IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Unnamed 3 (2)
#
Firewalls
#
Endpoint Protection
#
DevOps

UK bill accelerates shift to offensive cyber security

Sat, 24th Jan 2026
Author image
By Sofiah Nichole Salivio, News Editor

The UK's forthcoming Cyber Security and Resilience (Network and Information Systems) Bill is sharpening the focus on demonstrable cyber resilience across a wider set of organisations, including suppliers and infrastructure providers, as threat activity intensifies.

Horizon3.ai said the UK faces rising cyber pressure amid geopolitical tensions. The company said criminal groups and state-backed actors have increased the pace of attacks and adopted more aggressive methods.

Keith Poyser, Vice President for EMEA at Horizon3.ai, said the gap between attackers' tactics and many organisations' defensive readiness continues to widen. "The disparity between increasingly aggressive tactics used by cybercriminals and state-sponsored threat actors, and organisations' defensive capabilities continues to grow. Addressing this requires a move towards proactive, offensive security," said Keith Poyser, Vice President for EMEA, Horizon3.ai.

Regulatory pressure

The Cyber Security and Resilience (Network and Information Systems) Bill entered Parliament in late 2025 and is expected to move through the legislative process during 2026. The government has positioned the bill as a major update to the UK's cyber framework for essential services and digital service providers.

Horizon3.ai said the bill broadens the set of organisations expected to meet higher cyber standards. It highlighted managed service providers, data centres, and critical suppliers. The company also pointed to tighter cyber incident reporting obligations. It said regulators would receive notifications more quickly during an attack.

The company said the bill would also strengthen enforcement powers for regulators. It said those powers would increase pressure on organisations to show compliance across essential and digital service sectors.

For many organisations, that change shifts the discussion from policy and assurance statements to evidence. It also raises questions about the frequency and depth of security testing.

Testing claims

Poyser argued that many companies still lean heavily on defensive tools without validating how those controls perform under attack conditions. "Cybercriminals and state-backed threat actors are acting faster, more aggressively, and with far greater innovation-especially through the use of artificial intelligence-while too many businesses continue to rely on traditional defensive methods. This widening gap must be closed urgently," said Poyser.

He also linked the coming UK legislative changes to a push for more proactive security validation. "Organisations must take proactive steps now-before regulations tighten further-to understand their real exposure and strengthen resilience. Offensive security approaches, such as continuous, autonomous pentesting, provide the evidence needed to stay ahead of attackers rather than reacting after the damage is done," said Poyser.

Security teams have widely adopted firewalls, endpoint protection and intrusion detection. Horizon3.ai said those measures often fail to provide proof that controls work in real-world conditions. The firm compared this to installing an alarm without confirming it triggers during a break-in.

"This approach is like installing an elaborate alarm system in your home without checking whether it actually sounds during a break-in," said cybersecurity specialist Keith Poyser. "In 2026, it is well past time for a fundamental shift towards offensive security methods. To keep the analogy going: you need to hire burglars to see whether they can bypass the alarm system. Any weaknesses they uncover must be fixed quickly-and then you must test again to ensure new weaknesses haven't emerged. If you want real criminals to fail, this process can never stop."

Autonomous pentesting

Poyser described penetration testing as a practical way of measuring risk. He contrasted periodic testing with continuous approaches. "In cybersecurity, that real-world test is called a penetration test-or 'pentest'," said Keith Poyser. "But instead of hiring a burglar once in a while, companies now have access to autonomous pentesting platforms-effectively a robotic army of benign intruders that test your systems continuously," said Poyser.

Horizon3.ai said these tools emulate how threat groups operate across multiple targets and technology environments. It said attackers reuse successful techniques across organisations that share similar technology stacks. "A flaw that allows a break-in at one organisation is almost certainly present in another using the same technology stack. This is exactly how today's cybercriminal gangs operate, adjusting and improving their techniques as they move from target to target," said Poyser.

The company said this attacker-style approach changes how risk gets measured and prioritised. It said corporate security teams struggle to maintain an accurate picture of exposure through passive controls and periodic checks. "It is increasingly unrealistic for corporate security teams to maintain an accurate understanding of their true risk exposure using only traditional, passive methods," said Keith Poyser. "Threat actors do not wait for annual audits or one-off checks. Unless organisations test their systems in a way that reflects how real attackers operate, they will continue to be caught off-guard," said Poyser.

Product direction

Horizon3.ai has enhanced its offensive security platform with the introduction of 'Threat Informed Perspectives', a feature designed to provide organisations with a comprehensive view of their digital environment from an attacker's vantage point. By mapping potential attack paths, the tool demonstrates how an adversary might chain together multiple weaknesses, starting from specific triggers such as misconfigured cloud services or compromised credentials, to breach a network.

This approach prioritises measurable security improvements, allowing technical teams to identify and remediate the most critical risks first. Furthermore, the platform enables organisations to track changes in their exposure over time, providing a clear framework for communicating security progress and resilience levels to executives, auditors, and regulators.

"Organisations need evidence, not assumptions. By aligning security validation with how attackers think and move, you get a much clearer picture of where your defences are working - and where they are not. That clarity is essential if businesses are to build meaningful resilience against evolving threats," said Poyser.

Related stories
Percona maps 2026 growth with new tech & leadership
Hackers ditch noisy ransomware for stealthy data theft
SmarterMail flaw exploited in China-linked ransomware push
PowerX unveils AI tool to automate tower maintenance
Wordly launches Workspaces for everyday AI translation

Top stories

Kyndryl unveils policy-as-code guardrails for AI agents
Genetec adds case investigation tools to Security Centre SaaS
CodeRabbit unveils Issue Planner to sharpen AI briefs
Calero unveils AI assistant for telecom invoice insight
Qlik rolls out governed agentic AI & MCP for Qlik Cloud