Tag Archives: Cyber Resilience

CYBERUK 2026: From Policy to Practice and the System Inbetween

CYBERUK 2026 signals a shift from building a cyber ecosystem to operating a national cyber system. Across a series of analyses, a consistent pattern emerges: policy is coherent, execution is demanding, and outcomes are uneven. This article draws those strands together to show that the gap between strategy and delivery is not incidental; it is structural, and it defines how the system behaves.

Continue reading →

CYBERUK 2026: The Missing Layer Between Strategy and Execution is Regional Capability Infrastructure

CYBERUK 2026 defines a clear national cyber strategy, but leaves a critical gap between ambition and execution. This article identifies the “missing layer”: the regional capability infrastructure required to translate policy into scalable organisational resilience. Without it, capability remains uneven, SMEs struggle to progress, and the system evolves by default rather than design, undermining the goal of distributed national resilience.

Continue reading →

CYBERUK 2026: System Ambition vs Operational Reality and the Rise of a Two-Speed Cyber Economy

CYBERUK 2026 reveals a coherent but challenging shift in UK cyber strategy: from building a policy ecosystem to operating a national cyber system. While the government drives system-level resilience and AI-enabled defence, organisations are expected to execute fundamentals under increasing pressure. The result is a growing gap between ambition and capability, driving the emergence of a two-speed cyber economy where cyber security becomes a condition of market access.

Continue reading →

CYBERUK 2026: The Perfect Storm and the Limits of Fundamentals

Richard Horne’s CYBERUK 2026 keynote frames cyber security as operating in a “perfect storm” of rapid technological change and rising geopolitical tension. While reinforcing the importance of fundamentals, the speech highlights how AI and evolving threats are reshaping the landscape. The core challenge is whether organisations can maintain baseline security as capability gaps widen, raising the risk of a two-speed cyber economy.

Continue reading →

CYBERUK 2026: From Policy Ecosystem to Operational Doctrine

The UK’s Security Minister, Dan Jarvis MBE’s CYBERUK 2026 speech, signals a shift from building a cyber ecosystem to actively operating a national cyber system. It elevates baseline security expectations, embeds supply chain enforcement, and positions AI as central to defence. However, this transition risks concentrating market power, potentially excluding SMEs while increasing dependence on a small number of large firms and frontier AI providers.

Continue reading →

UK Cyber Policy Ecosystem Mapped: Structure and Evidence

This article maps the core policy architecture and supporting evidence underpinning the UK cyber security ecosystem. By separating system-defining strategies, legislation, and sectoral analyses from the research and technical studies that inform them, it provides a clearer view of how cyber policy, economics, and regional development interact across government and industry.

Continue reading →

No Cyber Idea: Why I Built Cyber Tzar (and Why I Don’t Buy the Consulting Model)

Cyber risk has become an exercise in interpretation rather than reduction. The industry has over-optimised for modelling, scoring, and explaining exposure, often driven by consulting-led approaches that rely heavily on subjectivity and narrative. This piece argues that the real problem is upstream: data acquisition, normalisation, and comparability. Cyber Tzar was built to industrialise that problem, collapsing the time between discovery and action, and shifting organisations away from “bean counting” risk towards actually reducing it. The distinction is simple: attackers exploit exposure, not models.

Continue reading →

JLR Bail Out: When £1.5 Billion Doesn’t Fix the Problem

A £1.5B response to supply chain disruption risks masking a deeper structural problem in UK manufacturing. Cyber risk is systemic, flowing both upstream and downstream across interconnected supply chains, with SMEs bearing a disproportionate impact. The West Midlands, though not yet cyber-affluent, can lead by building coordinated regional capability, shifting focus from reactive recovery to operational resilience, visibility, and cluster-driven economic stability.

Continue reading →

The Curious Absence of Cyber in Local Government Technology Strategy

A forthcoming Local Government Strategy Forum event highlights the technology investment priorities of councils representing nearly £2 billion in budgets. The data shows strong interest in AI, automation and service transformation, but no explicit mention of cybersecurity or risk management. This article explores what that absence reveals about how local government frames technology strategy, and why resilience often remains invisible in leadership investment narratives.

Continue reading →

Cyberbiosecurity in the New Normal Reviewed: Governance First, Apocalypse Later

Fouad’s “Cyberbiosecurity in the New Normal” attempts to elevate the digitisation of biology into a matter of international security. She is right that biology is now deeply digital and that this creates new attack surfaces. Where the article overreaches is in treating these risks as exceptional, geopolitically novel, or strategically transformative in themselves. Most cyberbio risks today are not exotic or unprecedented; they are familiar engineering and governance failures appearing in a new domain. The danger is less hacked DNA than over-securitised data.

Continue reading →

Scale by Geoffrey West Reviewed: Where Physics Meets Hubris

Geoffrey West’s Scale seeks universal mathematical laws of growth across biology, cities, and corporations. It’s bold, partly right, and mostly over-extended. The biological physics hold up; the social analogies don’t. Useful for thinking about efficiency, fragility, and systemic limits; but best treated as heuristic, not law.

Continue reading →

CRTFs Move From Concept to Reality… But the Hard Questions Begin Now

Cyber Resilience Test Facilities (CRTFs) have now moved from concept into operational reality, with the first product assessments completed and reports issued. This milestone confirms CRTFs as a risk-based assurance mechanism rather than a pass/fail certification scheme. Yet major challenges remain: governance, market interpretation, high-assurance integration with UK Telecoms Lab (UKTL), and international alignment. CRTFs are real, but adoption must stay meaningful.

Continue reading →

The UK Cyber Security and Resilience Bill 2025: What It Means and Why It Matters

The UK Cyber Security and Resilience Bill 2025 represents a major shift from sector-based cyber regulation to a broader national resilience framework. By expanding the NIS regime to data centres, managed service providers and critical suppliers, strengthening incident reporting, and introducing strategic governance and national security powers, the Bill closes long-standing gaps but raises challenges around proportionality, skills, regional delivery and SME impact.

Continue reading →

When It Comes To Cyber The Midlands Defence Blueprint Is Polite Fiction

The Midlands Defence & Security Blueprint presents itself as decisive and strategic, but in reality it repeats the same structural failures that undermined Midlands Engine. Cyber remains subordinated, underfunded, and ownerless, while coordination is mistaken for delivery. Written from the perspective of a practitioner who has built cyber capability on the ground, this article argues that resilience will not come from another blueprint, but from funded authority, real centres, and delivery.

Continue reading →

Merry Christmas and Happy New Year 2026 from the West Midlands Cyber Hub

As the new year begins, the West Midlands Cyber Hub is delivering an ambitious programme of practical, community-driven cyber events from January to March… with more already in development. This programme is focused on building cyber capability, confidence, and collaboration across the West Midlands, supporting organisations, practitioners, and the wider regional economy.

Continue reading →

Cyber deception at UK scale: what the NCSC trials tell us — and what they still don’t

The NCSC’s cyber deception trials mark a shift from theory to evidence, testing whether deception can deliver real defensive value at scale. This article examines what those trials show — and what they leave unresolved. It argues that cyber deception is best understood as an evolution of honeypots, powerful but operationally demanding, and highly dependent on organisational maturity. While effective in well-instrumented environments, deception is not an SME-level control and risks being over-sold. Without clear metrics, safety discipline, and honest maturity gating, its promise remains conditional.

Continue reading →

The Rise of AI–Cyber Policy Convergence: Who’s Leading the Discussion?

AI and cybersecurity are no longer separate conversations. In the UK, they’re becoming one strategic priority, with new leaders, risks, and regulatory battles emerging fast. Until recently, AI and cybersecurity lived in different corners of policy and funding. But that era is over. From deepfake fraud and LLM jailbreaks to AI-assisted vulnerability discovery, the UK now faces a landscape where cyber threats and AI systems are not just overlapping; they are entangled. And the convergence is reshaping national security strategies, tech standards, and regulatory structures. This article explores the organisations, thinkers, and working groups shaping the AI–cyber policy crossover in the UK, and how startups, researchers, and advisors can influence what comes next.

Continue reading →

The NCSC Annual Review 2025: Between Capability and Stasis

The article examines the NCSC Annual Review 2025 as both a testament to accomplishment and a warning. It praises the NCSC’s technical competence but questions its identity: regulator, delivery agency, or state-backed market player? It highlights contradictions — DSIT hailing it as “the jewel in the crown” while eroding its remit, diluting CyberFirst into TechFirst, ending its startup work, and overstating the benefits of Cyber Essentials. The piece concludes that the NCSC is overextended and under-defined, needing clarity of purpose more than new initiatives — less performance, more direction.

Continue reading →

Women in Cyber Leadership: How Inclusion is Shaping UK Strategy

From boardrooms to government panels, women in cybersecurity are now shaping the UK’s strategic direction, not just participating in it. For years, the conversation about women in cybersecurity focused on “getting a foot in the door.” Today, it’s about who’s in the room when national decisions are made, and increasingly, women are leading those conversations. Inclusion is no longer a side project. In the UK, it’s becoming a strategic imperative, with policy, funding, and procurement now reflecting gender equity, diverse leadership, and lived experience as core components of resilience, innovation, and national capability. This article maps how women in cyber leadership are influencing strategy at every level, from community hubs and boardrooms to national working groups and international policy circles.

Continue reading →

Resilience by Design: How UK Think Tanks and Standards Bodies Shape Security-by-Default

Secure by default isn’t just a buzzword; it’s becoming the blueprint for how Britain builds its digital infrastructure. In a world of escalating cyber risk, the UK is shifting from reactive defences to resilience by design, embedding security principles from the earliest stages of product development, system architecture, and national infrastructure planning. This shift isn’t being driven by legislation alone. It’s being shaped by a constellation of think tanks, technical standards bodies, and influential advisors who guide how resilience is defined, measured, and built into UK systems from day one. This article unpacks who’s influencing the secure-by-default movement in Britain, and how vendors, policymakers, and professionals can engage.

Continue reading →