Feed aggregator

• Some key details of the folding iPhone have leaked
• Expect four cameras, two colors, and Touch ID
• We'll probably see the handset launch in 2026

At this point it seems almost certain that Apple is going to bring out a foldable iPhone in September 2026, and we just got a few more details about what to expect from an Apple tipster who is usually more reliable than most.

That tipster is Mark Gurman at Bloomberg, who says that the folding Apple phone is going to use Touch ID rather than Face ID. While all the current iPhones now use Face ID, the thinking is that the required sensors would add too much thickness to the foldable.

Apple is therefore going to go with Touch ID to keep the device as thin as possible, Gurman says, and there'll be no SIM card slot for the same reason – this is going to be eSIM only. Previous leaks have predicted the phone will be 4.8 mm thick when unfolded, compared to the 4.2 mm of the recently launched Samsung Galaxy Z Fold 7.

This latest report also states we're going to get four cameras on the folding iPhone: one on the outer screen, one on the inner screen, and two on the back (which will both be 48MP cameras, according to an earlier rumor).

Creasing up

The Apple iPhone 16 is about to get a successor (Image credit: Future)

If past reports are to be believed, one of the reasons a foldable iPhone has taken so long is because Apple is very keen to make the screen crease as invisible as possible, and it seems the company now has a display setup it's happy with.

As per Gurman, the folding iPhone is going to use what's known as an in-cell touchscreen, with an integrated display and digitizer layer. That would make the screen tech similar to what we have on the current iPhone models, ensuring a "less obvious" crease and improving touch accuracy.

Other tidbits from the report: the folding iPhone will be available in black or white, and will include Apple's own C2 modem chip that's expected to debut in the iPhone 17 (and which should lead to improved efficiency and battery life).

Gurman says the foldable iPhone will be a "game changer" for Apple, and his belief is that anyone who makes the switch to a folding iPhone won't want to go back. First though, we're got this year's iPhone 17 launch coming up next month.

You might also like

• Apple is reportedly working on a folding iPad too
• These are the best foldables you can buy right now
• We may see a camera tweak on the folding iPhone

• A new phishing scheme successfully bypasses most security tools
• It abuses ads and Microsoft's Active Directory Federation Services tool
• It is designed to steal login credentials, so users should take care

Cybercriminals have found a clever way to make phishing sites look like legitimate login pages, successfully stealing Microsoft credentials, experts have warned.

Cybersecurity researchers at Push Security recently published an in-depth report on how the scam works, outlining how the attackers created fake login pages that mimicked authentic Microsoft 365 sign-in screens.

Then, instead of sending victims directly to the site, which would probably get flagged by security solutions and quickly blocked, they used a Microsoft feature called Active Directory Federation Services (ADFS). Companies normally use it to connect their internal systems to Microsoft services.

How to stay safe

By setting up their own Microsoft account, and configuring it with ADFS, Microsoft’s service is tricked to redirect users to the phishing site, while making the link look legitimate because it starts with something like ‘outlook.office.com’.

Furthermore, the phishing link was not being distributed by email, but rather - malvertising. Victims were searching for “Office 265” which was presumably a typo, and were then taken to an Office login page. The ad also used a fake travel blog - bluegraintours[.]com - as a middle step to hide the attack.

The way the entire campaign was set up made it particularly dangerous. With the link looking like it was coming from Microsoft, and it successfully bypassing many security tools checking for bad links - its success rate was probably higher compared to “traditional” phishing.

Furthermore, since it doesn’t rely on email, the usual email filters couldn’t catch it. Finally, the landing page could even bypass multi-factor authentication (MFA), which made it even more dangerous.

In order to prevent such scams from causing any real harm, IT teams should block ads, or at least monitor ad traffic, and watch for redirects from MIcrosoft login pages to unknown domains.

Finally, users should be careful when typing in search terms - a simple typo can lead to a fake ad that can result in device compromise and account takeover.

Via BleepingComputer

You might also like

• The growing threat of device code phishing and how to defend against It
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers

At a summit meeting in Washington, D.C. on Monday, the U.S. and South Korean presidents will discuss modernizing their 71-year-old alliance and fleshing out a trade deal reached last month.

(Image credit: Ahn Young-joon)

Twenty years after Hurricane Katrina, retired Lt. Gen. Russel Honoré, who led recovery efforts as commander of Joint Task Force Katrina, urges people to be prepared for future disasters.

(Image credit: Justin Sullivan)

It's a growing fitness trend. People say wearing a weighted vest when you exercise builds bones, strengthens muscles and improves cardiovascular health. But does research back up these claims?

Dozens of immigration courts across the country have become epicenters of the Trump administration's efforts to increase the rate of immigration arrests.

(Image credit: Keren Carrión/NPR)

The city's school system looks almost nothing like it did 20 years ago. People in New Orleans have strong opinions about whether that's good or bad, but the data is hard to argue with.

(Image credit: Emily Kask for NPR)

Ashley Ludlow; her mother, Judy; and her sister, Whitney Peattie.'/>

Ashley Ludlow's mother passed away in the hospital in 2005. She had followed her mother's wishes and asked that she not be resuscitated. That decision weighed heavy on her until a nurse reassured her.

(Image credit: Family photo)

• Elipson launches Horus 6B bookshelf and Horus 11F active floorstander speakers
• 50W stereo amplification, aptX HD, USB Audio and HDMI ARC
• £399 (about $530 / AU$840) and £899 (about $1,200 / AU$1,880)

French luxury audio brand Elipson has announced two new active speakers in its Horus range: the Horus 6B Active BT bookshelf speaker and the Horus 11F Active BT floorstander.

Both sets of speakers have built-in 50W stereo amplification, a "sophisticated" bass reflex system, 130mm glass fiber-reinforced cellulose pulp bass/mid-range drivers, and 25mm silk dome neodymium tweeters, and they're available in three finishes: light wood / beige, walnut / dark gray, and black / carbon.

(Image credit: Elipson)Elipson Horus Active BT speakers: key specs and pricing

The Horus 6B Active speakers have a USB Audio connection for PC or Mac offering plug-and-play audio at up to 24-bit/96kHz, and they also have a moving magnet (MM) phono input for your turntable so you can connect it without also needing a pre-amp.

Both sets of speakers also have HDMI ARC for a TV, coaxial and optical inputs (24-bit/192kHz) and Bluetooth 5.0 with aptX HD.

Frequency response is 40Hz to 20,000Hz for the floorstanding Horus 11F Active BT and 55Hz to 22,000Hz for the bookshelf Horus 6B Active BT.

The bookshelf speakers are available now and the floorstanders will go on sale in early October 2025. The recommended retail price is £399 (about $530 / AU$840) for the Horus 6B Active BT and £899 (about $1,200 / AU$1,880) for the Horus 11F Active BT.

You might also like

• Elipson's new compact streaming amp looks like a brick, but kicks like a horse
• Best stereo speakers 2025: stereo systems for all budgets
• Audio-Technica's cheap active bookshelf speakers look ideal for new vinyl fans

We are at a tipping point for quantum computing, which is on the verge of becoming a reality. While its potential is tantalizing, it also represents an unprecedented threat to the traditional data security infrastructure and the cryptographic algorithms that protect it. Post-quantum cryptography – algorithms designed to be secure against classical and quantum computer attacks – is the response.

Quantum computers exploit the principles of quantum mechanics to solve complex problems that classic computers cannot feasibly tackle. Quantum computers use the principles of quantum mechanics to process information in a way that uses qubits, which can exist in multiple states, as opposed to normal computers, which only use "zeros" and "ones". This creates an exponential scale, which is what gives them their computational power.

Of particular concern is their ability to crack widely used public key encryption algorithms such as RSA and ECC (elliptic curve cryptography). By the time a sufficiently powerful quantum computer becomes available, these encryption methods, which protect virtually all current digital communications, will be obsolete.

The date when cryptographically-relevant quantum computers will appear remains uncertain: estimates range from five to 10 years. However, the risk is immediate due to the "harvest now, decrypt later" attacks that are already taking place, especially for data with a longer lifetime.

If an organization retains sensitive data for the long term, such as financial information, personal data or even trade secrets, this represents a significant and growing risk.

What is at stake is nothing less than the most valuable digital assets: intellectual property, private and sensitive data, authentication systems and secure communications.

The financial, operational and reputational damage from such exposures could be catastrophic, and unavoidable without proactive measures.

What is post-quantum cryptography?

Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to be secure against attacks by classical and quantum computers. These algorithms are based on mathematical problems that remain difficult to solve even for quantum computers.

In 2024, the National Institute of Standards and Technology (NIST) published its first set of standardized post-quantum cryptographic algorithms, including CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+ and FALCON. In March 2025, NIST selected a new algorithm, Hamming Quasi-Cyclic (HQC), which will serve as a backup to the existing Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) algorithms recommended by FIPS 203 to protect against quantum attacks.

HQC is based on error-correcting codes, a concept that has been fundamental to information security for decades. Unlike ML-KEM, which relies on structured networks, HQC's unique mathematical basis offers a robust alternative that can help combat the potential threats posed by future quantum computers. This shift in mathematical approaches is crucial for maintaining the integrity of encrypted data.

The time for change is now

The time when currently encrypted data can be decrypted using quantum technology is closer than many people think. However, while most organizations are actively working on cyber resilience strategies, including their core IT infrastructure and components of the supply chain, the risk to quantum computing is not as widely considered.

Changing cryptography in a complex IT environment is not something that can be done overnight. It can take years, especially for large organizations with complex IT environments. Historical precedent shows that major cryptographic transitions typically take 5-10 years to complete.

Beginning the transition

To begin a transition to post-quantum cryptography, a number of steps must be followed:

1. Cryptographic inventory: Not all data is equally important, and not all data needs to be encrypted in the same way. It is therefore necessary to identify where cryptography should be used in the digital heritage. This should include the most sensitive data, applications, networks, identity systems, and third-party connections.

2. Risk assessment: Given the cost of post-quantum cryptography, it makes sense to prioritize protecting the most sensitive data rather than trying to protect everything. Evaluate your data in terms of its sensitivity and longevity. Information that must remain confidential for more than five years should receive immediate attention. For less sensitive data, standard encryption methods will suffice in keeping it secure.

3. Crypto-agility implementation: Being crypto-agile – having the ability to switch between different cryptographic algorithms in response to new threats – will be essential in the post-quantum era. Develop frameworks that allow you to quickly replace cryptographic algorithms without the need for extensive system redesign. Crypto-agility also requires employee training, so invest time and resources to bring your employees on this journey with you.

4. Prioritized migration: Start with your most sensitive systems and data, particularly those that protect intellectual property or personally identifiable information.

5. Supplier engagement: Confirm that all suppliers in your ecosystem are aligned with emerging standards to ensure end-to-end protection and agility.

In summary

By starting your post-quantum transition today, you can help protect your organization's most valuable data as we enter the quantum era. The alternative is to wait for quantum computers to break existing encryption – by then, it will be too late for data that has already been compromised. The future is quantum and the time to future-proof your data is now.

We list the best performance management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Surfshark has conducted a review of location-hungry social media apps, including X, Instagram, and Snapchat
• Of the 10 social media apps analyzed, X demands the most granular location data
• Data was collected in August 2025 from the Apple App Store

Think you’ve got your privacy covered? It could be time to give that a rethink, especially if you’re a regular user of X and other social media apps.

A study from leading VPN provider Surfshark has analyzed the default location permissions required by the top 10 social media apps in the Apple App Store and found that most of them are very data-hungry – if not stalker-y.

Elon Musk’s X and Mark Zuckerberg’s Instagram, Threads, and Facebook especially know a lot about where you are… even if you’re using one of the best VPN apps.

Why do social media want your location data?

Your smartphone records two types of location data: precise and coarse.

Coarse data is a zoomed-out, low-resolution option that shares your general location in the world. The precise option relies on GPS, Bluetooth, and even IP addresses to determine your exact location based on nearby networks. It is the latter data that X and other networks are using, to varying degrees.

As Surfshark Chief Technology Officer, Donatas Budvytis, explains, precise location data falls under the most sensitive user data category because it can be linked to highly personal behavior and routines.

"This all can lead to building your profile, predicting behavior, or can be used for targeted manipulation and discrimination," said Budvytis.

(Image credit: Surfshark)

Location data might be helpful at times. For example, it adds some useful context to photos (and helps you find a specific image years later). It can also help you locate interesting sights and businesses nearby. Social networks, however, seem to be enjoying just a little bit too much of it.

Surfshark has discovered that while eight popular social networks collect precise location data, X is especially keen on it. Instagram, Threads, and Facebook all need a lot, as does Pinterest. Snapchat needs less; LinkedIn and YouTube require almost none.

Collecting user information in this way allows social networks to offer advertisers a better reach, ensuring targeted ads based on your location. They might even send you marketing outreach messages using this sort of data.

According to researchers, X and Pinterest may even use location data to track users. There is no clarity as to how this information is used or whether it is available to data brokers. In such a scenario, various information from other apps could be used in tandem to establish more specific and valuable data about your actions and interests.

Can’t you just use a VPN?

A virtual private network (VPN) is security software that encrypts your internet connections, while spoofing your real IP address location. (Image credit: Getty Images)

VPNs are great for specific privacy uses, but when it comes to location data collected using GPS and other networks, a VPN is less effective.

Because the VPN encrypts your internet access and routes it via a secure VPN server, only your IP address can be obfuscated. Social networks that rely on GPS and proximity to other networks – perhaps railway stations, or city centre networks – can overlook the notion that your IP address is set to Berlin if your GPS says London.

While a VPN is definitely recommended for public Wi-Fi, it’s only going to prevent bad actors with access to the network. Elon Musk and co can still record your location.

So, can you stop X from tracking you?

All social media apps have settings that you can use to tweak what information is collected. So, while you might be okay sharing photos and (potentially embarrassing) thoughts and opinions, you can at least control some of these privacy options.

In the case of X, you can open Settings > Privacy and safety > Location information and disable all three options (tap the third, Explore settings, to toggle it off) to reduce the social network’s hunger for your activities.

Other apps should have similar options. You can, of course, also disable your phone’s GPS when it isn’t required, and review your phone’s location services settings.

You might also like

• International VPN Day: a privacy solution or "a loophole that needs closing" – here's what's at stake
• Meta halts phone and browser tracking tools after researchers expose user snooping
• Is 10,000 steps a day worth your personal data? How 80% of fitness apps are selling your privacy

The Chief Information Security Officer (CISO) has rapidly evolved from a technical specialist into a strategic business leader. While still responsible for defending against cyber threats, today’s CISOs are also tasked with aligning cybersecurity initiatives to broader organizational goals. This shift is driven by a more complex threat landscape, advances in technology such as AI, and increasing regulatory pressure that holds security leaders to a higher standard of accountability.

As a result, CISOs must bridge the gap between security operations and business strategy. They are expected to translate technical risks into business impacts, engage with executive leadership, and help shape enterprise resilience.

For security and business leaders alike, this evolution highlights the critical need to embed cybersecurity into the fabric of strategic planning and decision-making for the business.

The Changing Threat and Regulatory Landscape

Cyber threats are growing in scale and sophistication. Attackers can and do use AI tools to accelerate reconnaissance, craft convincing phishing schemes, and execute ransomware at unprecedented speed. Deepfakes, autonomous malware, and AI-driven social engineering are pushing traditional defenses to their limits.

At the same time, regulatory scrutiny has intensified. Frameworks like the US Security and Exchange Commission's cybersecurity disclosure rules and the European Union’s Network and Information Security Directive 2 (NIS2) demand greater transparency, rapid incident reporting, and clearer communication of cybersecurity’s business impact. As a result, CISOs are more visible than ever—expected to brief boards, own cyber risk posture, and help ensure regulatory compliance.

Expanding Responsibilities of the Modern CISO

The role of the CISO has significantly broadened beyond traditional technical oversight. Today’s CISOs are now pivotal in securing expansive business ecosystems, encompassing cloud infrastructures, third-party vendor relationships, operational technologies, and software-based products. This expansion necessitates a unified approach to security and risk management, integrating these functions at the enterprise level. ​

In addition to these responsibilities, CISOs are instrumental in driving business efficiency and facilitating the adoption of emerging technologies. Today, the integration of AI tools and automation into security operations is transforming the cybersecurity landscape.

For instance, automation streamlines processes such as vulnerability management workflows, enabling quicker remediation, and AI enhances threat detection and response capabilities by rapidly analyzing vast datasets to identify potential risks, both of which allow security teams to focus on strategic initiatives.

As new technologies that have significant implications for business and cyber security continue to come to market - such as quantum computing and its impact on encryption - CISOs will need to stay on top of operational, business and strategic implications.

By embracing these advancing technologies, CISOs can scale their operations effectively, ensuring that human expertise is applied where it delivers the most significant impact. This evolution underscores the CISO's role as both a protector of information assets and a strategic enabler within the organization.

Bridging Security and Business Strategy

To succeed in this expanded role, CISOs must communicate risk in the language of the business. That means framing threats in terms of financial exposure, operational disruption, and reputational damage—helping executive teams make informed, risk-based decisions.

Regular board of directors engagement is now essential. CISOs must earn trust and ensure that cybersecurity is viewed not just as a compliance obligation, but as a strategic priority.

When embedded into business initiatives from the start, cybersecurity becomes a driver of innovation. It accelerates digital transformation, enables secure cloud adoption, and builds customer trust. Forward-thinking CISOs position security not as a cost center, but as a competitive advantage.

Challenges Facing CISOs in 2025 and Beyond

Despite progress, CISOs still face major roadblocks. Budgets are increasing modestly – often by 10% or less - while responsibilities grow rapidly. Security teams remain understaffed, contributing to burnout and resource constraints.

Culturally, many organizations still treat cybersecurity as a siloed IT function rather than a shared business responsibility. This lack of integration slows decision-making and limits effectiveness.

Meanwhile, legal and regulatory accountability is rising. CISOs are being named in lawsuits and enforcement actions, most notably in the SolarWinds breach, raising concerns about personal liability.

Risk-sharing mechanisms such as indemnification and Directors and Officers (D&O) liability insurance - a specialized form of coverage to protect individuals from personal losses if they are sued - are becoming essential safeguards.

As the CISO role continues to evolve, several trends will define the path forward:

AI as Standard: AI-driven detection and response are becoming baseline capabilities.

Quantum-Ready Security: Forward-looking CISOs need to begin preparing for post-quantum threats.

Board-Level Strategic Advisor: More CISOs will report directly to CEOs or boards.

Workforce Development: Organizations must invest in training to address persistent talent shortages.

Integrated Security Culture: Cybersecurity will be embedded into all business functions.

Legal Protections: More formal structures to protect CISOs from undue liability.

To stay ahead, CISOs must focus on strategic alignment, talent development, automation, and executive communication, ensuring that security becomes a shared, organization-wide priority.

From Defender to Business Enabler

The CISO’s transformation into a strategic advisor reflects a broader realization: cybersecurity is business-critical. As technology advances and threats intensify, organizations need leaders who can secure operations while enabling innovation and growth.

Security and business leaders must work in tandem investing in collaboration, communication, and continuous improvement to build resilient, forward-looking enterprises equipped for evolving risks and opportunities.

We list the best identity management solutions.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

CRM software systems were once the digital backbone of business growth, but what worked in the past doesn’t always fit the pace and pressure of today. In 2025, companies aren’t just seeking digital tools, they’re demanding agility, speed, and autonomy. And that’s exactly where legacy CRM systems are falling short.

A new wave of AI-native, no-code platforms is reshaping the industry, moving CRM from a rigid, IT-owned tool into a dynamic, business-controlled engine.

According to a recent Nucleus report, organizations shifting away from legacy vendors such as Salesforce in favor of modern no-code platforms are seeing significant improvements, including implementation times reduced by up to 70%, a 37% drop in total cost of ownership, and lead response times cut by more than 60%.

Here are five reasons why legacy CRMs are fast becoming obsolete, and why no-code is proving to be a promising, modern alternative.

1. Legacy CRMs can’t keep up with today’s speed of business

Businesses today operate in a state of perpetual change – new markets, new regulations, and new customer expectations. Yet many traditional CRMs, born in a different era, demand lengthy implementation cycles and code-heavy customization just to support basic adaptations.

In contrast, modern systems like no-code platforms are built on composable architectures that prioritize speed, flexibility, and business user autonomy. This allows organizations to configure and scale solutions rapidly without getting held back by complex, developer-led customization.

In fact, we’re seeing companies across core industries like manufacturing and financial services increasingly pivot to no-code models to avoid delays and spiraling costs.

It’s a clear signal that businesses are no longer willing to tolerate multi-year timelines to achieve meaningful outcomes. Adaptability and speed are no longer nice-to-haves, they’re essential for staying competitive.

2. AI and automation are now table stakes

Businesses now rely on AI to deliver personalized experiences, make smarter decisions, and streamline workflows. Yet many legacy CRM systems treat AI as an afterthought – a feature layered on top rather than embedded into the core of the platform.

Modern platforms, by contrast, are AI-native from the ground up. They use machine learning to automate lead routing, predict customer behavior, and optimize campaigns in real time. Organizations embracing these capabilities are seeing substantial improvements, such as a 61% reduction in lead generation response times and higher overall conversion rates.

Automating repetitive and manual tasks assist in giving teams back valuable time to focus on what truly matters, such as strategic thinking, creative problem-solving, and driving business growth.

3. The cost of complexity is unsustainable

Legacy CRMs often come with hidden costs: high developer overheads, third-party consulting fees, and expensive integrations that require constant maintenance. The burden on IT is immense, and the total cost of ownership (TCO) continues to climb long after deployment.

No-code platforms significantly lower these expenses, with firms reporting up to a 70% reduction in development costs and average savings of over $300,000 on external consultancy fees.

Newer no-code platforms remove many of these barriers by enabling configuration and updates without specialized technical knowledge. As a result, organizations are seeing a meaningful reduction in total cost of ownership. ROI is scrutinized more than ever, and the economic case for moving away from legacy tools is increasingly compelling.

4. Business teams demand control

Legacy CRM systems were designed with IT departments in mind, often requiring developer intervention for even simple changes. This creates bottlenecks and slows down innovation, particularly for departments like sales and marketing that need to move quickly and iterate on processes in real time.

No-code platforms are reversing this dynamic by giving control directly to business users. In fact, the number of citizen developers - non-technical employees empowered by no-code tools to build applications - is expected to rise by 50% this year.

With drag-and-drop interfaces, visual workflow designers, and intuitive configuration tools, non-technical staff can build and refine processes without needing to go through IT. This decentralized control fosters agility and allows organizations to respond to market shifts much faster.

5. Unified platforms drive real business agility

Legacy CRMs often operate in silos - disconnected systems for sales, marketing, service, and operations that struggle to communicate with one another. This fragmented approach creates inconsistent experiences and significant operational drag.

Modern no-code CRMs break down these barriers by unifying all functions within a single, cohesive platform. Shared data models, integrated workflows, and real-time visibility empower teams to collaborate seamlessly, respond faster to customer needs, and drive consistent outcomes.

With AI embedded throughout, this unification is key to enabling true business agility - not just reacting quickly, but aligning seamlessly across departments to deliver smarter, more cohesive customer experiences.

The no-code future is already here

The rise of no-code platforms marks a turning point in enterprise software. Rather than relying on rigid, IT-managed systems that require months of development and a deep bench of engineers, businesses now have access to tools that are fast, flexible, and accessible to all.

For organizations still tied to legacy CRM systems, the question is no longer if change is coming, it’s how quickly they can catch up. No-code isn’t just a trend. It’s a response to the urgent need for speed, adaptability, and user empowerment in the business environment.

We list the best sales CRM.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

A function that was once buried deep within IT departments, cyber security is now firmly making its way up the boardroom agenda. 72% of UK businesses now classify cyber security as a high priority, with that extending to 96% of large businesses.

As recent high-profile breaches at M&S, Co-op and Harrods have shown, cyber resilience is now central not only to operational integrity but also to brand value, regulatory compliance and investor confidence.

Greater awareness has emerged as businesses shift from short-term solutions adopted during the pandemic to long-term, strategic partnerships with specialist cyber security providers. Increasingly, organizations recognize that cyber security requires an integrated approach involving continuous monitoring and proactive risk management.

The growing complexity and specificity of cyber threats mean that a bespoke, tailored approach is necessary, driving demand for advisory-led solutions delivered by experienced, security-cleared professionals.

That shift in perception is now being reflected in dealmaking. In the second quarter of 2025, the UK cyber market saw a flurry of M&A activity, much of it led by private equity platforms executing bolt-on acquisitions. These transactions may not always grab headlines, but they are sending a clear signal - cyber security is a strategic growth priority.

A new kind of risk

The cyber threat landscape has evolved. Today’s attacks are more frequent, more sophisticated and more damaging. The recent incidents involving the “Scattered Spider” group are just the latest reminder of the long-term impact these attacks can have, beyond the legal and financial consequences, but to customer trust and brand reputation. That’s why boardrooms are starting to reassess their cyber readiness.

In sectors such as public services, infrastructure and education - where the risks of failure are especially high - strong cyber defenses are no longer optional.

In addition, the rapid advancement of AI will accelerate cybersecurity risks, as it lowers the barrier for executing sophisticated attacks and enables threat actors to automate, scale, and personalize their tactics with unprecedented precision.

Regulation is raising the stakes

At the same time, government regulation is putting company directors firmly on the hook. The UK’s proposed Cyber Security and Resilience Bill will make senior executives directly accountable for managing cyber risks and ensuring operational resilience, bringing the UK closer to European frameworks like the NIS2 Directive and DORA.

This is changing how cyber security is viewed at the top. It’s not just about ticking boxes or passing audits. It is now a central part of good governance. For investors, strong cyber capabilities are becoming a mark of well-run companies. For acquirers, it’s becoming a critical filter for M&A, particularly when dealing with businesses that hold sensitive data or operate critical systems.

This regulatory push is part of a broader global shift towards greater accountability. In response, businesses are increasingly adopting governance models that embed cyber risk management into their strategic decision-making processes. Boards that fail to adapt not only risk regulatory penalties but also stand to lose investor confidence and market competitiveness.

Private Equity steps in

While overall deal values are still below long-term trends, deal volumes are rising. In Q2 alone, there were 114 cyber-related deals across Europe and North America, well above average. In the UK, activity is particularly strong in the small to mid-sized market, with private equity firms at the forefront.

Cyber security is a highly fragmented mission critical sector with strong recurring revenues, sticky customer relationships and a compelling margin profile. In an environment where investors are increasingly focused on resilience over growth, these are attractive attributes.

From product to partnership

The post-Covid shakeout is also playing a role. Many companies quickly adopted off-the-shelf solutions during the pandemic to meet urgent needs. Today, with greater familiarity and a clearer understanding of risk, boards are opting for more tailored, enterprise-grade services.

This is not just about technology, there is a growing premium on advisory-led solutions. Highly qualified, security-cleared professionals providing bespoke assessments and continuous monitoring. In other words, clients want expertise and service, not just software.

From a valuation perspective, this matters. While public market multiples continue to fluctuate, exposed to macro shifts such as US tariff announcements earlier this year, premium valuations continue to cluster around providers with diversified offerings and deep client integration. As PE buyers weigh bolt-ons and platforms, these traits are driving acquisition rationale.

Players need to stay ahead

The forces pushing cyber up the corporate agenda aren’t going away. Threat actors are growing bolder, regulators are getting tougher and the risks remain high.

The result is a market in transition. What began as a compliance arms race is evolving into a sophisticated, services-led ecosystem. For dealmakers, this creates opportunity but also demands discernment. Not every cyber asset will command a premium.

The winners will be those with deep expertise, defensible margins and client relationships that extend beyond the server room.

We list the best client management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Hyper-personalized AI is transforming the workplace. Unlike standard automation, it works by learning from individual user behaviors, allowing businesses to tailor interactions on a much more human level. Not only does it help businesses to streamline their operations, it also drives efficiency while enhancing the user experience.

For employees, AI can suggest ways to improve productivity, automate repetitive tasks and provide real-time insights based on their work habits. In contact centers, for example, it can escalate intuitively from an AI Agent to a call with a human if it's a nuanced or complex problem.

While in retail, AI-powered assistants make personalized recommendations and offer timely discounts based on past interactions, purchasing history and market trends, which can result in impromptu purchases. It allows customers to feel like they are being listened to – and that their previous purchases are appreciated.

And it is this increasingly natural and ‘human’ experience that is helping to redefine what a digital brand interaction looks and feels like. The impact cannot be ignored.

According to Gartner, businesses investing in hyper-personalization are experiencing an uptick of 16% in commercial outcomes. The ability of AI to refine and improve interactions in real-time makes it a valuable tool for business growth. But as AI becomes more embedded – as it becomes smarter and more human – there are concerns over the impact this might have on privacy and security.

Ensuring privacy and security

After all, the very nature of hyper-personalized AI presents a paradox. The more an AI system knows about an individual, the better its recommendations. But this has led to some people raising concerns over issues such as surveillance, consent and the potential misuse of data.

It’s one of the biggest question marks still hovering over the issue of continuous learning. And without proper governance, AI may retain sensitive information, increasing the risk of unauthorized access, data breaches and regulatory non-compliance.

Thankfully, high-profile regulations such as GDPR and California Consumer Privacy Act (CCPA) frameworks already impose strict rules on data handling, and businesses failing to comply face not just legal repercussions but also reputational damage. But, that hasn’t stopped some people from pursuing AI-specific legislation – such as the AI Act in the EU – to provide specific protection.

There’s also an ethical dimension. Poorly designed AI can inadvertently reinforce biases or expose personal details that should remain confidential. If employees and customers lose trust in AI systems, companies will struggle to gain the full benefits of hyper-personalization. To thrive, organizations need to harness the power of AI while ensuring that privacy isn’t compromised.

How businesses can balance AI innovation with privacy

The good news is that businesses don’t have to choose between AI-driven efficiency and data privacy – they can have both. The solution lies in embedding privacy-first, responsible AI principles into frameworks and strategies from the outset. Here’s how:

Anchor core, long-lasting principles: Build ethical, trustworthy AI systems by prioritizing transparency, inclusiveness, and ongoing monitoring to foster trust and drive lasting value.

Establish robust governance: Define clear policies, conduct risk assessments, and assign dedicated roles to ensure compliance and ethical AI practices.

Ensure data integrity: Use high-quality, unbiased data to deliver fair and accurate AI outcomes across all user groups.

Adhere to compliance needs: Proactively address tightening regulations with strong governance and data protection to mitigate legal risks.

Test and monitor consistently: Conduct regular testing and continuous monitoring to align AI with ethical standards and performance goals.

Optimize tools effectively: Leverage advanced platform features like retrieval mechanisms and feedback loops to enhance transparency and ethical behavior.

Human oversight and participation is also part of the puzzle in optimizing and building trust in AI. At key points in AI workflows, humans help ensure accuracy and reliability. For example, in Agentic Workflows, AI breaks tasks into smaller steps and handles repetitive work, while humans review important decisions before final actions are taken.

AI then continuously learns from human input, improving over time. This approach combines the speed and efficiency of AI with the judgment and experience of human workers to create a system that is not only faster but also more reliable and adaptable.

In other words, with the right safeguards – and the right leadership and employee engagement strategy to ensure these protocols are followed – businesses can unlock the full potential of hyper-personalized AI without compromising security or trust.

The future of AI and privacy: staying ahead of the curve

What’s more, businesses that integrate privacy-first thinking into their AI strategies are likely to be the ones that thrive in the long run. The key is to build a governance framework that not only meets regulatory standards but also fosters trust among employees and customers.

One of the first steps is ensuring AI tools are rigorously assessed before deployment. That means evaluating how data is being processed, stored and used. It would also help to run pilot programs to help iron out privacy concerns and identify risks before full-scale implementation.

From the beginning, you need to work with a trusted provider to define and configure algorithms to prevent unintended biases and ensure fairness across different user groups at every level, whether it's an LLM, agent or App. AI should also be designed to evolve responsibly, integrating smoothly into workflows while maintaining strong privacy protections.

Clear visibility

Observability and traceability are crucial. Not only should people have clear visibility into how AI makes decisions, they should also be able to challenge or verify AI-generated outputs with real-time tracing, explainable AI decision paths and thought streaming.

Organizations should also be actively monitoring and optimizing AI agent performance with comprehensive analytics that track the likes of latency, workflow success, and operational efficiency. Adopting such an approach would help to build confidence while reducing the risk of AI being perceived as a black box.

Finally, we must never forget who has the final word. AI should be an enabler, not a replacement for human expertise. Organizations that combine AI’s analytical capabilities with human judgment will be better positioned to innovate while maintaining ethical and privacy standards.

There’s a lot to take in. But one thing is clear. Hyper-personalized AI presents enormous opportunities for businesses. But it comes with responsibilities. Work with vendors with a responsible AI framework and platform that ensure robust tools and embedded ethical considerations for meticulous data curation, rigorous model testing, ongoing transparency, and continuous monitoring and adaptation of AI systems.

The result then becomes not just compliance but also enhanced user trust and exceptional experiences, setting the stage for pioneering a future where AI is a trusted ally.

We feature the best employee management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Here are hints and the answers for the NYT Connections: Sports Edition puzzle for Aug. 25, No. 336

Immigration has become a political flashpoint as countries across the West try to cope with an influx of migrants seeking a better life.

(Image credit: Ben Birchall)

Here are the answers for The New York Times Mini Crossword for Aug. 25.

The lawyer for Kilmar Abrego Garcia, the man wrongly deported by the Trump administration to an El Salvadoran prison and then returned months later, says his client is now facing deportation again.

(Image credit: Alex Wong)

SpaceX wants to put the two-stage rocket's massive booster through its paces. The flight test comes as the multibillion-dollar Starship program has suffered a streak of failures this year.

(Image credit: Eric Gay)