Cybersecurity Awareness Month: Advice for Tackling the Risks
October marks Cybersecurity Awareness Month – and its significance feels more pressing than ever.
With high-profile organisations facing a surge in attacks – from JLR to M&S, Asahi to Harrods – the scale and sophistication of attacks are intensifying.
And as public awareness of these breaches grows, so too does the urgency around stronger cyber resilience.
The growing impact of AI-driven risks and quantum computing challenges is adding fresh complexity to the threat landscape.
With expanding attack surfaces – from shadow AI exploitation to supply chain weak points – organisations must prioritise vigilance and strengthen defences with more adaptive strategies.
The fundamentals of cybersecurity
While emerging technologies like AI agents and quantum cryptography are reshaping the cyber landscape with new challenges, the fundamentals of security remain essential.
Practices such as strong passwords, multifactor authentication, regular system updates and heightened scam awareness form the backbone of protection for both individuals and enterprises.
Increasingly, real-time behavioural coaching is proving a more effective supplement to once-a-year training programmes.
Equally important is a cultural shift that views risk as something to be harnessed rather than avoided, driving stronger collaboration and innovation.
At the same time, board-level accountability and layered risk management are now business-critical, with tools like forensic logging, phishing-resistant MFA and readiness for post-quantum cryptography forming vital elements of resilience as organisations look ahead to 2026.
The importance of Cybersecurity Awareness Month
Cybersecurity Awareness Month underscores the constantly shifting nature of the threat landscape and the critical need for proactive defence.
With cyberattacks growing ever more sophisticated – accelerated by advances in AI and the looming risks of quantum computing – this month serves as a reminder of the practical steps required to strengthen digital hygiene.
By embedding a security-first culture, the campaign highlights how reducing human error, bolstering resilience and protecting essential infrastructure depends on shared responsibility, making cybersecurity a year-round priority for all.
Cybersecurity Awareness Month: The experts’ take
Anand Kashyap, CEO and Founder of Fortanix, says: “In recognition of Cybersecurity Awareness Month, we urge CISOs and security leaders to elevate their vigilance – not only against the expanding attack surface introduced by shadow AI and latent vulnerabilities in data pipelines and models, but also toward the imminent cryptographic threats posed by quantum computing.
“As AI increasingly underpins business functions – from customer interactions to code generation – the risks of unmanaged model use, data leakage and supply-chain tampering demand stronger governance, encryption at rest, in motion, in use and model integrity assurance, all grounded in a robust AI Risk Management Framework.
“Simultaneously, the quantum era is not a distant concern – today’s encrypted data is susceptible to “harvest now, decrypt later” attacks, making post-quantum cryptography and crypto-agility urgent and essential pillars for future-proofing sensitive information.
“Forward-thinking organisations should begin inventorying their cryptographic footprint, prioritising long-life data, exploring NIST-standard PQC algorithms like ML-KEM and ML-DSA and embedding flexibility into encryption systems now.”
SentinelOne AI and Cloud Security Evangelist Chris Hosking adds: “Cybersecurity Awareness Month is not just a time to celebrate AI breakthroughs, but a reminder that innovation without security can undermine the very progress AI promises to deliver.
“This risk is heightened by the sudden rise of AI agents, which are reshaping cybersecurity faster than most organisations can keep up. The question is no longer how to use agents, but how to secure them.
“Agentic AI has moved rapidly from theory to reality, but unless controls keep pace, innovation without security can compromise the safety and security of operations.
“As security teams develop AI-powered lines of defence, attackers are weaponising the same advancements.”
Jacki Muir is Director ID Support NSW at NSW Department of Customer Service.
She says: “The reality is online safety requires constant vigilance, but with a few simple steps you can stay ahead of cybercriminals.
“Strong passphrases, regularly updating your device, turning on multi-factor authentication and always thinking before you click can keep you safe from those looking to take what is yours.
“This Cyber Security Awareness Month we are urging the public to think about how secure they are online and to revisit any safety protocols that may be out of date.”
Karl Holmqvist, Founder and CEO at Lastwall, also shares his thoughts as Cybersecurity Awareness Month kicks off.
He says: “The job this year should be about moving the few levers that bend risk fastest under real-world constraints.
“As we vector into 2026, try to start where the adversary does. Require routers, VPNs and firewalls to produce forensically capable logs and prove you can pull them. Harden identity, especially where friction pays. Make phishing-resistant MFA mandatory for admins and all critical systems. Shorten token lifetimes and bind sessions to devices.
“Where you need to, allow exceptions, but log and expire them quickly. To borrow a phrase, measure what matters. Build and then improve change-latency metrics. Awareness is the start, but readiness is proof.
“Organisations that practice identity integrity, edge evidence and cryptographic agility will have an easier time navigating 2026. For most, there is a lot to change. For many, it won’t be easy to do all these things, which is why it is important to start taking the action you can now.
“Don’t wait until it’s too late.”
Netskope Threat Labs research finds that while Gen AI platform usage among enterprise end-users increased by 50% in the three months ending May 2025, more than half of this adoption came through shadow AI, in which users ignored approved systems and policies – something they were doubtless explicitly warned against in that annual training.
Netskope’s Vice President of UK & Ireland, Colette Kitterhing, adds: “Most organisations still rely on annual training to raise cybersecurity awareness. But vulnerabilities arise in the gaps between formal sessions, when employees are focused on getting work done and potentially prepared to sidestep company tools and guidelines.
“The surge in Gen AI use is a timely example of this. So while Cybersecurity Awareness Month is never a bad thing, real-time continual coaching is significantly more effective.
“For organisations, the priority should be to embed coaching into daily workflows, guiding people towards approved tools and safer practices without slowing them down. It’s a more balanced approach: protecting data while enabling workplace innovation to continue.”
Elyse Gunn, CISO at Nasuni, continues this sentiment.
She says: “The greatest innovation in cybersecurity today is not a tool or a technology. It’s a cultural shift – a deliberate move to harness risk rather than avoid it. That means saying, 'Let’s see how we can make this work, safely and with the right controls,' instead of defaulting to no.
“This mindset does more than reduce risk – it builds competitive advantage.
“When teams know they can bring ideas to the CISO and be met with an open mind, it builds trust and unlocks collaboration. Security becomes a partner in innovation and progress.
“The alternative? Shadow IT, insecure workflows and risks that surface only after damage is done. Saying no does not eliminate risk; it simply drives it underground."
Jack Cherkas, Global Chief Information Security Officer at Syntax, continues: “In an era of Gen AI, automation, quantum computing and advanced security platforms, it’s tempting to believe that only the latest technology can keep you safe online.
“The fundamentals – strong passwords, multi‑factor authentication, timely software updates and scam awareness – remain the most consistently effective defenses for both organisations and individuals.
“For businesses, these basics safeguard operations and reputation – for individuals, they protect finances, privacy, and daily life.
“Getting them right is the cornerstone of cyber resilience and the foundation for safe innovation.”
Kevin Landt, VP of Product, Cybersecurity at Thrive, says: “Responsibility for cybersecurity in an organisation is no longer confined to the IT team – it’s now a major business imperative at board level.
“The risks presented by a breach can be catastrophic and, with attack methods rapidly evolving due to innovations in AI, the consequences of a successful incident can be both financial and reputational in nature.
“To prepare for what now seems to be an inevitable reality, organisations need to take a layered approach that incorporates an initial assessment of potential vulnerabilities, effective controls to manage risk and defined roles and responsibilities to identify potential threats and respond effectively to an incident.
“Humans unfortunately remain the weakest link when it comes to cyberattacks. The good news is that more effective training strategies are starting to be implemented, which train staff on how to spot potential risks and emerging threats such as deepfakes and AI-driven attacks.
“Businesses are also able to fight fire-with-fire by adopting AI-powered solutions, such as tools to spot AI-created phishing emails, in order to ensure they keep pace with the evolving techniques adopted by bad actors.
“By focusing on training, technologies and carefully selected partnerships, businesses can move from a reactive to proactive stance, with the resilience to respond effectively, recover quickly from events and protect their data and operations.”
