently seen on British national TV as part of the largest ever construction project shown on the hit TV show, Grand Designs. Within the property, Tap is used to control all the home’s lighting whilst monitoring the property’s home health via its inbuilt air quality sensors and helps save energy via Tewke Tap’s energy ‘view’.

The first generation of TewkeAI is set to be available on customers’ devices in 2026 via Tewke’s weekly OTA software updates. Tewke are constantly innovating to create a smarter future and continuously working to bring even more advanced AI enabled automations to homes utilising their own inhouse AI system.

For more information on Tap and Tewke, visit: www.tewke.com

That's Business: Just a third of UK tech scale-ups boast AI experti...

That's Business: Just a third of UK tech scale-ups boast AI experti...: UK tech scale-ups are risking failure to meet their growth potential by not appointing artificial intelligence (AI) experts to their boards...