St Georges Strategy

Signals / Cyber

Threats, vulnerabilities, identity, and response

The cyber page links threat and vulnerability signals to practical evidence: who owns the risk, what was tested, what was patched, and how the firm would recover.

Supporting evidence

Ten further cyber signals

The shortlist carries the leadership read. These supporting rows preserve the source trail behind cyber governance, identity, threat intelligence, incident response, and supplier exposure.

  1. 06

    Basic control hygiene remains the first test of cyber governance

    Official guidance / NCSC 10 steps
  2. 07

    Identity and access management should be treated as a board-visible cyber control

    Official guidance / NCSC IAM
  3. 08

    Known exploited vulnerabilities should drive risk-based patch prioritisation

    Threat source / CISA KEV catalog
  4. 09

    Threat landscape reporting should refresh scenarios and control tests

    Threat source / ENISA
  5. 10

    Incident management needs rehearsed decisions, not only technical playbooks

    Official guidance / NCSC incident management
  6. 11

    Sector cyber resilience should connect firm controls to systemic operational risk

    Official source / Bank of England
  7. 12

    Cyber incidents should map to important business services and impact tolerances

    Official expectations / FCA operational resilience
  8. 13

    Supply-chain cyber assurance needs evidence beyond questionnaire completion

    Official guidance / NCSC supply chain
  9. 14

    Cyber breach survey trends can test whether internal scenarios are stale

    Official statistics / UK government
  10. 15

    Cloud security posture should connect architecture, logging, recovery, and operational responsibility

    Official guidance / NCSC cloud

Why it made the weekly brief

The editorial judgement

Cyber matters when it changes the evidence a firm needs to produce about exposure, response readiness, recovery, supplier control, and customer impact.

So what

Cyber is an operating-risk signal, not a technology sidebar

Threats only matter to the brief when they change service continuity, customer outcomes, legal notification, or board confidence.

Who cares

CISO, CIO, COO, resilience, legal, compliance, procurement, and boards

The same incident can trigger cyber, resilience, third-party, conduct, privacy, and regulatory-notification questions.

Evidence needed

Exposure, ownership, test results, patch decisions, and recovery evidence

Good assurance explains what is vulnerable, what is prioritised, what is accepted, and what happens if the control fails.

Control evidence checklist

What the reader should ask for

Cyber evidence should show how a threat becomes a governed decision and a tested operating response.