Today, Steve returns to Business Matters with Juliette Foster. In this conversation, Steve recaps 2025 in cyber and shares what he sees as the biggest risks heading into 2026. The two also discuss resilience and compliance, as well as the growing importance of togetherness among businesses…

Key Takeaways:

1. Companies would be wise to conduct frequent cyber audits.
2. Supply-chain disruptions can have long-lasting, reputational effects.
3. How we protect the integrity of our data is at the core of cybersecurity.

1. The relationship between government business in cyber (12:56)
2. How boards should plan for a cyber attack (15:40)
3. Collaborating within and across industries (22:24)

1. “I've said many times that good compliance doesn't equal good security, but good security does equal, nine times out of 10, very good compliance. So where do we go with all of that? I do think that we're probably getting to a point, sadly, where we need to be viewing some of the security processes that we need to undergo in the same way as we consider financial audits.” - Steve Durbin
2. “I think that the day is gone when you can rely on your defenses. So boards have to be planning for the day when the defenses fail. When an attack really starts to make an impact on your business. The starting point is to figure out how long you can be without your systems. It may sound like a strange thing to say, but that's the important starting point for me.” - Steve Durbin
3. “Security is not, in my opinion anyway, a competitive advantage. And because it's not a competitive advantage, there shouldn't be this massive barrier to sharing some of the ideas, some of the attacks that are out there for the good of the industry.” - Steve Durbin

Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve sits down with Tom Hardin, aka Tipperx — best known for helping expose a massive Wall Street insider trading ring. Steve and Tom discuss early warning signs that an organization might be crossing ethical or legal lines, how to build an organizational culture that promotes openness and protects from insider threats, and how to get employees to buy into things like good cyber hygiene.

Key Takeaways:

1. Governments must work with the private sector to achieve a cyber-secure environment.
2. Boards are increasingly aware of cyber risks, but more work is needed.
3. Global trust is dissipating.

1. The changing landscape of critical national infrastructure (5:46)
2. Security vs. privacy in the UK (9:27)
3. An ongoing, structural geopolitical shift (15:18)

1. “We need to make sure that we are thinking right across government when we are thinking about the approach to critical national infrastructure and how we can make it most safe for our users and for our populations.” - Sir Jeremy Fleming
2. “I still encounter plenty who haven't done one for 18 months, who haven't updated to the latest threat environment, who haven't thought about geopolitics coming into play. Haven't checked that they've still contracted with a company who's gonna help them wind back in the event that they are breached. Hasn't thought seriously about whether it's gonna pay a ransom. The implications of paying a ransom.” - Sir Jeremy Fleming
3. “The first thing is that what we're seeing now around changes in geopolitics is definitely a structural change. It's not a cyclical change. So the post 1948 Bretton Woods approach to the global order, with a whole load of United Nations agencies, World Health Organization, World Trade Organization, our approach to international aid, World Bank, these are all institutions that have changed fundamentally and won't change back.” - Sir Jeremy Fleming

Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve sits down with Tom Hardin, aka Tipperx — best known for helping expose a massive Wall Street insider trading ring. Steve and Tom discuss early warning signs that an organization might be crossing ethical or legal lines, how to build an organizational culture that promotes openness and protects from insider threats, and how to get employees to buy into things like good cyber hygiene.

Key Takeaways:

1. The most underappreciated leadership skill is listening.
2. Compliance must never be an afterthought or just a check-box exercise.
3. Anybody has the potential to become an insider threat.

1. The fraud triangle (4:10)
2. How cybersecurity leaders can build a culture that discourages insider risk (7:12)
3. Striking a balance between trust and control (15:12)

1. “But you don't get people to speak up by telling them to speak up. You actually have to, if you're gonna tell them to do that, you have to listen up. So I always encourage leadership to work on their listening skills.” - Tom Hardin
2. “If you have a rule that a few people break, you have a people problem. If you have a rule that a lot of people are breaking, you have a rule problem.” - Tom Hardin
3. “You could be one decision away. Never feel like it couldn't be you. Just have a healthy paranoia when you're in situations and not to feel like that could never be me crossing a line, because that's when we're most susceptible to that.” - Tom Hardin

Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.