When the Threat Moves Daily and the Law Moves in Years | An Interview with James Morris | Redefining CyberSecurity With Sean Martin — On Location at InfoSecurity Europe 2026 cover art

When the Threat Moves Daily and the Law Moves in Years | An Interview with James Morris | Redefining CyberSecurity With Sean Martin — On Location at InfoSecurity Europe 2026

When the Threat Moves Daily and the Law Moves in Years | An Interview with James Morris | Redefining CyberSecurity With Sean Martin — On Location at InfoSecurity Europe 2026

Listen for free

View show details
PODCAST EPISODE | Redefining CyberSecurity With Sean Martin — On Location at InfoSecurity Europe 2026 On Location With Sean Martin And Marco Ciappelli The UK’s threats change by the day. Its laws change over years. Sean Martin sat down with James Morris — former Member of Parliament, now Director of the CSBR — to ask how a government writes cyber policy fast enough to matter, and why “resilience” has quietly stopped being a technical word. 📺 Watch | 🎙️ Listen | https://www.itspmagazine.com/infosecurity-europe-2026-infosec-london-cybersecurity-event-coverage A threat that updates every morning. A legislative process that measures itself in years. Somewhere between those two clocks sits the whole problem of cyber policy, and most of the time we pretend the gap isn’t there. When Sean Martin sat down with James Morris at InfoSecurity Europe, that gap was the quiet subject under everything they discussed. This is Sean’s territory, the place where cybersecurity stops being a lab problem and becomes a business and a political one. Morris knows it as well as anyone. He spent fourteen years as a Member of the UK Parliament, fought five elections, served under five prime ministers, and chaired the cross-party group on cybersecurity before leaving to run the CSBR, an independent policy centre working at the seam between cyber and resilience. What struck me, listening back, is how little of their conversation was actually about technology. The UK has a Cyber Security and Resilience Bill moving through Parliament. It was introduced more than a year ago. It still won’t be operational for the better part of another year. Meanwhile the world it was written for has already moved: AI went mainstream, alliances shifted, and the head of GCHQ began saying out loud the kind of thing intelligence chiefs usually keep behind closed doors. You cannot legislate at that speed, so the government did the only thing a slow system can do when it fears the future. It gave itself the power to act later. More discretion, more designation, more reach from the top. Sensible, maybe. But Morris names the cost, and it is the part I keep turning over. A law written from the top down only works if the people at the bottom believe in it. Otherwise companies perform compliance instead of building resilience, gaming the enforcement regime rather than getting safer. The letter without the spirit. Then there is the word itself. Resilience used to mean power plants and railways, the critical national infrastructure everyone pictures. But when Marks & Spencer and Jaguar Land Rover were knocked sideways by breaches that wouldn’t even fall under the new bill, the definition cracked open. Resilience, Morris argues, is really about the underpinnings of an economy. And almost as an aside, he extends it to the resilience of the political system itself, a system that burns through leaders and demands answers by the next news cycle. That line belongs in a sociology seminar, not a cyber panel. Because the deepest vulnerability he describes is not a zero-day. It is an attention span. We have built institutions optimized for the short term and handed them a problem that only yields to patience. The threat is fast. The fix is slow. Our politics rewards fast. I grew up in a city that took more than a century to finish a single cathedral. Nobody who laid the first stone lived to stand under the dome. That kind of time has gone out of fashion, and cyber resilience is exactly the sort of thing that suffers for its absence. So what do we carry forward, and what do we leave behind? Morris offers the practical half of the answer to business owners: stop treating this as an IT task to delegate, move it into the boardroom, rehearse the breach before it happens, and plan for the day the press is on your lawn. The harder half is cultural. We have to relearn patience inside systems built to forget it. Sean’s full conversation with James Morris is linked below, along with the rest of our InfoSecurity Europe coverage. It is worth your time. Let’s keep thinking. — Marcohttps://www.marcociappelli.com Co-Founder ITSPmagazine & Studio C60 | Creative Director | Branding & Marketing Advisor | Journalist | Writer | On Location With Sean Martin And Marco Ciappelli | 🌎 LAX🛸FLR 🌍 About the Host Sean Martin, CISSP, is the co-founder and Director of Operations and Programming at ITSPmagazine, and the host of the Redefining CyberSecurity podcast. An information security and technology veteran of more than thirty years and a multiple-time CISSP, he led engineering and delivery for hundreds of cybersecurity products before turning to journalism and broadcasting. Through Redefining CyberSecurity he keeps pressing one question: if we are selling security insincerely, buying it indiscriminately, and deploying it ineffectively, how do we make it usable, honest, and a real source of business value? He teaches at Pepperdine’s Graziadio Business School ...
adbl_web_anon_alc_button_suppression_t1
No reviews yet