Directors should face criminal prosecution for cyber security negligence. The HSE precedent proves personal criminal liability transforms director behaviour. Before HSE had teeth, workplace deaths were common. After directors faced imprisonment, safety transformed. Civil liability isn't working for cyber security: 73% of businesses lack board responsibility despite 43% breach rates and 28% closure risk. Friday's case study showed £3.337 million loss preventable with £90 investment. Proposed: Cri
Noel spent Monday and Tuesday explaining what reverse benchmarking is and how to implement it technically. Both excellent. Both necessary. Both completely inadequate if you don't understand why organizations systematically fail to learn from disasters. Here's the uncomfortable truth: most breaches happen not because organisations don't know what to do, but because human psychology actively prevents them from doing it. Normalcy bias makes us believe disasters happen to others. Optimism bias creat
I am tired of watching preventable disasters kill people while executives walk away with bonuses intact. A patient died because Synnovis did not enable free multi-factor authentication. Nobody will face criminal prosecution. If a construction director failed to provide hard hats and a worker died, that director would go to prison. Yet when healthcare executives fail to enable free security controls and a patient dies, nothing happens. This is not justice. This is not accountability. This is a br
