What does the UK’s new Cyber Security and Resilience Bill actually mean for mid-sized businesses that sit quietly inside complex supply chains, often assuming the rules are aimed at someone else?

In this episode of Business of Cybersecurity, I sit down with Jason Revill, Global Security Practice Technology Lead at Avanade, to unpack why this legislation represents a genuine shift in how cyber risk will be judged, enforced, and felt across the UK mid-market. While much of the public debate has focused on critical national infrastructure, Jason explains why managed service providers and mid-sized firms are now firmly in scope, particularly those that underpin larger enterprises. Mandatory incident reporting, tougher expectations, and turnover-based penalties are changing cyber resilience from a technical concern into a board-level business issue.

We explore why outsourcing cybersecurity no longer reduces accountability, even though nearly half of UK mid-market firms rely on third parties to manage their defenses. Jason shares real-world insight into how supply chain vulnerabilities are driving a growing share of breaches, why identity and access management has become a weak link, and how attackers increasingly exploit trust between organizations rather than technical flaws alone. The conversation also looks at the rising threat of legal action following breaches, with group claims against well-known UK brands signaling a wider shift in public and regulatory expectations.

Crucially, this is not a fear-driven discussion. Jason offers a grounded perspective on how mid-sized organizations can move beyond checkbox compliance and embed security into everyday operations without grinding the business to a halt. We talk openly about cost, trade-offs, and why resilience planning only works when it is owned by the whole organization, not just the security team. For leaders heading into a new year facing tighter scrutiny and higher stakes, this episode offers clarity on what good looks like in practice and how to start building it.

If cyber resilience is quickly becoming a license to operate rather than an optional safeguard, how prepared is your organization for the expectations that customers, regulators, and even the public are about to place on it, and what would it take to get ahead of that curve rather than react after the fact?

Useful Links

• Connect With Jason Revill
• Learn More About Avanade
• Cyber Security and Resilience Bill

Tech Talks Network is sponsored by Denodo

How do you protect factory floors, utilities, and critical infrastructure when IT and OT finally run on the same nervous system? That is the challenge at the heart of my latest conversation with John Walsh, Field CTO at IGEL Technology, recorded live at the IGEL Now and Next event in Frankfurt.

Back in March in Miami, John and I talked about zero trust as an ecosystem rather than a product, a way to bring unified management and strong policy enforcement to the endpoint. This time, we take that thinking to the operational technology world, where the stakes feel very different. When a cyberattack hits a factory, it is not only data at risk. It can stop production lines, damage equipment, and cost millions in downtime. John explains how a prevention first mindset, backed by IGEL’s immutable OS, Universal Management Suite, and OEM ready integrations, is helping manufacturers and OEMs move security out to the edge where attacks actually begin.

Across the episode, John lifts the lid on IGEL’s work with partners such as Intel, Honeywell, Zscaler, and others who see OT as a growth frontier. We talk about US Department of Defense zero trust 2.0 requirements, European regulation, and what it really takes to extend zero trust thinking from the office to the plant. From dark industrial networks to containerized workloads at the edge, from sensor attestation to the kill chain, this is a grounded look at how endpoint security, confidential compute, and sovereign architectures are reshaping industrial resilience.

This one is for anyone who cares about the future of secure infrastructure, whether you work in manufacturing, utilities, or simply want a clearer view of where zero trust is heading as AI powered threats accelerate. Do you believe prevention first security can truly keep pace with autonomous attacks, or are we still leaning too heavily on detection and response thinking from an older era of cyber? I would love to hear your thoughts.

What does business continuity really mean when thousands of devices across a hospital or enterprise go dark? In this episode, Jason Mafera, Chief Technology Officer for Healthcare at IGEL, joins me at the Now and Next event in Frankfurt to explore why endpoint resilience has become one of the most overlooked priorities in cybersecurity.

Jason explains why hospitals and healthcare providers have zero tolerance for downtime, and how the same principle applies across every industry where endpoint failure halts operations. He breaks down how IGEL’s prevention-first approach and its Business Continuity and Disaster Recovery solution can restore access within minutes, even during a ransomware event that would otherwise take weeks or months to recover from.

For cybersecurity analysts evaluating endpoint protection, Jason offers valuable insight into what a prevention-first model looks like in practice. He describes how secure-by-design, read-only operating systems, dual boot capabilities, and layered recovery options create an architecture that is both lightweight and resilient. Analysts looking to compare endpoint strategies will find this discussion useful for understanding how organizations can combine operational uptime, rapid recovery, and measurable ROI without adding complexity or cost.

We also discuss how prevention-first design changes the economics of IT. Jason shares examples of how organizations are cutting costs, improving patient safety, and aligning endpoint strategy with Zero Trust frameworks to strengthen both security and productivity.

It is a fascinating look at how the business of cybersecurity is changing, and why protecting the endpoint is no longer optional. Are enterprises finally ready to treat endpoint continuity as part of their core business strategy? I would love to hear your thoughts after the episode.

Useful Links

• Connect with Klaus Oestermann on LinkedIn
  • Learn more about IGEL
  • Follow on LinkedIn, Twitter and YouTube

Tech Talks Daily is Sponsored by NordLayer:

Get the exclusive Black Friday offer: 28% off NordLayer yearly plans with the coupon code: techdaily-28. Valid until December 10th, 2025. Try it risk-free with a 14-day money-back guarantee.