Brightsides.uk

Category: Uncategorized

  • Last Week’s Financial Round-up 08/09/25

    Gold pricing reached a new peak above $3500, alongside an 8.10% expansion in equity from Fresillo, a Mexican silver mining company incorporated in the UK which was one of the week’s high performers and infrastructural investment represents an effective counterpoise to gold contracts.

    According to the Times, growth obstacles for UK listed companies comprising “tax rises, slowing wage growth and sticky inflation” are affecting several service providers.

    Bunzl, for example, which sells PPE and sanitary equipment to healthcare and health and safety providers, as well as packaging, was poised to take advantage of new overseas markets as M&A revenue and adjusted operating profit for the year increased 7.9% with conversions indicated 3.1% revenue growth on an 8.3% operating margin.

    In its annual report, Costain reported cash from operations in FY24 was £41.7mn, (FY23: 69.6mn), resulting from “increased operating profits offset by year-end timings of certain cash receipts at the end of year FY23 and FY24, together with some end of contract outflows in FY24.”

    The company cited the “timing of year-end working capital” as well as “higher tax and capital expenditure payments” on investment in new systems and “higher cash flows on adjusting items”, although meeting the pension contribution deficit may have a detrimental effect on liquidity.

    Inflation proxy indicators

    Indeed, the CPI for July stood at 3.8%, up from 3.6% for June. The RPI, excluding the costing change in fuel and energy, was 4.8% for July, an increase from 4.4% yoy growth for June. The Producer Price Index (PPI) provides forward-looking outlooks of upcoming price increases based on slack vs actively engaged capacity, and acts as a measure of manufacturing inflation.

    The Purchasing Manager Index (PMI) provides an indication of future orders and growth outlook based on forward-looking pricing on manufactures and services.

    Trump’s foreign policy this month have not affected appetite for US 10-year Treasuries, which were stable as the return on Treasury bills, which must be held for 10 years until maturity, increased by 1bp from 4.27to 4.28.

    The coupon paid out on UK 10-year gilts rose from a yield of 4.84 the preceding week to 4.90 correct as of 2 September, reflecting market speculation surrounding suggested tax cuts to be announced in the Budget on 26 November, which may contain a new wealth tax to meet the current spending shortfall.

    Note that the Sentix Investor Sentiment Index, published today on forexfactory, was at -9.2 vs a forecast of -2.2; whereas the forecast for August was actually positive, and forward-looking analysts put the prediction at 6.2 where the actual value, predicated on a diffusion index based on surveyed investors and analysts, was -3.7.

  • Making sure your employees are a culture fit, with weighted benchmarking of firm’s offering

    According to the Kets de Vries Institute, the organisational culture audit is comprised of 13 core performance indicators. The patented reporting framework has modern usage cases, given that sticky wages are not keeping pace with Consumer Price Inflation (CPI), with services inflation at 5% in August, with the aggregated figure at 3.8%, its highest peak since January 2024.

    At Bloomberg, commentator Marcus Ashworth pointed out that the jobs market has seen a decline, with a net loss of 165,000 jobs in the period following Rachel Reeves’ October Budget, with higher employer NI contributions at a lower earnings threshold deterring firms from making new hires.

    One of the acknowledged remedies for a shortfall in new hires is to increase employer bargaining power, as a demonstrably productive work culture is a magnet for skilled service workers who are looking for a ‘best fit’ for their in-demand skills set.

    Internal training programs can enhance vertical progression within an organisation, or even horizontal traversing the internal divisions where a skills match is found with new vacancies. However, funding and promoting up-skilling is just one way firms can differentiate themselves to potential employees.

    A survey published first in 2018-19 by the Kets de Vries Institute looked at the disparity between where organisations believed they stood with regard to the benchmark, and the actual value assigned by the culture auditors. These parameters were stacked and weighted against the total sample percentage of answers to the organisational culture audit questionnaire.

    It is interesting to note that 3.80% of respondents stated they put their highest priority on capturing market share; and the same percentage agreed that “We gather information on what our competitors do on a regular basis”.

    In fact, the largest discrepancies fell in the parameters of competitiveness, with a 0.71% difference between the level at which it was practised, and how highly it was valued by respondent companies. On the flip side, ‘fun’ was found to be practised at a higher level than the value accorded to it, with a -0.64% variant value.

    Entrepreneurship’s actual value assigned was 0.56% lower than the organisations ranked it in terms of importance, and result orientation carried a 0.51% differential.

    These are both areas where respondents were aware that clearer guidelines need to be set in assigning R&D capital, registering patents and, where results cannot be accurately quantified in relation to Internal Rate of Investment (IRR), more communication with employees with regards to results expectations and how key performance indicators (KPIs) are assigned and ranked in order of importance.

    On the practice questions, 4.13% of respondents agreed that “Obtaining targeted results is a top priority in our organisation”, with the same percentage acknowledging that rewards were strongly performance-based.

    Client orientation was another area where the actual benchmark value assigned by the Kets de Vries Institute fell short 0.36% of the value attributed to its importance to respondent companies. In contrast, social responsibility had an actual value assigned which was -0.36% of where it was ranked in order of importance. It is clear that having an up to date Customer Relationship Management (CRM) system which employees can dynamically interact with in making sales and other offers like contracts or services is an area for improvement. A salesforce is only as good as its intel, so to prevent your employees chasing dead leads be sure to perform strategic analysis on target clients.

    The sample was categorised according to the responder’s level of seniority, and of their geographical distribution. In terms of the official hierarchy of respondents, they comprised of 5 figures from senior management, representing 33.3% of the sample; 7 figures from middle management, comprising 46.7% of those sampled; and 3 which were TMT forming 20% of the sample surveyed.

    Asian company representatives formed 20% of the sample (3 respondents), Europe 26.7% (4 respondents), 3 from the Middle East comprising 20% and 5 from N. America representing 33.3% of the sample surveyed.

    1sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwioruOywZ6PAxWdUUEAHYKWK5AQFnoECDcQAQ&url=https%3A%2F%2Fkdvi.com%2Fwp-content%2Fuploads%2F2024%2F01%2FOCA-EN-sample-Report.pdf&usg=AOvVaw2j0j7eBFBbYPmSrtTMHO8o&opi=89978449

  • Pao Alto Networks SecOps white paper – executive summary

    Utilising GenAI and machine learning helps in operational deployment at scale, where previously it was among the top 5 KPIs, now SecOps teams are reporting “more efficient threat detection and response”, in key areas: 

    • Extended detection and response (XDR) 
    • Security information and event management (SIEM) 
    • Addition of GenAI engineering on platforms improves operational efficiency. 

    To gain further insights into these mega-trends and other developments in the security operations space, TechTarget’s Enterprise 

    Strategy Group surveyed 366 IT and cybersecurity professionals at large midmarket and enterprise organizations in North America 

    (US and Canada) involved with security operations technology and processes 

    The top 6 SecOps challenges were: 

    1. Monitoring security across a growing and changing attack surface (42%) 
    1. Managing too many disconnected port tools for security analytics and operations, making it difficult to piece together a holistic strategy and investigate complex threats (33%). 

    However, more than 

    half (55%) of organizations report that consolidation efforts 

    are streamlining the management and operations of the 

    many security tools and processes in use. 

    1. Operationalising cyberthreat intelligence (33%) 
    1. Spending too much time on high-priority or emergency issues and not enough time on strategy and process improvement (32%) 
    1. Detecting and/or responding to security incidents in a timely manner (31%) 
    1. Gaining the appropriate level of security with cloud-based workloads, applications, and SaaS. (31%) 

    Areas for improvement include: 

    Detecting or hunting for unknown threats (32%) and being able to visualise the threat landscape in targeting a reaction to integrated systems’ embedded rewrites by bad actors (36%). 

    Another core performance indicator was “keeping up with” a changing infrastructural service offering (27%) and ensuring a proportionate and targeted response based on threat priority analysis (27%). This was seen as an essential precursor for complying with regulatory compliance or corporate governance requirements (26%), on data brokerage and disclosure of known systemic threats. The timing of the response was also deemed important, with 25% stating it could be improved. 

    Maintaining a database of known threats is de rigueur for the majority of participants, most of whom say managing a growing data security set – 77% say this is not something they struggle with. Engineering automation was also an area just 18% of respondents would label an area for improvement, while 24% were concerned what the efficacy of stress testing patches and system updates deployed in the cloud in a reactive SaaS managed offering. 

    An estimated 80% of respondents were happy with their ability to triage threats before escalating them. 

    Know your toolset 

    At the moment, around 91% of organisations reported the usage of a minimum of 10 SecOps tools, though 30% have recently consolidated their offering to ensure systemic integration for existing and pipeline data protection solutions. 

    Nearly 9 in 10 respondents already using an XDR solution (64% of the sample) expect them to supplement vs replace SIEM and other SecOps tools; for XDR solutions still in development, reported 21% of the sample. 

    Drawbacks of SIEM solutions were cited as exorbitant costing on software licensing as the threat catalogue expands and requires consistent patching (32%); the expertise required to perform more advanced analytics than that sold over the counter (OTC) (32%); and that the context of threat intelligence to business processes was often overlooked (23%) as the process hinged on detecting rule creation in dynamic response to events (25%) which must be constantly redefined as the threat evolves. 

    Continuous threat monitoring and management were seen as a key component of 

    gaining appropriate levels of security oversight 

    with cloud-based workloads, applications, and SaaS moved up in terms of the number of organizations prioritizing it as an issue, reflecting continuing growth and change in cloud 

    infrastructure and applications. 

    Key drivers of these consolidation campaigns were cited as: cost optimisation (39%), reducing tools management overhead by simplifying and streamlining the offering (35%); and the desire to enhance more advanced threat detection capacity (34%).  

    The context of the threat, say respondents, can be lost in the weight of the response, with the security operations stack generating an “unmanageable” load of alerts (33%), and in parallel with this target was the desire to “reduce overhead associated with point tools integration, development and maintenance” (32%), so that after threats are ranked in terms of their potential damage to the system, permanent threat management plug-ins can be worked in which are reactive and deliver a cost-effective solution which is proportional to the degree of the threat and can be dynamically re-adjusted. 

    In terms of data governance in repositories, 

    • 43% are in centralised silos 
    • 47% are in “more centralized, but some distributed or federated data” 
    • With just 7% using distributed ledger technology 
    • And 3% with the majority of data either distributed or federated, but with some centralised data. 

    In relation to XDR response tools, the survey found that 39% of respondents found current tools were not appropriately assimilated, meaning threat detection was “more cumbersome” than it should have been; while 35% noted specific “gaps” in cloud detection and response. 

  • Analysis of Developing country debt finance initiatives, with the outcome of the 2025 Sevilla Conference 13th June to 3rd July.

    Key points: 

    • 93% of the most Climate Vulnerable Countries (CVCs) face a debt crisis. 
    • Many spend up to 5x the amount of budget allocated to addressing climate change on serving debts. 

    One case study is Kenya, which after the pandemic in 2020 applied via the IMF for an austerity funding package, and was forced to cut public spending by 15%. 

    Nowadays, 35% of its debt is to private creditors such as Citigroup, Standard Bank and BlackRock. These lenders charge interest rates of up to 10.4%. 

    A recent Oxfam report found that for every $1 the IMF recommended low-income countries spend on public goals that promote development and wellbeing, they were instructed to cut four times more via austerity measures. 

    Another case study is Sierra Leone, where overseas capital after the civil war meant its public debt swelled from $1.2bn in 2002 to $1.9bn in 2022. Around 73% of the country’s foreign debt is owned by multilateral institutions such as the World Bank and the IMF, which refused to grant debt relief.  

    The value of its currency has depreciated 50% in 2023. Public spending was slashed in the aftermath. Almost 70% of children in Sierra Leone live in poverty, with parents unable to afford school fees. 

    In 2020 the UK passed the Debt Relief (Developing Countries) Act, which impelled private creditors to engage in debt relief under the 1996 heavily indebted Poor Countries (HIPC) initiative. 

    “A subsequent government review found the legislation to have been a success and to have had no adverse consequences for the UK economy. With the HIPC initiative now outdated, new legislation is urgently needed to apply to the current G20 Common Framework.” 

    p.12 ‘Jubilee 2025 – the New Global Debt Crisis’ 

    The Jubilee 2025 global debt crisis report calls for Special Drawing Rights – a financial tool composed of a diversified basket of widely traded currencies – to be more widely available. 

    (see ‘Public Climate Finance provided: an analysis by financial instrument’, 2020/ ‘Climate Finance Provided and Mobilised by Developed Countries in 2016-20′ 

    Finance by private lenders often comes with onerous interest rates due to the perceived risk of the investment, yet when the borrower defaults private venture capitalists refuse to engage in debt relief, leaving governments and multilateral lending facilities to finance the cost of bailout. 

    Climate change finance in 2020, according to OECD data, comprised just 26% in grants vs loans which have coupon payments priced in on the input capital in a forward-looking structure to make profit from the cost of capital.  

    OECD figures capture four distinct components of climate finance provided and mobilised by developed 

    countries: (i) Bilateral public climate finance provided by developed countries’ bilateral agencies and 

    development banks; (ii) Multilateral public climate finance provided by multilateral development banks and 

    multilateral climate funds, attributed to developed countries; (iii) Climate-related officially supported export 

    credits, provided by developed countries’ official export credit agencies, and (iv) Private finance mobilised 

    by bilateral and multilateral public climate finance, attributed to developed countries. 

    The report was jointly prepared by the OECD’s Environment and Development Co-operation Directorates. 

    It also benefited from dedicated 2020 data inputs by the OECD Trade and Agriculture Directorate (for the 

    majority of export credits) as well as donor countries (provision of 2019-2020 bilateral public climate finance 

    in advance of UNFCCC reporting, delayed to later in 2022). 

    Key findings: 

    Recap of 2020 figures and aggregate trends 

    USD 83.3 billion was provided and mobilised by developed countries for climate action in 

    developing countries in 2020. While increasing by 4% from 2019, this was USD 16.7 billion short 

    of the USD 100 billion per year by 2020 goal. 

     In 2020, public climate finance (both bilateral as well as multilateral attributable to developed 

    countries) grew and continued to account for the lion’s share of the total (USD 68.3 billion or 82%). 

    Private finance mobilised by public climate finance (USD 13.1 billion) decreased slightly compared 

    to earlier years, while climate-related export credits remained small (USD 1.9 billion). 

    Mitigation finance still represented the majority (58%) in 2020, despite a USD 2.8 billion drop 

    compared to 2019. Adaptation finance grew, in both absolute (USD 8.3 billion increase compared 

    to 2019) and relative terms (34% in 2020 compared to 25% in 2019). Such an increase is, to a 

    great extent, the result of a few large infrastructure projects. Cross-cutting activities remained a 

    minority category (7%) almost exclusively used by bilateral public providers. 

     Mitigation finance focused mainly (46%) on activities in the energy and transport sectors. In 

    contrast, adaptation finance was spread more evenly across a larger number of sectors and 

    focused on activities in the water supply and sanitation sector, and agriculture, forestry and fishing. 

    As in all previous years, loans accounted for over 70% of public climate finance provided (71% or 

    USD 48.6 billion in 2020, including both concessional and non-concessional loans). The share of 

    grants was stable compared to 2019 (26% or USD 17.9 billion). Public equity investments 

    continued to be very limited. 

     Over 2016-2020, climate finance provided and mobilised mainly targeted Asia (42%) and middleincome 

    countries (43% and 27% for lower- and upper-middle-income countries respectively). 

    Further, 50% of the total was concentrated in 20 countries in Asia, Africa and the Americas that 

    represented 74% of all developing countries’ population. 

    Mobilisation of bi-lateral finance initiatives depend on indigenous institutions’ ability to structure project finance deals with repayments assured, in meeting creditors’ requirements for return on principal by integrating multiple funding channels as each project enters its operational development phase. The loan may be collateralised with the cost of equipment subject to fixed or floating charges, and revenue streams must be channelled appropriately via so-called ‘waterfall’ or ‘mezzanine’ financing.  

    The report states that 

    Grants represented a much higher share of finance for adaptation and cross-cutting activities than for mitigation between 2016 and 2020. Grants typically support capacity building, feasibility studies, demonstration projects, technical assistance, and activities with low or no direct financial returns but high social returns. Public climate finance loans are often used to fund mature or close-to-mature technologies as well as large infrastructure projects with a future revenue stream, which are predominant for mitigation finance as well as in middle-income countries. 

    Grants represented a larger share of climate finance for SIDS, LDCs and fragile states, compared to developing countries overall. Countries within these three categories often present economic and socio-political conditions that do not favour loan-based finance due to limited absorptive and repayment capacity. Recipient institutions and projects in middle- and high-income countries tend to have a relatively higher capacity to seek, absorb, deploy and repay loans. 

    A common fallacy is that development finance is often mis-allocated or appropriated by illegitimate and/or corrupt regimes. In fact, after the Jubilee 2000 campaign for fair development finance, in nations where debts were cancelled the proportion of children finishing primary school went from 45% to 66%, the report claims. 

    The Jubilee 2025 report calls for the following actionables: 

    1. Private creditors legislation to be updated. 
    1. Systemic change of the IMF ensuring fairer (more proportional) allocation of voting rights. 
    1. A public global debt registry, to hold all borrowers and lenders accountable.  

    “Legislators in key financial centres like the UK and New York could introduce requirements that make loan enforceability contingent about timely disclosure in the registry. It should be independent from lenders and borrowers and could sit within a UN framework.” 

    Cites EURODAD, Bogota Declaration, 2023 (see extracts below) 

    1. Automatic debt cancellation following a natural disaster or economic crisis. 
    1. Comparable treatment for all creditors. A system to be introduced whereby those setting lower interest rates on repayment not to be required to service debt relief in the same proportion as those setting higher repayment rates. 
    1. A new global debt framework, as with the 2023 UN Tax Framework Convention, passed by the UN General Assembly, where the 4th International Financing for Development Conference timetabled for June 2025 could provide a springboard for further legislative change. 

    Global south CSOs demand justice and a change to the rules on debt and financial architecture – Eurodad 

    The poly-crisis facing Global South countries is reversing hard-won gains in poverty reduction as deep fiscal consolidation and austerity programmes dominate macroeconomic policy. Global debt policies launched by the IMF and the G20 failed, and many Global South countries are required to service multilateral, bilateral, and private sector debt crippling their ability to respond to domestic socio-economic pressures, and in effect de-invest in public services. 

    Global South’s constraints are both historical and contemporary. The colonial and neocolonial order continue through soft diplomacy and drip dependency in the form of official development assistance, foreign direct investment, and the promises of billions from the Global North private sector; coated with policy interventions that have seemingly targeted creating a hospitable environment for foreign capital to enter and exit Global South with minimal values being retained on Southern countries. This extractivism in policy advice has been long argued as contributing to the underdevelopment of the Global South. 

    We are alarmed that Southern countries remain locked in a vicious cycle of debt, climate, and extractivism, which deepens their dependence on commodities, increases environmental harm, and at the same time, sustains the uneven power structures between North and South, between lenders and borrowers…. 

    The 70 delegates assigned to the Bogota declaration, which was hosted by Columbia on 20-21 September 2023, represented experts and activists from civil society organisations, social campaigners, 

    and pan-national networks . 

    We, as CSOs and networks that historically work on debt across the globe, demand to 

    decision makers at national, regional, and global levels: 

    • Reform of the global debt architecture that addresses unsustainable and illegitimate 

    debts, by bringing transformative change to the current unfair and persistently 

    unbalanced rules. Towards this end, we further demand: 

    OUTPUT DOCUMENT 3 

    o Automatic debt service cancellation mechanism that protects countries of 

    the Global South from extreme events related to political, climatic, 

    environmental, economic, and security shocks. 

    o Improved debt contracts aligned with responsible borrowing and lending 

    principles, including state contingent clauses, such as climate or pandemic 

    clauses. 

    o Binding responsible lending rules for all creditors, including private lenders of 

    sovereign debts. 

    o The elimination of austerity and fiscal consolidation measures and IFIs’ 

    conditionalities. 

    o Advance towards the establishment of a fair, independent, transparent, timely 

    and binding multilateral framework for debt crisis resolution (under the 

    auspices of the UN and not in lender-dominated arenas). 

    Recent data publicly available on lending structures in Sierra Leone reported that the share of development cooperation that used budgeting execution procedures was 1 in a ratio of 1 to the use of auditing procedures. However, financial reporting procedures were used by 0 participants in PFM systems, and just 0.21 used procurement systems.  

    Forward spending plans were not dated more than 1 year in advance, with medium-term spending forecasts of two to three years virtually nonexistent, although the share of development cooperation on the national budget was at a ratio of 1:1:1 comprising reporting to the international management system, reporting at the expected frequency, and provision of the information requested. 

    The extent of parliamentary oversight on development cooperation stood at a ratio of 0.5:1 with respect to the regular provision of development information to parliament. The share of development cooperation reported on the international budget was 0, although the legal and regulatory environment for CSO was recorded at 0.75, resulting in CSO development effectiveness rated at 0.63. 

    The Sevilla Platform for Action on debt relief, resulting from the global consultation and consensus from the 13th June to the 3rd July, follows while the International Business Program alongside the development aid review assembled private sector stakeholders to ensure they are engaged with decision making related to debt structuring, project finance and initiatives to enhance global trading links. 

    The manifesto states its mandate (to): 

    1. To catalyze investments at scale and close the SDG financing gap, initiatives will help countries mobilize tax revenue; scale up blended finance, including guarantees, and local currency lending by MDBs; and increase financing for crisis response. 
    1. To address debt challenges, initiatives include a global hub for debt swaps for development; a ‘debt pause clause alliance’ to incorporate such clauses in lending; and a borrowers’ forum. 
    1. To support architecture reform at national and global levels, initiatives include a coalition of countries and institutions for country led and owned platforms; a coalition of countries that will include measures of vulnerability beyond GDP in all financing operations; and efforts to update the role of development cooperation at the global level. 

  • Capital Gains Tax Exemptions. Learn how to avoid CGT on qualifying investments and settlements
  • Travel Insurance – do you need policy add-ons?

  • Enjoy Gartner’s Strategic Roadmap for Managing Threat Exposure | Bitsight 

    Enjoy Gartner’s Strategic Roadmap for Managing Threat Exposure | Bitsight 

    Key Findings 

    • Having a place to record and report potential impact of breaches based on a value-add assessment of the output of a continuous threat exposure management (CTEM) process enables tangible risk reduction which adds value to the organisation.  
    • Containment of risks to security can be conducted by a variety of methods comprising simulation, configuration assessment as well as formal testing, meaning unknown vulnerabilities can be detected and analysed at different points in the workflow process  
    • The solutions timetabled should be communicated to the management team promptly, and consulting on the adoption of mobilisation processes enables a positive feedback loop on proposed patches’ success rate. 

    Security and risk management leaders, especially CISOs, establishing or enhancing EM programs should: 

    • Build exposure assessment scopes based on key business priorities and risks, taking into consideration the potential business impact of a compromise rather than primarily focusing on the severity of the threat alone. 
    • Initiate a project to build cybersecurity validation techniques into EM processes by evaluating tools such as breach and attack simulation, attack path mapping and penetration testing automation products or services. 
    • Engage with senior leadership to understand how exposure should be reported in a meaningful way by using existing risk assessments as an anchor for these discussions, and by creating consistent categorization for discoveries that are agreed with other departments in the organization. 
    • Agree effective routes to resolution and prioritization characteristics before beginning to report new discovered exposures by working with leaders of adjacent departments across the business in areas such as IT management, network operations, application development and human resources 

    Strategic Planning Assumptions 

    Through 2028, validation of threat exposures by implementing or assessments with security controls deployed will be an accepted alternative to penetration testing requirements in regulatory frameworks. 

    Through 2026, more than 40% of organizations, including two-thirds of midsize enterprises will rely on consolidated platforms or managed service providers to run cybersecurity validation assessments. 

    The report emphasized the importance of a comprehensive internal policy where decision makers are held accountable and where the management team co-operates with strategic campaigns which are consistent with the business’s key objectives as regards managing the threat of professional exploits exploiting internal penetration points.

    It insisted, “security must ensure that controls are aligned with the organization’s overall strategy and objectives, and provide clear rationale and prioritization for its objectives and activities. “

    “Without impact context, the exposures may be addressed in isolation, leading to uncoordinated fixes relegated to individual departments exacerbating the current problems.”

    A CTEM program concurrently runs multiple scopes simultaneously; scoping is a focus for reporting rather than the extent of the program’s reach (see Figure 2), as any number of scopes can be run concurrently via the ‘master scope’ which categorises threats in a translation of code debugging jargon; and a sub-scopes with a higher degree of technical explanation.

    Breaches can occur from a variety of points, specifically

    • Third-party applications and services — such as SaaS, supply chain dependencies and code repositories. 
    • Authentication — both applications, third-party services and adjacent authentication solutions such as authentication keys for API-driven systems. 
    • Consumer-grade services — social media/brand-impacting communications. 
    • Leaked data — covering both data stored in deep/dark web forums and self-leaked data via employee actions, password reuse or poor information hygiene. 

    Risks can be assessed based on external stakeholders’ access level to data, modern identity management i.e. one which uses MFA in a dynamically readjusting framework; operational technology (OT) and Internet of Things (IoT) systems; ensuring that potential penetration via exploitable access pathways is contained and the reputational damage as well as business disruption is minimised. 

    An illustrative example of how to map known and unknown threats co-locates them within the business infrastructure by siloing assets outside of core security controls as and when these interlap with both assets with business-critical apps, as well as assets with exploitable vulnerabilities, providing a heat-map of high-priority risks. 

    Application scanning is performed in the form of a test penetration by rearchers to exploit known vulnerabilities, using either authenticated or unauthenticated logins to gain access. 

    Assets which are discoverable within the IP address range, or subnet, are often layered and the task comprises categorising core available services – those actively promoted by the company – as well as system updates which may be corrupted or out-of-date. 

    The report acknowledges that 

    the scope of such scans is limited only to infrastructure that can be discovered in a closed or targeted business-managed environment 

    So external access to the software or platform is not scoped as is not in range of discoverable assets needing protection. 

    Whilst internal benchmarking scoreboards used to identify the threat level are an essential component of threat-mapping, the report emphasized that threat actor motivation and commercial or ‘public interest’ availability of the corrupted patch or platform version be accounted for. This enables a solution to be negotiated where the exploit is published on common security breach platforms. 

    The report’s authors stress that while determining the accessibility of discovered issues is necessary to limit exposure to fresh exploits, the end result to the business’s normal operations should also be considered in the context of the cost of disruption. 

    Attack-path mapping is predicated on Risk-based vulnerability management (RBVM, of which an Exploit Prediction Scoring System (EPSS) provides a benchmark quantifying the success of subsequent controls in retrograde, whether these are automated still ensures dynamic adaptation of security patches working within the system’s pre-existing schema for data storage and brokerage where third-party stakeholders have privileged access.  

    The default mode of a Common vulnerability scoring system (CVSS) enables an Attack Surface Assessment (ASA) which does involve impact mapping onto core internal and external stakeholders, but even with the intelligent design of a Security Configuration Management (SecCM), without dynamically re-adjusting system controls the problem of unauthorised access will only be contained with regard to known vulnerabilities and comprises legacy infrastructure that is still open to new exploits yet to be developed and deployed. 

    The Chief Information Security Officer must develop a forward-looking process of data collection and analysis of the extent of exposure is essential to containment and continous monitoring of risks; response plans should be prepared in advance, and these aligned with key performance indicators for the business as a whole, as well as having a reasonable probability of successful uptake. 

    To avoid remedial measures deployment being lost in translation to strategic decision-makers within the organisation, the report emphasized that 

    reporting and communicating with senior leadership is a key element to the success of any exposure management process, such reporting needs to be nontechnical, actionable and regularly updated. 

    In creating a ‘single picture of risk’ which is migrated into vulnerable system components, security researchers are required to work towards an effective solution benchmarking method which keeps workload within manageable parameters, that is to say to 

    “Limit the scope of a target set to ensure its manageability and applicability for the long term, ensuring that the scope is broad enough to highlight a business-linked problem and not an individual system issue.”

    The report emphasised that known security issues should be categorised based on a cascading scale of potential consequences, with descriptive labels that are information-relevant and not alarmist, like “ransomware”. Security researchers can take ownership of high-impact problems, to ensure the threat is actively monitored and software additions are dynamically readjusting to both the nature of the threat and the potential impact of “business interruption.” 

    The report concludes that 

    “Communicating demonstrable risk reduction benefits through a single management platform is more achievable than attempting to deliver identification and resolution of discovered issues in silos. Armed with a place to measure benefits from risk reduction activities, CISOs can surface the greater value of the security operations team and justify why it should remain a key part of the operational fabric of the business.”

  • Microsoft’s annual report demonstrates continued AI innovations available across the income spectrum; and its commitment to diversity and inclusion, and cyber security

    Microsoft announced a record-beating amount in annual revenue of over $245 billion, a 16 percent year-on-year increase, with operating income up 24 percent at more than $109 billion. 

    As of June 30, 2024, $10.3 billion remained of the $60.0 billion share repurchase program which commenced in November 2021.  

    The last reported dividend was 14 December 2023, where Microsoft paid out $0.75 per share. Whilst the earnings per share compared to the S&P 500 and Nasdaq 500 shows it consistently beat both indexes, shareholders await the revelation of the dividend for Q1 2024. The total of the last dividend payout amounted to $5,574. 

    Fair Market Value (FMV) of actively traded shares amounted to $349.91 correct as of June 2024. A comparison of 5 year cumulative total return puts the calculation for the NASDAQ Computer Index at $331.2 and the S&P 500 Index’s aggregated return since 2019 at $201.5. These figures represent the net return on $100 invested on 6/30/19 in stock or index, factoring for reinvestment of dividends. 

    Its Diversity and Inclusion Report (hyper-link) highlighted its healthy workplace culture, whereby “Just as our culture has been critical in getting us to this point, it will be critical to our success going forward. At Microsoft, we think of our culture as being both input and output… For us, that means constantly exercising our growth mindset and confronting our fixed mindset—each one of us, every day. It is the only way we will succeed.” 

    Matched donations by 106,000 employees and employer amounted to a total $250million to almost 35,000 nonprofits across 111 countries, with the time spent volunteering by employees to charitable causes put at over 1million. Chairman and Chief Executive Officer Satya Nadella said in a CEO statement prepared October 2024 praised their non-profit oriented stakeholder engagement: 

    “I am deeply grateful for my colleagues’ dedication to making a difference. Together, we can continue to empower everyone around the world.” 

    In the context of AI developments, Microsoft was pleased to announce the roll-out of CoPilot as an add-on in both Business and Home and Personal versions of Microsoft Office 365…. 

    Co-Pilot for professionals is underpinned by secure GitHub repositories. One case study of Brazil’s largest bank, Itau, has since the application was rolled out across terminals seen a 68% increase in deployment speed and a 75% rate of code re-use demonstrating continued internal use-cases. The organisation bore witness to a 93% increase in deployment speed since it linked to the new GitHub repositories. This, says the case study write-up, helps them allocate more time to developing new systems, with server connectivity assured. 

    In Kenya, where much of the population does not have easy access to a bank account and no way to demonstrate their credit score, street vendors used the deployment M-Kopa, a social enterprise using Azure ML to do its forecasting utilising large language models for leads gen of financially inclusive loans issuance. 

    Microsoft’s annual report said, 

     “We offer leading frontier models, thanks to our strategic partnership with OpenAI. With Phi-3, which we announced in April, we offer a family of powerful, small language models. And, with Models as a service, we provide API access to third-party models, including the latest from Cohere, Meta, and Mistral. In total, we have over 60,000 Azure AI customers, up nearly 60 percent year-over-year… 

    This year, we also introduced Copilot Workspace, a Copilot-native developer environment, which helps any developer go from idea, to code, to software—all in natural language.” 

    Its offering Power Platform provides LLM accessible to all users, whether their use case is developing a website, automating workflows, or building a website. Year-on-year there was a net 40% increase in the user base of Power Platform, to a monthly figure of 48million users. 

    Data processing is dependent on large secured data lakes and effective connectivity when undergoing data warehousing. Microsoft said its Microsoft Intelligent Data Platform enabled business intelligence spanning storage siloes with vector embedding driving access to AI capabilities. Its new AI-powered, next-generation data platform Microsoft Fabric has a paid user base of 14,000 customers who can leverage and action their data insights within a unified SaaS fix. 

    It said that even its Microsoft Teams platform was seeing a huge up-ticc in popularity, enabling encrypted communications for a secure workplace environment, – Teams Premium surpassed 3 million seats, up nearly 400 percent year-over-year.  

    Professionalizing its GitHub Co-Pilot offering, which is used by 60% of Fortune 500 companies to streamline and increase velocity on workflow desks, has resulted in for example the Dynamics 365 Contact Center being able to integrate existing legacy infrastructure of CRM systems with advanced AI capability. 

    New use cases of targeted business applications have been found in the healthcare arena – with the DAX Co-Pilot, more than 400 healthcare organizations are increasing physician productivity and reducing burnout. On average, clinicians save more than five minutes per patient encounter. And 77 percent say it also improves documentation quality. 

    Its commitment to cyber security is evidenced by collaboration across systemically important IT service providers. “ At the Munich Security Conference in February, we came together with others across the tech sector and pledged to help prevent deceptive AI content from interfering with global elections. As part of this pledge, we have worked to empower campaigns, candidates, election officials, and voters to understand the risks of deceptive AI in elections and to take steps to protect themselves and democracies. To date, we’ve conducted deepfake trainings in over 20 countries. And our corresponding public awareness campaign has reached over 355 million people.” 

  • Chapt.22 CGT reliefs 

    The main reliefs available: 

    1. Damaged or destroyed assets 
    1. Replacement of business assets 
    1. Gift of business assets 
    1. Transfer of a business to a ltd co. 
    1. Disposal of a business (“entrepreneurs’ life”) 
    1. Reinvestment in EIS shares 
    1. Loans to trade 

    A Gift of business Assets 

    Comprises a chargeable disposal, whether or not the asset is used in business. However, subject to certain conditions, a claim may be made for the gain arising in a gift of business assets to be held over until the transfer or disposal of the assets concerned. If such a claim is made, the transferrer’s gain on the disposal is reduced to zero and the transferee’s actual acquisition cost is reduced by the amount of the gain that would have been chargeable on the transferrer if the gift had not been made. The conditions that must be satisfied are as follows: 

    1. Both the transferrer and the transforee must account for the gain arising from a gift to be held-over. This election must be made within four years of the end of the tax year in which the gift is made.e 
    1. The gifted assets may consist of either: 
    1. Assets used in a trade, profession or vocation carried on by the transferor or if the transferee’s personal co. (a co. In which at least 5% of the voting rights are held by the transferor or 
    1. Shares or securities of a trading co. Which is unlisted or that the transferor’s personal co. (so long as the transferee is not a company) 

    If the gift is of shares, vs individual business assets, the gains arising on the disposal is apportioned between the amount which relates to chargeable business assets and by the co. On the day of the gift and the amount which relates to other chargeable assets (e.g. investments) 

    Only the part of the gain relating to chargeable business assets is eligible for hold-over relief. 

    Sale for less than market value 

    Gift relief is also available if a business asset is sold for less than market value (typically to a connected person).  

    But if the actual consideration received by the transferor exceeds the original cost of the asset (so that part of the gain has been realised) the amount of the gains which may be held over is reduced by the excess of the actual consideration on the asset. 

    Entrepreneurs’ relief (10%) 

    If an ER claim is made in respect of a qualifying disposal, average losses arising in relation to that disposal must first be deducted from the gains arising in relation to the disposal. The resulting amount is then treated as a chargeable gain. This gain is subject to CGT at the rate of 10% rather than at the standard rate (18%) or the higher rate (28%). 

    The taxpayer may also have capital losses in the year arising from non-ER disposals or capital losses brought on from previous years. In these circumstances, 

    1. Non-ER capital losses, capital losses brought forward and the annual exemption may be set against non-ER gains (which are taxable at 18% and 28%) and only then against gains which qualify for ER. 
    1. The unused part of the taxpayer’s rate band (if any) is reduced by the amount of ER gains arising in the year. Non-ER gains are then taxed at 18% to the extent that they do not exceed any remaining part of the basis rate band and at 28% otherwise. 

    ER was 

     subject to a lifetime limit of £10mn correct as of April 2011. 

    Entrepreneurs’ Relief (ER) was renamed Business Asset Disposal Relief (BADR) by Finance Act 2020.  

    BADR is a Capital Gains Tax (CGT) relief that reduces the rate of tax paid on the disposal of qualifying business assets where the disposal proceeds are high enough to take you into the higher tax bands. 

    It can apply to disposals of: 

    • A sole trade and its assets. 
    • Partnership interests and assets. 
    • Shares in your own company. 
    • Joint venture interests. 
    • Business assets held by a trust. 

    When is BADR available? 

    • It is available to CGT disposals made by individuals and trustees. It does not apply to disposals by companies. 
    • It applies to qualifying disposals of business assets. It does not apply to the disposal of investment or non-business assets. 

    The effect of BADR 

    • It reduces the rate of CGT payable on qualifying disposals to 10%.  
    • An individual may claim BADR up to a lifetime limit of qualifying capital gains. This limit is currently £1 million. 

    Restrictions 

    How BADR works  

    Chargeable gains covered by BADR are taxed at a tax rate of 10%. 

    The amount of BADR given depends on the amount of the individual’s BADR lifetime limit after taking previous disposals into account at the date of the disposal. 

    The lifetime limit is as follows: 

    • £1 million from 11 March 2020. 
    • £10 million from 6 April 2011  to 10 March 2020. 
    • £5 million from 23 June 2010 to 5 April 2011. 
    • £2 million from 6 April 2010 to 22 June 2010. 
    • £1 million for 2008-09 and 2009-10. 

    Business Asset Disposal Relief (Entrepreneurs’ Relief): At a glance – www.rossmartin.co.uk1

    Gains in excess of the lifetime limit will be charged at the CGT rate applicable for that period. 

    In order for this relief to be available, the individual must dispose of either: 

    1. All or part of a business (including a share in a partnership) which the individual has accrued throughout the period of one year ending on the date of the disposal. 
    1. Assets owned by a business at the time at which it ceases trading, as long as the business was owned by the individual (or by a partnership in which the individual was a member) throughout the year ending on the date of cessation and the asses are disposed of within 3 years of that date, or 
    1. Shares or securities in a trading co. Which, throughout the period of one year ending on the date of the disposal, has been the individual’s personal co. And of which the individual has been an officer or employee. 

    It is important to realise that the disposal must be either of a whole business or a significant part of this business. Note the following point: 

    Destroyed Assets 

    Usually result in a CGT computation in which disposal value is equal to the amount of any insurance money or other compensation received. However, if all the money received is spent (within 12 months) on the purchase of a replacement asset, the taxpayer may claim that the disposal of the original asset should give rise to neither a gain or loss. The cost of the replacement asset is then reduced by the gain which would otherwise have been made chargeable on the disposal of the original asset if the claim had not been made. 

    If only part of the money received is spent on a replacement asset, the taxpayer may claim that the chargeable gain on the disposal of the original asset should be restricted to the amount of money retained (so long as this is less than the gain). The cost of the replacement asset is then reduced by the balance of the gain that would have been chargeable if the claim had not been made. 

    Damaged Assets 

    If an asset has been damaged and insurance money or other compensation is received as a consequence, the situation is usually treated as a part-disposal. The value of the part disposal of A is the amount of money received and the value of the part remaining B is the value of an asset on the value of the asset on the date that the money was received. 

    Any money spent on restoration is treated as enhancement of expectation.  

    However, in certain circumstances, the taxpayer may elect that the situation should not be treated as a part disposal and that the amount of money received should instead be deducted from the allowable expenditure relating to the assset. 

    This has the effect of increasing the gain margin in a subsequent disposal nad is v. similar to the CGT treatment of small capital distributions (see Chapt.20) 

    The circumstances in which a partial disposal may be avoided are: 

    1. All of the money received is applied to restoring the asset. 
    1. The asset is not a wasting asset and all the money received is applied to restoring the asset except for an amount which is small in comparison received and which is not reasonably required for restoration purpose; or 
    1. The asset is not a wasting asset and the amount of money received is small in comparison with the asset. 

    A sum is regarded as “small” f it does not exceed £3,000 or 5%of the amount with which it is being compared, whichever is the higher. 

    A part disposal calculation is receivable if only part of the money received is spent on restoring the asset and whether either of the “small” tests is satisfied. However, the taxpayer may elect that the calculation should relate only to the amount which is received but not spent on restoration. If this election is made, the remainder of the money received is deducted from the allowable expenditure relating to the asset. 

    Business Asset Disposal Relief (Entrepreneurs’ Relief): At a glance – www.rossmartin.co.uk

  • Capital Gains Tax Exemptions. Learn how to avoid CGT on qualifying investments and settlements

    All assets are regarded as chargeable assets except for those which are specially exempted from CGT. The main exemptions are as follows: 

    1. A taxpayer’s private residence 
    1. Motor cars, including vintage and veteran cars (although not personalised numberplates) 
    1. Items of tangible, removable property (referred to as “chattels” which are disposed of for £6,000 or less. 
    1. Chattels with a predictable useful life of 50 years or less, unless used as business and eligible for capital allowances (Chapt 19) 
    1. Gilt-edged securities and qualifying corporate bonds (Chapt 20) 
    1. National Savings Certificates and Premium Bonds 
    1. Foreign currency (if acquired for private use) 
    1. Winnings from pools, lotteries, bettings etc 
    1. Decoration for valour (unless purchased by acquirer) 
    1. Damages on compensation received for personal or professional injury and compensation for mis-sold personal pension schemes 
    1. Life insurance policies (unless purchased by a third-party) 
    1. Shares in a Venture Capital Trust (Chapt.6) 
    1. Investments held either in an Individual Savings Account (ISA) or a Child Trust Fund (Chapt.60 

    2012-13, the max capital allowance of an ISA was capped at £11,280. Notes interest and dividends arising from ISAs are exempt from income tax. Capital gains (and losses) arising from ISAs are exempt from CGT. 

    Notes 2 types of ISA: 

    1. Cash ISA is deposited with a bank or building society and is held in a savings account. 
    1. Money investment in a stocks & shares ISA is used by the ISA provider to acquire stocks & shares on the saver’s behalf. 

    Venture Capital Trusts 

    A Venture Capital Trust (VCT) is a company which is approved as such by HMTC. The main conditions which must be satisfied before IMRC approval can be obtained are as follows: 

    1. The company’s ordinary shares must be listed on an EU stock exchange 
    1. Its income must be derived wholly or mainly from shares and securities and no more than 15% of this income may be retained by the company 
    1. At least 70% of its total investments must consist of “qualifying holdings” and at least 70% of these holdings must consist of “eligible shares”. Broadly, shares or securities owned by a VCT rank as qualifying holdings if they were newly issued to the VCT and are shares or securities of a company which would be a qualifying company for the purposes of the EIS (Enterprise Investment Scheme). Eligible shares exclude redeemable shares. 
    1. No holding in any one company (other than in another VCT) can represent more than 15% of a VCT’s investment. At least 10% of a VCT’s investment in a company must be held in the form of eligible shares. 

    Income tax relief is available to taxpayers who subscribe for newly-issued shares of a VCT. This takes the form of a tax reduction equal to 30% of the amount invested, subject to an investment limit of £200,000 per tax year. This reduction takes priority over the tax reductions relating to certain payments by the taxpayer (see Chapt.4) and the tax reduction relating to the MCA (see Chapt.3) To qualify for income tax relief, the taxpayer must hold the shares for a minimum holding period of at least 5 years. 

    Dividends on the first £200,000 of VCT shares acquired in each tax year are exempt from income tax and any capital gain or loss arising from the disposal of these shares is exempt from capital gains tax, regardless of whether or not the shares have been held for the minimum holding period. 

    Enterprise Investment Scheme (EIS) 

    *Dividends on the scheme are subject to income tax in the usual way* 

    a) Income tax relief is available to taxpayers who subscribe to newly issued ordinary shares in “qualifying cos”. Features include: 

    – less than 250 employees 

    – permanent establishment in UK and have gross assets not exceeding £15mn immediately before the share issuance, and not exceeding £16mn immediately after it. 

    – the co. Must have raised no more than £5mn under the EIS and other venture capital schemes in the previous 12 months. 

    b) A taxpayer’s EIS investments of up to £1mn in tax each year are subject to tax relief. 

    c) Relief takes the form of a reduction in the amount of tax due to the taxpayer’s chargeable income equal to 30% of the amount invested in qualifying cos during the year. This reduction takes priority over the tax reductions relating to certain payments (Chapt.4) and MCA (Chapt.3) 

    d) The taxpayer must not be connected to the co. At any time during the two years prior to the date of the investment and the three years following the date. Broadly speaking, an individual is connected with a company for this purpose if he or she is an employee of the co, or, together with associates, owns more than 30% of the co’s ordinary shares. 

    1. Any capital gain arising on the eventual disposal of the shares is exempt from CGT but any loss arising on the disposal is eligible for relief, and the loss may be relieved: 
    1. As a capital loss, in the usual way or 
    1. Against the taxpayer’s total income for the year in which the loss is incurred after the prev. Year (see Chapter 12) 

    When calculating the allowable loss, the shares are deemed to have been acquired for their issuance price, less the tax reduction obtained when shares were purchased. 

    The taxpayer must retain the shares for a minimum holding period of at least 3 years or both the income tax and capital gains tax reliefs are lost. 

    Seed Enterprise Investment Schemes 

    The money raised by the new share issue must be spent within 3 years of the share issue. You must spend the money on either: 

    a qualifying trade 

    preparing to carry out a qualifying trade 

    research and development that’s expected to lead to a qualifying trade — such as a project to make an advance in science or technology 

    You cannot use the investment to buy shares, unless the shares are in a qualifying 90% subsidiary that uses the money for a qualifying business activity. 

    1. Subject to certain conditions tax relief is available to investors who subscribe to ordinary shares in a co. which is carrying on a new business, although not one which started more than two years before the share issue.  
    1. The co. Concerned must be an unlisted trading company with a permanent establishment in the UK, have fewer than 250 employees and its assets less than £200,000 before the SEIS investment is made. Also, the amount of all SEIS investment received by the company must not exceed £150,000 (correct as of last published edition of Alan Melville’s ‘Taxation’ 2012-13. 
    1. During the period from the co’s incorporation until the third aniversary of the share issuance, the investor must not own more than 30% or more of the co’s share capital, or be an employee of the company other than the director. 
    1. Tax relief takes the form of an income tax reduction equal to 50% of the amount invested up to a limit of £100,000 p.a. 

    *As with the main EIS, any SEIS investments made during a tax year may be carried back and treated as if made in the previous years. 

    Income from Trusts and Settlements 

    A trust or settlement is an arrangement whereby property is held by persons known as trustees, for the benefit of persons known as beneficiaries. This fall into two main categories: 

    1. If one or more persons are entitled to receive all the income which is generated by the trust property, then those persons are “life tenants” and the trust is a “trust with an interest in possession”. 
    1. If there is no life tenant and all the trustees have the discretion to distribute as much or as little of the trust income to the beneficiaries as they see fit, the trust is referred to as a “discretionary fund”. 

    Trusts with Vulnerable Benificiary 

    This special tax regime ensures that the tax liability of this type of trust is reduced to the amount of tax that would have been payable if the trust income and gains had accrued directly to the beneficiary concerned. 

    A “vulnerable beneficiary” may be either a disabled person or (in certain circumstances) a minor. Trustees who wish to claim the special tax treatment available under this regime must make an appropriate election to HM Revenue and Customs. Once made, such an election is irrevocable.