Our Opinions

THE LATEST OPINIONS
FROM OUR EXPERTS

Discover where our experts are shaping the conversation, with opinion pieces and commentary featured across leading industry publications.

SEE WHAT SERVICES WE PROVIDE

UBDS Digital laptop | security operations centre

Filter by

EU Digital Omnibus

Publication: Compliance

Publication: Governance and Compliance

post date: February 27, 2026

EU Digital Omnibus Bill: Joined-up Compliance on the Agenda

The EU Digital Omnibus Bill aims to simplify and align the EU’s sprawling digital rulebook by reducing overlapping requirements across key regulations such as data protection, cybersecurity, and AI compliance, and by promoting clearer, more joined-up compliance approaches for organisations operating in the EU and beyond. This initiative could ease the administrative burden for businesses, improve legal clarity, and support innovation while maintaining high standards of protection and accountability.Tracey Hannan-Jones, Information Security Consulting Director at UBDS Digital, highlights that this proposed legislation reflects a broader shift toward coordinated governance and risk management across digital frameworks. Tracey stresses that organisations should take this opportunity to reassess their compliance strategies holistically, integrating data, security, and AI obligations rather than treating them as siloed tasks. In her view, joined-up compliance will help build stronger resilience and reduce the risk of gaps that can lead to regulatory and security exposure.Read the full article to understand how the Digital Omnibus Bill could reshape compliance expectations and what it means for digital security and risk teams.

Read full article

DXS International breach Opinion

Publication: Cybersecurity

Publication: Governance and Compliance

post date: February 20, 2026

DXS International Breach: Lessons Learned for Healthcare

The cyberattack on DXS International, a major technology provider to the UK National Health Service, has once again highlighted serious vulnerabilities in healthcare supply chain security. The breach, which affected DXS’s internal systems and was publicly disclosed in December 2025, underscores how trusted third-party providers can become entry points for cyber threats even when core clinical services remain operational.Tracey Hannan-Jones, Information Security Consulting Director at UBDS Digital, notes that this incident is a stark reminder that healthcare organisations cannot treat supplier cybersecurity as a secondary concern. She stresses that robust vendor risk management, continuous monitoring, and clear incident response expectations with key technology partners are essential to safeguarding patient information and maintaining service resilience. In Tracey’s view, the ongoing challenge is not only preventing breaches but also ensuring transparent collaboration between healthcare providers and their suppliers to manage risk effectively.Read the full article for deeper insights into the DXS International incident and what it means for strengthening cybersecurity across healthcare technology ecosystems.

Read full article

US pulls out of Global cyber coop

Publication: Cybersecurity

Publication: Governance and Compliance

post date: February 6, 2026

US Pulls Out of Global Cyber Cooperation: What Does it Mean for the UK and Europe?

The decision by the United States to withdraw from 66 international cooperation frameworks, including key cyber partnerships, is set to reshape the global cybersecurity landscape. Experts warn that stepping back from forums that facilitate information sharing, incident response coordination, and shared resilience standards could weaken collective defence and slow down coordinated responses to cyber threats.Tracey Hannan-Jones, Information Security Consulting Director at UBDS Digital, highlights that global cyber risk cannot be contained by any single nation. She stresses that strong international cooperation remains essential to deter sophisticated state-sponsored attacks and to build shared defensive capabilities. Reduced engagement by a major player like the U.S. places even greater responsibility on allied nations and private sector partnerships to fill the leadership gap.Read the full article for deeper insight into what this shift means for the UK, Europe, and the future of global cyber collaboration.

Read full article

700 credit breach opinion

Publication: Cybersecurity

Publication: Governance and Compliance

post date: January 30, 2026

700Credit Breach: API Risks Put Financial Supply Chain Governance Under the Spotlight

The recent 700Credit data breach has put a sharp spotlight on the growing risks associated with third-party APIs and weaknesses in financial supply chain governance. In her commentary for ISMS Online, Tracey Hannan-Jones, Information Security Consulting Director at UBDS Digital, highlights how organisations increasingly depend on external providers for critical services but often lack continuous oversight and consistent security controls. This gap, she explains, creates opportunities for attackers to exploit vulnerabilities beyond an organisation’s direct perimeter.Tracey stresses the need for stronger supplier governance, clearer accountability, and ongoing risk management across the entire digital supply chain. Her insights serve as a timely reminder that effective cybersecurity must extend well beyond internal systems.Read the full article to explore the implications of the 700Credit breach and what organisations can do to strengthen API and supply chain security.

Read full article

IT Pro Opinion

Publication: Cybersecurity

Publication: Governance and Compliance

post date: January 1, 2026

The six biggest security challenges coming in 2026

As organisations look ahead to 2026, supply chain security is becoming one of the most critical and often overlooked cyber risks. Tracey Hannan-Jones, Information Security Consulting Director at UBDS Digital, points out that tighter regulations such as EU NIS2 are pushing businesses to rethink how they manage third-party risk, and quickly.“Attackers are increasingly using suppliers as a way into larger ecosystems,” she explains, warning that surface-level due diligence is no longer enough. With boards facing greater accountability and AI accelerating the scale of attacks, Hannan-Jones believes organisations need to build resilience and meaningful assurance into their supply chains.Her perspective reflects the broader challenges explored in ITPro’s article on the six biggest security threats coming in 2026, and offers valuable insight for leaders who want to understand what’s coming and how to prepare.

Read full article

Disasterrecrovery

Publication: Compliance

Publication: Disaster Recovery

Publication: Governance and Compliance

post date: December 15, 2025

Disaster Recovery - Prepare for the worst

As cyber threats continue to rise, disaster recovery (DR) is no longer a technical afterthought—it’s a cornerstone of business resilience. In this News in the Channel feature, industry leaders examine how DR has evolved in response to cyber-driven disruption, SaaS dependency, and tightening regulatory expectations across sectors.Tracey Hannan-Jones, Consulting Director for Information Security at UBDS Digital, highlights how operational resilience requirements are accelerating the need for more robust, tested disaster recovery capabilities—particularly in regulated industries such as financial services. She explains that frameworks like DORA and UK FCA/PRA now demand regular, real-world resilience testing, including scenario-based exercises and threat-led penetration testing, tying DR directly to cyber resilience rather than standalone recovery.Hannan-Jones also points to a clear shift away from traditional on-premise DR towards Disaster Recovery-as-a-Service (DRaaS). She notes that cloud-based DR offers scalability, faster recovery times, automated failover and reduced human error—making it especially valuable for SMBs that lack the internal resources to recover quickly from a major incident.

Read full article

Ai autopsy google opinion

Publication: Data and AI

Publication: Cybersecurity

post date: November 26, 2025

AI Autopsy: How Significant Is Google’s AI-Enabled Malware Discovery?

Google’s claims of discovering the first true wave of AI-enabled malware have sparked industry excitement but Tony Gee, Principal Cyber Security Consultant at our sister company 3BDS, urges caution. While Google highlights malware that can dynamically generate scripts and shift behaviour using LLMs, Gee argues that most examples are immature, impractical, or simply old techniques dressed in new language.He notes that several samples don’t function reliably, rely on cloud-based LLM access that would expose attackers, and offer little beyond what traditional malware already achieves. In his view, this is an early-stage development worth watching, not fearing.Yet Gee acknowledges experimentation by advanced groups like APT28, signalling where the threat could evolve. His bottom line for CISOs: focus on strong detection and resilient security fundamentals rather than chasing AI-driven headlines. The real risk isn’t here yet but it’s coming.

Read full article

Infostealer opinion piece

Publication: Cybersecurity

post date: November 8, 2025

Infostealers: Addressing a rising threat to UK businesses

Infostealers malware designed to harvest credentials, session tokens, and browser data have surged into prominence as one of the most prolific threat vectors confronting UK businesses in 2025. These tools, easily rented via malware-as-a-service platforms, give even low-skill adversaries direct access to high-value data and pave the way for larger intrusions.Tony Gee, Principal Cyber Security Consultant at 3BDS, warns that this trend isn’t just another uptick in commoditised malware. It represents a fundamental shift in attack economics. Gee emphasises that stolen credentials and session data are now the primary fuel for lateral movement and breach escalation, often preceding ransomware and supply chain compromises. Rather than viewing Infostealers as a background nuisance, he argues organisations must treat them as a core strategic threat that demands robust identity protection, advanced detection, and proactive credential hygiene across the enterprise.For leaders, Gee’s message is unambiguous: strengthening identity-centric defences and behavioural analytics isn’t optional. It’s essential to thwart the silent but accelerating infostealer economy.

Read full article

Daa S

Publication: Modernisation

post date: November 8, 2025

In today’s hybrid-first world, small and medium-sized businesses are increasingly challenged to deliver secure, flexible desktop experiences without the overhead of physical hardware. According to Paul Collins, CTO of UBDS Digital, this is where Desktop as a Service (DaaS) is driving real value: simplifying IT operations, reducing upfront capital costs, and enabling seamless access to tools like Microsoft 365—without adding complexity to stretched internal teams. Paul emphasises that for SMBs navigating economic pressures and hybrid work models, DaaS isn’t just convenient — it’s becoming essential for secure, modern workplace delivery.

Read full article

1

Looking for
exceptional outcomes?

UBDS Digital Man with Mug | security operations centre