Tag Archives: Cyber Resilience

Super-Productive WM Cyber Day: Reflections from the Tech Transformation Summit, Innovation Fest and the SWBH NHS Charity Quiz Night

A reflection on a uniquely busy West Midlands cyber and technology day spanning the Tech Transformation Summit, BCU Innovation Fest and the SWBH NHS Charity Quiz Night. Covering cyber resilience, leadership, AI, workforce transformation, industrial resilience, and the growing regional cyber ecosystem, the article explores how operational resilience is increasingly a human, organisational, and economic challenge rather than a purely technical one.

Continue reading →

The Operational Decision Platform: Palantir, Databricks, Snowflake, and Microsoft Fabric

Closing the Gap Between Data, Insight, and Action. Palantir, Databricks, Snowflake, and now Microsoft Fabric are often compared as if they solve the same problem. They don’t. Most organisations already have the first three layers of the modern data stack in place. And yet, despite significant investment, decision execution remains slow, manual, and inconsistent. Snowflake excels in scalable analytics and data warehousing, Databricks focuses on data engineering and AI model development, while Palantir enables operational decision execution through integrated workflows. Understanding their distinctions and how they complement each other is key to designing effective, modern data architectures.

Continue reading →

The Gap Between Reality and Reporting: A Model of True Cyber Exposure in the UK

The UK’s cyber security data does not describe a single reality; it describes three filtered views of it. By overlaying Breaches Survey, ICO, and NCSC data, a clearer model emerges: one of layered visibility, not layered severity. This article introduces a “true exposure vs reported exposure” framework, showing that most cyber risk sits below what is detected, reported, or acted on, and that the current strategy is focused on the wrong layer.

Continue reading →

A Decade of the UK Cyber Security Breaches Survey: Trends, Plateaus, and What Actually Changed

The UK Cyber Security Breaches Survey, viewed over time, reveals not progress but stabilisation. Breach rates remain persistently high, attack methods largely unchanged, and improvements in governance lag behind rising exposure. The data shows a system that has normalised insecurity, where awareness has increased, but action has not kept pace, resulting in a steady-state of widespread, structurally embedded cyber risk.

Continue reading →

The UK Cyber Security Breaches Survey 2025/26: Stagnation, Scale, and the Illusion of Progress

The UK Cyber Security Breaches Survey 2025/26 suggests stability, but closer analysis reveals a system stuck in place rather than improving. Breaches remain widespread, detection uneven, and incentives misaligned. What looks like progress is often an artefact of measurement. This article argues the UK has reached a cybersecurity plateau, where risk is normalised, resilience is incomplete, and meaningful change will require structural, not incremental, intervention.

Continue reading →

CYBERUK 2026: From Policy to Practice and the System Inbetween

CYBERUK 2026 signals a shift from building a cyber ecosystem to operating a national cyber system. Across a series of analyses, a consistent pattern emerges: policy is coherent, execution is demanding, and outcomes are uneven. This article draws those strands together to show that the gap between strategy and delivery is not incidental; it is structural, and it defines how the system behaves.

Continue reading →

CYBERUK 2026: The Missing Layer Between Strategy and Execution is Regional Capability Infrastructure

CYBERUK 2026 defines a clear national cyber strategy, but leaves a critical gap between ambition and execution. This article identifies the “missing layer”: the regional capability infrastructure required to translate policy into scalable organisational resilience. Without it, capability remains uneven, SMEs struggle to progress, and the system evolves by default rather than design, undermining the goal of distributed national resilience.

Continue reading →

CYBERUK 2026: System Ambition vs Operational Reality and the Rise of a Two-Speed Cyber Economy

CYBERUK 2026 reveals a coherent but challenging shift in UK cyber strategy: from building a policy ecosystem to operating a national cyber system. While the government drives system-level resilience and AI-enabled defence, organisations are expected to execute fundamentals under increasing pressure. The result is a growing gap between ambition and capability, driving the emergence of a two-speed cyber economy where cyber security becomes a condition of market access.

Continue reading →

CYBERUK 2026: The Perfect Storm and the Limits of Fundamentals

Richard Horne’s CYBERUK 2026 keynote frames cyber security as operating in a “perfect storm” of rapid technological change and rising geopolitical tension. While reinforcing the importance of fundamentals, the speech highlights how AI and evolving threats are reshaping the landscape. The core challenge is whether organisations can maintain baseline security as capability gaps widen, raising the risk of a two-speed cyber economy.

Continue reading →

CYBERUK 2026: From Policy Ecosystem to Operational Doctrine

The UK’s Security Minister, Dan Jarvis MBE’s CYBERUK 2026 speech, signals a shift from building a cyber ecosystem to actively operating a national cyber system. It elevates baseline security expectations, embeds supply chain enforcement, and positions AI as central to defence. However, this transition risks concentrating market power, potentially excluding SMEs while increasing dependence on a small number of large firms and frontier AI providers.

Continue reading →

UK Cyber Policy Ecosystem Mapped: Structure and Evidence

This article maps the core policy architecture and supporting evidence underpinning the UK cyber security ecosystem. By separating system-defining strategies, legislation, and sectoral analyses from the research and technical studies that inform them, it provides a clearer view of how cyber policy, economics, and regional development interact across government and industry.

Continue reading →

No Cyber Idea: Why I Built Cyber Tzar (and Why I Don’t Buy the Consulting Model)

Cyber risk has become an exercise in interpretation rather than reduction. The industry has over-optimised for modelling, scoring, and explaining exposure, often driven by consulting-led approaches that rely heavily on subjectivity and narrative. This piece argues that the real problem is upstream: data acquisition, normalisation, and comparability. Cyber Tzar was built to industrialise that problem, collapsing the time between discovery and action, and shifting organisations away from “bean counting” risk towards actually reducing it. The distinction is simple: attackers exploit exposure, not models.

Continue reading →

JLR Bail Out: When £1.5 Billion Doesn’t Fix the Problem

A £1.5B response to supply chain disruption risks masking a deeper structural problem in UK manufacturing. Cyber risk is systemic, flowing both upstream and downstream across interconnected supply chains, with SMEs bearing a disproportionate impact. The West Midlands, though not yet cyber-affluent, can lead by building coordinated regional capability, shifting focus from reactive recovery to operational resilience, visibility, and cluster-driven economic stability.

Continue reading →

The Curious Absence of Cyber in Local Government Technology Strategy

A forthcoming Local Government Strategy Forum event highlights the technology investment priorities of councils representing nearly £2 billion in budgets. The data shows strong interest in AI, automation and service transformation, but no explicit mention of cybersecurity or risk management. This article explores what that absence reveals about how local government frames technology strategy, and why resilience often remains invisible in leadership investment narratives.

Continue reading →

Cyberbiosecurity in the New Normal Reviewed: Governance First, Apocalypse Later

Fouad’s “Cyberbiosecurity in the New Normal” attempts to elevate the digitisation of biology into a matter of international security. She is right that biology is now deeply digital and that this creates new attack surfaces. Where the article overreaches is in treating these risks as exceptional, geopolitically novel, or strategically transformative in themselves. Most cyberbio risks today are not exotic or unprecedented; they are familiar engineering and governance failures appearing in a new domain. The danger is less hacked DNA than over-securitised data.

Continue reading →

Scale by Geoffrey West Reviewed: Where Physics Meets Hubris

Geoffrey West’s Scale seeks universal mathematical laws of growth across biology, cities, and corporations. It’s bold, partly right, and mostly over-extended. The biological physics hold up; the social analogies don’t. Useful for thinking about efficiency, fragility, and systemic limits; but best treated as heuristic, not law.

Continue reading →

CRTFs Move From Concept to Reality… But the Hard Questions Begin Now

Cyber Resilience Test Facilities (CRTFs) have now moved from concept into operational reality, with the first product assessments completed and reports issued. This milestone confirms CRTFs as a risk-based assurance mechanism rather than a pass/fail certification scheme. Yet major challenges remain: governance, market interpretation, high-assurance integration with UK Telecoms Lab (UKTL), and international alignment. CRTFs are real, but adoption must stay meaningful.

Continue reading →

The UK Cyber Security and Resilience Bill 2025: What It Means and Why It Matters

The UK Cyber Security and Resilience Bill 2025 represents a major shift from sector-based cyber regulation to a broader national resilience framework. By expanding the NIS regime to data centres, managed service providers and critical suppliers, strengthening incident reporting, and introducing strategic governance and national security powers, the Bill closes long-standing gaps but raises challenges around proportionality, skills, regional delivery and SME impact.

Continue reading →

When It Comes To Cyber The Midlands Defence Blueprint Is Polite Fiction

The Midlands Defence & Security Blueprint presents itself as decisive and strategic, but in reality it repeats the same structural failures that undermined Midlands Engine. Cyber remains subordinated, underfunded, and ownerless, while coordination is mistaken for delivery. Written from the perspective of a practitioner who has built cyber capability on the ground, this article argues that resilience will not come from another blueprint, but from funded authority, real centres, and delivery.

Continue reading →

Merry Christmas and Happy New Year 2026 from the West Midlands Cyber Hub

As the new year begins, the West Midlands Cyber Hub is delivering an ambitious programme of practical, community-driven cyber events from January to March… with more already in development. This programme is focused on building cyber capability, confidence, and collaboration across the West Midlands, supporting organisations, practitioners, and the wider regional economy.

Continue reading →