
July 1, 2026
Hacker Hub - July 2026
Supply chain attacks are one of the fastest growing cyber threats. SMEs are frequently the entry point attackers use to reach larger targets. Here is what you need to know and what to do about it.
Read MoreA risk register is a log in its simplest form. It can take many forms, from very simple to massively complex, but fundamentally, it is where you record your risks to understand your current risk landscape; also, be aware that it will take a few passes to capture everything (and you’ll probably still miss stuff).
The main purpose is to document your risks and the actions taken to minimise them; this is a core way to satisfy the expectation of most legislation that you have applied due care and due diligence to your cyber security efforts to protect the data of your clients as well as your own valuable information.
Documenting allows you to prioritise your risks, ensuring the ones that could impact your business most are focused on.
Risk registers can be designed in various ways, from simple to massively complex, with multiple scoring vectors beyond the standard impact and likelihood.
But they should all have the following
And what a lot of people miss
Once you have defined your risk register, you must add risks. The first step is to identify the risk. Don’t think of risks as things you have missed; when you start this process, just document risks that could affect you; don’t think about the controls you already have. A good example of this is malware; almost every business will have some form of anti-malware, but it is always a risk; new malware is released daily, so the threat is always present, even if the risk is low due to your anti-malware controls.
Closed risks should be reviewed using the same principles. However, the threat landscape changes, and what worked at the point of treatment may no longer be enough. This is why routine review and monitoring are important.
Once you create your register then, here are some good practices to follow to ensure it brings value to the business in the long term
Having a good risk management strategy (read more here) and a well defined risk register (download one for free here) is vitally important to all businesses.

July 1, 2026
Supply chain attacks are one of the fastest growing cyber threats. SMEs are frequently the entry point attackers use to reach larger targets. Here is what you need to know and what to do about it.
Read More
June 1, 2026
Five of the most common cyber threats targeting small and medium-sized businesses today, explained in plain English with practical steps you can act on right now.
Read More
June 1, 2026
AI tools are now accessible to attackers and defenders alike. Anthropic's Mythos model proves the game has changed. Here's what that means for your business.
Read More