Bring a Trailer, a global online collector car auction site, has joined forces with the heritage site as part of its expansion into the UK market.

The company will make its first appearance at the Bicester Scramble on Sunday, April 26, alongside its UK partner Sports Purpose.

Randy Nonnenberg, co-founder and president of Bring a Trailer, said: “We are delighted to partner with Bicester Motion as BaT continues its formal expansion into the UK market.

“Bicester Motion is a place that we as a team have long admired, a true haven for car enthusiasts in the UK.

“It embodies the very best of the British car scene’s passion and expertise, so it’s the perfect venue for BaT over here.”

Set on the grounds of the former WWII RAF Bicester Bomber Training Station, Bicester Motion has been transformed into a thriving hub for automotive businesses in recent years.

Daniel Geoghegan, founder and CEO of Bicester Motion, said: “For Bring a Trailer to have chosen to partner with the Scramble is a real coup for us at Bicester Motion.

“It aligns with the ethos of the Scramble perfectly.”

The Bicester Scramble, held several times a year, showcases a broad range of vehicles.

At the April 26 event, Bring a Trailer will display a range of cars currently listed on its UK platform.

The line-up includes a Porsche 356 Speedster, a Guards Red Porsche 987 Boxster Spyder, and a historic Chevrolet Camaro racecar.

Cyber-attacks are the biggest risk facing professional firms in 2026, according to a survey by insurer Everywhen. The poll found that 65% of respondents ranked cyber-attacks as their main concern.

Cyber threats were well ahead of economic pressures, which came second on 18%. Professional negligence claims followed on 9%, while regulatory changes were cited by 8% of respondents.

The findings suggest a marked shift in priorities among firms in sectors such as legal, financial and consultancy services. These businesses hold large volumes of sensitive client information and rely heavily on digital systems for day-to-day operations, making them more vulnerable to data breaches, ransomware and related disruption.

The gap between cyber risk and other concerns suggests digital security has moved ahead of more established threats in boardroom discussions. Economic uncertainty, compliance demands and negligence claims remain part of the risk landscape, but the survey indicates most respondents no longer see them as the most immediate threat.

Risk shift

The results come as professional firms also contend with rising costs and changing client expectations. Those pressures have created a more challenging operating environment, even before the impact of a cyber incident is considered.

For firms that provide advice or handle confidential material, the effects of an attack can extend beyond the immediate technical damage. A breach can lead to business interruption, regulatory scrutiny and claims from affected clients, increasing both direct and indirect costs.

An Everywhen spokesperson said the findings reflect the growing weight of cyber exposure in professional services.

“What this data shows very clearly is that cyber threats represent a fundamental and growing business risk. Professional firms are custodians of highly sensitive client data, and that makes them a prime target.

From an insurance perspective, cyber incidents rarely sit in isolation. They can lead to business interruption, regulatory investigations and even professional indemnity claims if clients are affected. That is why it is critical for firms to understand how their cover responds and where potential gaps may exist.

There is still a tendency to view cyber insurance as optional, but the reality is that it is becoming a core component of a firm’s risk management strategy.”

Boardroom concern

The survey suggests professional firms increasingly see cyber risk as a business issue rather than a narrow technology problem. A successful attack can affect client service, reputation and regulatory standing at the same time, helping explain why it now outranks more traditional concerns.

Legal practices, accountancy firms, consultants and other advisory businesses often hold commercially sensitive and personal information. That makes them attractive targets for cyber criminals seeking direct financial gain or leverage through extortion.

At the same time, the results indicate that regulatory change and professional negligence, while still significant, are being overshadowed by the speed and frequency of cyber incidents. The ranking also suggests firms may be reassessing how different risks interact, particularly where a cyber event could trigger wider legal or professional consequences.

Insurers have seen demand for cyber-related cover rise as businesses look to manage the financial effects of attacks. The Everywhen findings add to wider evidence that many companies now view digital threats as a central operational and governance issue rather than a peripheral one.

The spread between first and second place in the survey was particularly stark. Cyber-attacks drew more than three times the share of responses recorded for economic pressures, underlining how far concern about digital threats has moved ahead of other business risks.

ThreatAware has warned organisations to close cybersecurity visibility gaps ahead of changes to the UK’s Cyber Essentials scheme. The updated version introduces stricter checks for certification.

The revised standard adds two automatic failure conditions and raises the bar for proving that key controls are in place across full IT environments. The five technical controls at the heart of Cyber Essentials remain unchanged, but the assessment process will place greater weight on whether those controls are consistently enforced in practice.

Under the changes, any cloud service that supports multi-factor authentication must have it enabled. A single account without MFA would trigger an automatic failure.

Another change shortens the window for fixing critical and high-risk vulnerabilities. Organisations will need to remediate those issues within 14 days across endpoints, applications and network infrastructure.

Scrutiny during assessments is also set to increase. If sample testing identifies failures, organisations will need to fix the same issues across the whole environment before they can be reassessed.

Stricter checks

IASME has published the update, which is backed by the National Cyber Security Centre. For many UK organisations, Cyber Essentials certification remains a basic requirement for working with government departments and parts of the wider supply chain, and it is often linked to cyber insurance conditions.

That makes the practical effect of the revised rules significant for companies that rely on certification to win or retain contracts. The changes shift the focus from written policy to proof that controls are active across all users, devices and systems.

Common weak points include misconfigured conditional access policies, unmanaged or guest accounts, devices outside patching windows, and unsanctioned software-as-a-service use. Under the updated framework, any one of those gaps could be enough to prevent certification.

Jon Tamplin, Head of Cybersecurity at ThreatAware, said: “These updates reinforce a fundamental cornerstone of cybersecurity: when organisations get the basics right, they prevent the vast majority of attacks. And it starts with one essential principle – visibility.

“Visibility isn’t a nice-to-have; it’s the foundation of effective security. Think about this from the attacker’s perspective: they’re looking for the easiest path. A high-risk account where MFA isn’t enforced can quickly lead to a compromised device.”

Proof required

The emphasis on evidence reflects a broader trend in cyber compliance, with auditors and certification bodies increasingly wanting to see operational controls rather than policy statements. In practice, that means security teams must be able to account for every relevant device and user account, including those outside standard management processes.

For larger organisations, that can be difficult when estates include a mix of on-premises systems, cloud applications, third-party tools and temporary accounts. Guest users, shadow IT and assets outside central management often create the blind spots that compliance frameworks are now trying to eliminate.

Tamplin said: “If security leaders can’t identify where these gaps are, they’re effectively working with one hand tied behind their back. Teams are doing their best, but it only takes one device without the right security controls to expose an entire network.

“If you can’t see every device and every account, you can’t prove the controls are working. Under v3.3, proof is exactly what’s required, and it only takes one device outside the patch window or one account without MFA enforced to fail an assessment.

“The message behind the Cyber Essentials updates is simple: get the fundamentals right. Those fundamentals haven’t changed, but expectations have. Organisations should not only have core controls in place, from patching to EDR and MFA, but also be able to prove they are applying them across every account and every device, all the time, to meet the ‘Five Controls’.”

The revised requirements apply immediately to new certification accounts created under the updated scheme, while organisations with existing accounts have a six-month transition period to certify under the previous standard. That phased approach gives some businesses extra time, but it also creates a near-term decision for organisations that need certification for procurement, supplier assurance or insurance purposes.

ThreatAware, founded in 2018, works with more than 100 organisations across the UK, US and Canada.