Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For most of HIPAA’s history, PHI moved through known systems, between known parties, for known reasons. You provisioned access and audited behavior. The data flows remained observable, and so did the vendor relationships built around them. EHR vendors, billing platforms, and transcription services, you knew what each one touched because you handed it to them. Then the website became part of the care journey. With it came appointment schedulers, symptom checkers, patient portals, and intake forms.

The concentration of dangerous software flaws is accelerating. The number of high-risk vulnerabilities – those with both high severity and high exploitability – has surged by 36% year-over-year, according to the 2026 State of Software Security Report. This trend indicates a critical problem: more risk is entering your codebase faster than ever before.

When cybersecurity teams talk about risk, they usually speak in technical terms like vulnerabilities, exploits, and attack vectors. But when they walk into the boardroom, they need to speak a different language. They need to speak about cost. In the era of AI, the cost of insecure APIs has shifted from a potential liability to a tangible line item on the balance sheet. It is no longer just about the cost of a data breach.

SaaS contract renewals have a way of sneaking up on IT and Finance teams. One day, everything is running fine. The next, a renewal notice hits your inbox, usually with little context, limited time, and no clear answer to the most important questions: Who’s using this? Do we still need it? And are we paying for more than we should?

For generations, law firms have assessed risk through precedent, probability and professional judgement. These disciplines are still important, but on their own they no longer describe the reality law firms now face. A different category of risk has moved into the centre of senior decision making. It is not abstract, theoretical or easily deferred. It cuts across practice areas, firm size and seniority. When it materialises, it does not wait for alignment or deliberation.

Long-time followers of mine know that I am not an AI hype person. Some people might even call me an AI critic. I prefer to call myself an AI realist. I do not think AI will kill us all (despite our best efforts to bypass all guardrails and common sense). I do not think AI will replace all jobs. I do not think AI will replace all cybersecurity jobs. But I do think AI allows improvements in many areas, including cyber defenses, over traditional tools and techniques.

Security awareness programs are built on measurement. Before you can reduce human risk, you need a clear understanding of where knowledge gaps exist across your workforce. For many organizations, that process starts with a baseline assessment. For years, KnowBe4’s Security Awareness Proficiency Assessment (SAPA) has provided that foundation.

Enterprise DLP solutions in 2026 must cover far more than email and USB channels. With many employees pasting data into GenAI prompts and sensitive data flowing across cloud, SaaS, and browser-based AI tools, legacy DLP architectures leave critical gaps. Choosing the right platform requires mapping where sensitive data lives, identifying real exfiltration paths, and deciding whether a standalone, native, or converged DSPM-plus-DLP architecture fits your environment.

You have six ways to send a large amount of photos:cloud storage links, dedicated file transfer tools, email with a workaround, messaging apps, device-to-device transfer, and physical drives. Which one works best depends on how many photos you're sending, whether quality matters, and how private you need it to be. The default options most people try first all have real limits. Email cuts off around 25MB, which is about 5 to 10 full-quality photos.

For many organizations, a single security lapse isn’t just a technical glitch — it’s a catastrophic blow to their brand reputation and bottom line. With the global average cost of a leak reaching record highs ($4.44 million according to 2025 estimates), learning how to prevent data theft has shifted from a best practice to a business necessity. But how do you stay ahead of the latest cyber threats?