London, 19 January 2026 – Keith Poyser, Vice President for EMEA at cybersecurity firm Horizon3.ai, has issued a warning about the increasing gap between the aggressiveness of cybercriminals and state actors, and the capabilities of organizations to defend themselves. Poyser emphasized the urgent need for companies to shift towards proactive, offensive security measures in order to address this disparity.
According to Poyser, cybercriminals and state-sponsored threat actors are becoming more innovative and utilizing advanced technologies, such as artificial intelligence, to launch faster and more aggressive attacks. In contrast, many businesses still rely on traditional defensive methods, resulting in a widening gap that must be closed urgently.
This issue has come to the forefront as the UK prepares to introduce its new Cyber Security and Resilience (Network and Information Systems) Bill. The legislation, which was introduced to Parliament in late 2025 and is expected to progress through 2026, aims to strengthen the country’s cybersecurity framework. It will expand the scope of organizations required to meet higher cyber standards, enhance cyber-incident reporting requirements for faster notification to regulators during an attack, and grant regulators stronger enforcement powers to ensure compliance in essential and digital service sectors.
Poyser stressed that organizations must take proactive steps to strengthen their resilience and understand their true exposure, especially before regulations become even tighter. He recommended offensive security approaches, such as continuous, autonomous pentesting, as a means to stay ahead of attackers rather than reacting after the damage is done.
Poyser used a simple analogy to explain the shortcomings of traditional security models. He compared it to installing an elaborate alarm system in one’s home without ever checking if it actually works during a break-in. He stated that it is time for a fundamental shift towards offensive security methods, which include hiring professionals to test and identify weaknesses in a company’s defenses continuously.
Poyser explained that autonomous pentesting platforms, which behave like modern cybercrime groups by sharing intelligence and learning from each other’s successes, are now available to organizations. These platforms provide a realistic view of an organization’s weaknesses and how an attacker could exploit them, allowing for prioritization of security improvements.
Poyser emphasized the importance of having evidence rather than making assumptions in making cyber risk decisions. He stated that by aligning security validation with how attackers think and move, organizations can have a clearer understanding of their defenses and prioritize improvements.
About Horizon3.ai:
Horizon3.ai’s NodeZero® platform is trusted by leading global companies, critical infrastructure operators, and the US Defense Industrial Base to proactively identify and fix vulnerabilities and continuously improve cyber resilience. The company, founded by a team of US Special Operations veterans and industry experts, is headquartered in San Francisco and is the fastest-growing cybersecurity company in America.
For more information, please contact:
Stephen Gates – press@horizon3.ai
Website: www.horizon3.ai
Trademark notice: NodeZero is a trademark of Horizon3.ai
Follow Horizon3.ai on LinkedIn and X.
Media Contact:
euromarcom public relations GmbH
Email: team@euromarcom.com
Website: www.euromarcom.de
