Tag Archives: Cyber Sectoral Analysis

Cyber Sectoral Analysis

Cyber Sectoral Analysis examines how cyber risk, regulation, skills and capability actually land in specific sectors and regions, not in theory, but in practice.
This series looks across defence, critical infrastructure, supply chains, SMEs, regional clusters and public policy to understand where resilience is working, where it isn’t, and why. The focus is on real dependencies, delivery capacity, regulatory impact and economic consequences, connecting national strategy to operational reality and regional execution.

If cyber is economic infrastructure, this is where the weak points, and the leverage, really are.

Unlocking the UK’s Growth Potential: A Critical and Constructive Review of the Tech Nation Report 2025

The Tech Nation Report 2025 reaffirms the UK’s position as Europe’s leading tech hub, valued at $1.2 trillion and home to 163 unicorns. Yet it also exposes structural barriers, capital bottlenecks, talent shortages, regional imbalances, and over-reliance on London and AI. This article critically reviews the report, adds practitioner-led insights, and proposes a roadmap for sustainable and regionally inclusive growth.

Continue reading →

Pre-Launch Reflections: The West Midlands Cyber Hub

The pre-launch of the West Midlands Cyber Hub at Enterprise Wharf brought together over 100 leaders from across the region’s cyber ecosystem, CISOs, CTOs, startups, universities, government, community partners, students, practitioners, and members of the interested public. What began as a vision to give the West Midlands a proper home for cyber has now become real, supported by DSIT, Innovate UK, Aston University, West Midlands Cyber Resilience Centre, Midlands Cyber, TechWM and the Innovation Alliance for the West Midlands.

Continue reading →

From Policy to Place: Aligning the UK Cyber Policy with the West Midlands Futures Growth Plan

The UK Cyber Policy 2025 and the West Midlands Futures Green Paper 2025 set bold agendas but risk gaps without practitioner-led delivery. The national policy offers ambition but lacks continuity, metrics, and practitioner voice. The regional plan lays strong scaffolding but underweights cyber, leaning too heavily on AI. A ten-point roadmap shows the way forward: formally recognise cyber as a standalone cluster, unify governance, foster community, attract investment, establish a hub, launch a festival, rebuild narrative, reform SME funding access, enhance talent strategy, and create a regional benchmarking index. Anchored in the West Midlands Cyber Hub, this approach can balance national ambition with regional delivery, making resilience a driver of inclusive growth.

Continue reading →

The West Midlands Futures Green Paper (2025): Synopsis, Key Takeaways, Critique, and Recommendations

The West Midlands Futures Green Paper sets a bold agenda, but risks leaning too heavily on AI. Cyber must be treated as a foundational enabler across every sector, from advanced manufacturing to healthcare, and anchored in a practitioner-led West Midlands Cyber Hub. Such a hub can drive assurance, skills conversion, supply-chain uplift, and regional equity, ensuring growth is both resilient and inclusive.

Continue reading →

UK Cyber at a Crossroads: Three Essays on Policy, Practice, and Growth, in Reaction to the 2025 Cyber Growth Action Plan

The UK’s cyber policy has made progress but suffers from churn, overlap, and regional imbalance. The 2025 Cyber Policy sets out ambition but lacks continuity and practitioner voice. This three-part series traces the history, critiques the new policy, and argues for a practitioner-led, regionally balanced ecosystem to stabilise the base finally.

Continue reading →

Stabilising the Base: From Patchwork to Platform in the UK Cyber Ecosystem

This article argues that stabilisation must be the UK’s priority. Drawing together the lessons of history and the critique of the DSIT Cyber Growth Action Plan 2025, it calls for a practitioner-led ecosystem that ends programme churn, addresses regional imbalance, unlocks university IP, and resists government attempts to build commercial products. The vision is of hubs and networks rooted in delivery and credibility — a cyber base resilient enough to sustain long-term growth. Unless these foundations are secured, the UK will remain trapped in cycles of ambition without durability.

Continue reading →

Reviewing the 2025 UK Cyber Growth Action Plan: Promise, Blind Spots, and the Challenge of Continuity

This article, written in reaction to the DSIT Cyber Growth Action Plan 2025, reviews and critiques the government’s new approach. It recognises what the policy gets right — framing resilience as growth, creating safe havens, and calling for a one-team response — but also highlights what is missing: metrics, continuity, practitioner voice, and regional balance. Without these, the new policy risks becoming rhetoric rather than a platform for real progress. Unless the UK moves decisively from aspiration to delivery, the 2025 Cyber Growth Action Plan will join its predecessors as another missed opportunity.

Continue reading →

A Potted History of the UK’s Cyber Economy: From Secrecy to Sector

This article, written in reaction to the DSIT Cyber Growth Action Plan 2025, traces the uneven history of the UK’s cyber economy. From CESG’s secretive assurance role to NCSC’s public authority and DSIT’s contested remit, the story is one of incremental gains but persistent churn. Programmes such as Cyber Essentials, CyberFirst, CyberASAP, Cyber Runway, and Cyber Resilience Centres have delivered value but lacked continuity, scale, and coherence. Unless the government commits to stabilisation and long-term delivery, the UK will continue to recycle initiatives rather than build a durable cyber base.

Continue reading →

CyberFirst Celebration in the West Midlands: Reflections on What Makes Cyber Special

A reflection on the CyberFirst Celebration in the West Midlands, marking its transition to TechFirst. The event highlighted achievements, explored what makes cyber unique, and underlined the importance of maintaining the sector’s distinctive strengths, especially its uniquely inquisitive culture, as the programme broadens.

Continue reading →

West Midlands Cyber Hub Diaries: Day One (Or Perhaps Day Sixty)

2 Replies

The West Midlands Cyber Hub marks a long-held ambition to give the region a central home for cyber. Building on the rebooted West Midlands Cyber Working Group (WM CWG), the Hub is designed to strengthen community coherence, increase investment, and connect students, SMEs, enterprises, and universities in a neutral space. Supported by DSIT, Innovate UK, Aston University, TechWM, and the Innovation Alliance for the West Midlands, the Hub will open its first phase at Enterprise Wharf in Birmingham, forming the core of a hub-and-spoke model across the region. The project team, led by Sevgi Aksoy and I (Wayne Horkan), with Rebecca Robinson as PM, is preparing for a pre-launch event on 30th September 2025.

Continue reading →

Cyber Collaboration in the West Midlands: Skills, Strategy, and a Shared Future

On 29 April 2025, the West Midlands Cyber Working Group met at Gowling WLG in Birmingham to explore how collaboration can drive cyber resilience, skills development, and strategic growth across the region. Speakers, including Andy Hague (TechWM), Dan Rodrigues (CyberFirst), Dave Walker (ex-AWS), Sarah Gray and Louise Macdonald (Gowling WLG), and Wayne Horkan (WM CWG Chair) shared insights on scaling regional leadership, building inclusive talent pipelines, addressing AI security risks, and navigating evolving legal frameworks. The event underscored a shared ambition to position the West Midlands not just as a participant but as a leader in the UK’s cyber ecosystem.

Continue reading →

Tech Nation Rising Stars Midlands Final 2025 – Notes from the Canopy

There’s a quiet satisfaction in sitting on the edge of things, absorbing detail, thinking clearly, watching structure unfold. Last April, at The Canopy at The Bond in Birmingham’s Digbeth district, I was glad to attend the Midlands Regional Final of Tech Nation Rising Stars 2025. This wasn’t just a pitch competition; it was a sharp snapshot of the region’s entrepreneurial promise, delivered without bluster but full of energy.

Continue reading →

Cybersecurity Meets Health Innovation: Rethinking Risk at the OT Frontline

Cybersecurity in healthcare isn’t an IT sidebar; it’s now a core operational risk and a foundational element of patient safety and innovation. This write-up captures the highlights, insights, and next steps from our June 2025 event (last Monday), convening leaders across health, cyber, academia, and business.

Continue reading →

Military Theatres and Battlefield Tech: Archetypal OT, Misgoverned as ICT

This article examines how military theatres, battlefield systems, and drone technologies are quintessential Operational Technology (OT) environments, yet are often mismanaged under traditional ICT frameworks. It highlights the real-time, cyber-physical, and life-critical nature of defence systems, and argues for a shift toward mission-aware OT security governance to prevent strategic and kinetic failures.

Continue reading →

WMCA and BCC: Who’s Who in the West Midlands (And How the Money Actually Flows)

This guide demystifies the differences between the West Midlands Combined Authority (WMCA) and Birmingham City Council (BCC), explaining who they are, how funding and decisions flow, and what each controls. Essential reading for funding applicants, policy professionals, community leaders, and anyone trying to get projects off the ground in the West Midlands, it offers clear scenarios, ecosystem insights, and a detailed comparison table to navigate this complex landscape effectively.

Continue reading →

Theatres of Risk: Rethinking Cybersecurity in Healthcare as Operational Technology, Not IT

This article argues that medical theatres and hospital systems should be treated as Operational Technology (OT) environments rather than traditional IT. It highlights how flat networks, embedded legacy systems, and an overwhelming focus on availability over security create critical vulnerabilities. The piece calls for a shift in governance, risk modelling, and procurement practices to align with the cyber-physical realities of modern healthcare infrastructure.

Continue reading →

Environments That Are Actually OT (But Often Misclassified as IT)

This article identifies and evaluates real-world environments that function as Operational Technology (OT) systems but are typically treated as standard IT infrastructure. It outlines the cyber-physical risks of this misclassification and calls for a shift in risk posture, governance, and tooling to reflect the real operational realities of these spaces.

Continue reading →

Understanding OT: Operational Technology in Context

This article defines Operational Technology (OT) as distinct from traditional IT, highlighting its core characteristics, such as real-time control, safety-critical processes, long-lifecycle assets, and minimal security by design. It is the first in a short series of articles that argues that failure to recognise OT environments as such leads to systemic cybersecurity blind spots, particularly in sectors like healthcare, logistics, and building management.

Continue reading →

Cyber Is New: Why We’re Just Getting Started… Emerging Trends and Future Directions

Cybersecurity feels foundational today, but as a discipline, it is startlingly young. This article argues that cyber is still in its infancy, especially when compared to IT or financial governance, and outlines why this newness matters. From AI security and quantum disruption to the structural challenges facing certification, education, and regulation, the piece maps both future directions and the underlying trends shaping the field. In a world where cyber is everywhere, this article insists: we’re just getting started.

Continue reading →

A Brief History of the Term Cyber (Meaning Cybersecurity)

This article explores how the word cyber evolved from its academic roots in cybernetics to its current role as shorthand for cybersecurity. It traces the rise of cyberpunk fiction, the growing association with digital threats in the 1990s, and how UK policy frameworks adopted and institutionalised the term, culminating in the creation of the National Cyber Security Centre (NCSC). From Greek etymology to modern geopolitics, cyber has shifted from describing control to denoting risk.

Continue reading →