To stay ahead of fast-moving cyber threats and vulnerabilities, consider the resources below

• For regular news and threat intelligence, consider subscribing for free to the Cyber Daily by Recorded Future News.

• For more technical content, consider subscribing to a weekly newsletter published by the CTO at NCSC, Ollie Whitehouse, on Cyber Defence Analysis.

AI regulation is rapidly becoming a determinative factor in how AI can be adopted, governed, and secured, shaping risk appetite, investment priorities, procurement and third-party assurance.

• The National Institute of Standards and Technology (US) published an “Initial Public Draft” of the Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile) in December 2025. Recommended for structuring AI-related cyber risk discussions and to prioritise actions across securing AI, AI-enabled defence, and AI-enabled threats.

• UK Code of Practice for the Cyber Security of AI. Reference for executive accountability, procurement, and risk committees as a practical baseline to set minimum security requirements for AI systems and to drive consistent supplier and internal delivery expectations.

• EU Artificial Intelligence Act): Source for EU obligations that affect organisations deploying or building AI, including governance, documentation, monitoring and security-related expectations. 

• ENISA (EU): Framework for Cybersecurity Practices provides an implementation-oriented framework to translate “secure-by-design” AI intent into concrete practice.

• The OECD.AI Policy Navigator is a global live database of AI initiatives and policies, updated regularly by OECD’s official contact points from countries and international organisations and experts.

Post-quantum cryptography is the next generation of encryption designed to withstand future quantum attacks. It’s adoption should be treated as a time-bound resilience program.

• The UK National Cyber Security Centre has published an enterprise-facing timeline for migration to PQC, which sets clear planning milestones to help organisations structure a phased transition.

• The PQC Initiative of CISA (Cybersecurity & Infrastructure Security Agency) in the US provides practical, operational guidance and coordination resources, especially for critical infrastructure and large enterprises, to assess quantum risk, build crypto-inventories, and plan a structured PQC migration.

• The NIS Cooperation Group in the EU has published a Coordinated Implementation Roadmap for the Transition to PQC, which outlines recommended actions and indicative target dates to organise PQC transition plans, prioritise high-risk use cases, and complete broad migration over the coming decade.

These frameworks help set direction for cyber resilience, test assurance, and track progress—without requiring deep technical expertise.

• The UK Cyber Governance Code of Practice sets out five principles, backed by practical actions, to help strengthen cyber resilience, improve oversight, and evidence good governance to stakeholders.

• The UK National Cyber Security Centre (NCSC) has published a Cyber Security Toolkit for Boards, providing a common language for structuring cyber risk management and reporting across organisations and supply chains.

• The National Institute of Standards and Technology (NIST) Cyber Security Framework (CFS), published by the U.S. Department of Commerce provides a globally referenced framework for running and governing cybersecurity, including risk, accountability, and assurance.