|  By Razorthorn
Razorthorn has worked with wide range of technically savvy clients who are confident they would spot a fake, but confidence is exactly what makes deepfake fraud so effective. In 2024, a finance manager at engineering firm Arup transferred $25 million to fraudsters after taking part in a video call with what appeared to be his CFO and several colleagues. Every person on that call was fabricated. None of it was real.
  |  By Razorthorn
Your third party suppliers probably aren’t as secure as you think they are. SecurityScorecard’s 2025 Global Third Party Breach Report found that at least 35.5% of all data breaches in 2024 originated from third party compromises. That’s not a minor risk you can ignore. The numbers tell a stark story. But here’s what most organisations miss: the real figure is likely higher since many breaches aren’t disclosed or are mistakenly reported as internal incidents.
  |  By Razorthorn
Let’s get right to it: Razorthorn Security helps organisations achieve and maintain PCI DSS compliance through expert consultancy, gap analysis and preparation for formal assessment and has been recognised by Gartner as a market leader in PCI DSS QSA services. If you’re handling payment card data, you’ll need qualified support to navigate the 500+ controls that PCI DSS demands.
  |  By Razorthorn
Passwords were invented in the 1960s. Six decades later, we’re still using them to protect everything from email accounts to bank transfers to corporate networks. The problem isn’t just that they’re old technology, it’s that they were never designed for the world we live in now.
  |  By Razorthorn
Guest post by Capsule Cyber insurance has rapidly evolved from being considered a specialist offering to a critical pillar of modern risk management. Yet many businesses still misunderstand what it covers and just as importantly, what it doesn’t do.
  |  By Razorthorn
When it comes to cyber insurance for SMEs, many small and medium-sized enterprises believe that cyber insurance feels like an optional extra, not a necessity, something to worry about later. This risk-taking attitude is often driven by various common misconceptions: The opposite is often true. Smaller businesses are frequently seen as easier targets due to limited budgets, lean security teams, and less mature cyber defences.
  |  By Razorthorn
By James Rees, MD, Razorthorn Security The Digital Operational Resilience Act (DORA) isn’t just another regulatory hurdle to clear. It’s fundamentally changing how financial institutions think about operational risk, particularly when it comes to the third party providers that now handle much of their critical technology infrastructure. DORA third party compliance has become a critical priority for EU financial institutions since the regulation came into force in January 2025.
  |  By Razorthorn
By James Rees, MD, Razorthorn Security The artificial intelligence revolution isn’t coming. It’s here and it’s moving faster than anyone predicted. Children now trust ChatGPT more than their parents for information. AI-generated content is becoming indistinguishable from human work. Entire industries are being reshaped by technology that seemed like science fiction just a few years ago.
  |  By James Rees
The artificial intelligence revolution isn’t coming. It’s here and it’s moving faster than anyone predicted. Children now trust ChatGPT more than their parents for information. AI-generated content is becoming indistinguishable from human work. Entire industries are being reshaped by technology that seemed like science fiction just a few years ago.
  |  By James Rees
Continuous Threat Exposure Management (CTEM) is gaining increasing recognition as a crucial component for mature cybersecurity programmes. Both Gartner and Forrester have highlighted CTEM as “a strategic imperative,” underscoring its importance in addressing modern cyber risks. This recognition is well founded, as demonstrated by recent cyberattacks on major organisations including Marks & Spencer, Co-op, Harrods, the NHS and American healthcare institutions.
  |  By Razorwire Cybersecurity
A prompt injection attack through server logs becomes possible when hidden instructions are processed later by an AI log analysis tool. That turns normal logging into a possible data exfiltration path and gives attackers a new way to abuse LLM workflows without touching the main application logic.
  |  By Razorwire Cybersecurity
AI agents are creating a new penetration testing risk when they act beyond the tester’s intent and leave messy accountability behind. Once an agent touches email, tickets or workflows in a user’s name, legal, forensic and control problems start stacking up fast.
  |  By Razorwire Cybersecurity
Human in the loop AI security is failing because analysts are asked to review machine-speed output at human speed. AI now produces too many alerts, findings and decisions for manual review to remain the main safety control in modern cyber defence.
  |  By Razorwire Cybersecurity
Shadow AI is already inside many companies through unapproved AI tools, local LLMs and public AI apps used without oversight. That creates data security, governance and compliance risk because the business often has no clear view of what is being used or where sensitive information is going.
  |  By Razorwire Cybersecurity
Privacy is getting harder to maintain. Governments are expanding surveillance. But there are practical steps you can take right now to secure your digital life and protect your family. James Rees walks through exactly how to do it. From choosing an operating system to securing your email and banking to protecting your devices. It's not expensive and it doesn't require being a tech expert. Operating system choice matters. VPNs are non negotiable. Backup everything with MFA enabled. Diversify your bank accounts. Use credit cards instead of debit cards. And yes, keep some cash on hand.
  |  By Razorwire Cybersecurity
Third party risk management is breaking because AI writes the questionnaire and AI writes the answer. That leaves security teams with polished vendor responses, less proof, and far less confidence that supplier controls, governance and cyber risk are being measured honestly.
  |  By Razorwire Cybersecurity
Defence in depth has evolved every time the technology landscape has shifted. The internet, virtualisation, cloud, SaaS. AI is the next shift, and the old model isn't keeping up. Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined once again by Martin Voelk, co-founder of SpartanX and an ethical hacker with nearly 26 years in cybersecurity.
  |  By Razorwire Cybersecurity
AI agents and AI coding are creating a new software supply chain risk inside development teams. When coding agents pull code, prompts, skills and open source packages straight from GitHub, insecure code and malicious dependencies get much closer to production.
  |  By Razorwire Cybersecurity
This episode explores how defence in depth is changing in an AI enabled business world, where code driven systems, supply chain risk and offensive AI are moving faster than defenders can react. It looks at why human in the loop is failing, why visibility still comes too late, and what modern cyber defence needs to become next.
  |  By Razorwire Cybersecurity
AI is moving so fast that even security professionals feel they are staring over an event horizon without knowing what comes next. Public information alone is already unsettling, and the fear grows when you consider what is happening beyond open sources, from hidden capabilities to post quantum risk no one has fully mapped yet.

Razorthorn has a single purpose: to defend business-critical data and applications from cyber attacks and internal threats. Founded in 2007, Razorthorn has been delivering expert security consulting and testing services to some of the largest and most influential organisations in the world, including many in the Fortune 500.

Leaders in Cyber Intelligence:

  • Cyber Security Consultancy: Delivering professional and dedicated consultants to our clients, we are specialists in all areas of cyber security consulting. Whether you need help with cyber security compliance or require CISO services, we work closely with our clients to provide short term or ongoing support, in line with your requirements and budget.
  • Cyber Security Testing: It is essential to test your cyber security posture regularly, whether it’s a requirement for compliance or to ensure you are getting value for money from your cyber security solutions. In addition to pen testing, Razorthorn offer a comprehensive suite of cyber security testing services to ensure your data and business reputation is as secure as possible.
  • Managed Services: We provide 24/7 managed cyber security services, working as an extension to your in house team or as your dedicated managed services partner. You will benefit from the skills and expertise of our team, the cost efficiency and flexibility that comes with outsourcing to a specialist service provider.
  • Cyber Security Solutions: We work in partnership with hand-picked, industry leading solution providers, carefully selected for quality, effectiveness and to complement the services we offer.

Defending businesses against cyber attacks since 2007.