DSIT published the Cyber Security Breaches Survey 2025/2026 on 30 April 2026. The headline of '43% of UK businesses breached' is broadly flat year on year, but the interesting findings are in the small movements - phishing increasingly AI-assisted, ransomware impact roughly doubled, and supply-chain reviews almost non-existent for smaller organisations. We unpack what the report actually says and the five things UK SMBs, charities and schools should change in the next ninety days.
On 27 April 2026, Cyber Essentials v3.3 ('Danzell') replaced Willow as the mandatory question set. For the first time in the scheme's history there are auto-fail questions — missed MFA on a cloud service or a high-risk patch left longer than 14 days will now fail the assessment outright. Here is what changed and what to fix before your next renewal.
A critical pre-auth SQL injection in LiteLLM (CVE-2026-42208, CVSS 9.3) lets attackers steal every API key the proxy holds. Exploitation was observed in the wild within 36 hours of disclosure. Here is what to do this week.
HMRC's biggest tax overhaul in 29 years goes live on 6 April 2026, but 94% of affected businesses say they are not prepared. We break down who is affected, what has actually changed, and what to do if you have left it late.
David Heacock grew a $260 million air filter business and says AI matters more to plumbers than programmers. We unpack the opportunity for UK trades and small businesses trying to do more with a small team.
A practical subset of security controls sized for small teams: MFA, endpoint hardening, backup testing, access reviews, and incident response checklists.
A priority sequence for anyone inheriting IT responsibility: audit current state, secure quick wins, establish documentation, review vendors, and build a roadmap.
A decision framework for cloud vs on-premises vs hybrid hosting, weighing data residency, cost structures, skills requirements, and compliance obligations.