Tag Archives: Cyber Security

The Gap Between Reality and Reporting: A Model of True Cyber Exposure in the UK

The UK’s cyber security data does not describe a single reality; it describes three filtered views of it. By overlaying Breaches Survey, ICO, and NCSC data, a clearer model emerges: one of layered visibility, not layered severity. This article introduces a “true exposure vs reported exposure” framework, showing that most cyber risk sits below what is detected, reported, or acted on, and that the current strategy is focused on the wrong layer.

Continue reading →

A Decade of the UK Cyber Security Breaches Survey: Trends, Plateaus, and What Actually Changed

The UK Cyber Security Breaches Survey, viewed over time, reveals not progress but stabilisation. Breach rates remain persistently high, attack methods largely unchanged, and improvements in governance lag behind rising exposure. The data shows a system that has normalised insecurity, where awareness has increased, but action has not kept pace, resulting in a steady-state of widespread, structurally embedded cyber risk.

Continue reading →

The UK Cyber Security Breaches Survey 2025/26: Stagnation, Scale, and the Illusion of Progress

The UK Cyber Security Breaches Survey 2025/26 suggests stability, but closer analysis reveals a system stuck in place rather than improving. Breaches remain widespread, detection uneven, and incentives misaligned. What looks like progress is often an artefact of measurement. This article argues the UK has reached a cybersecurity plateau, where risk is normalised, resilience is incomplete, and meaningful change will require structural, not incremental, intervention.

Continue reading →

CYBERUK 2026: The Missing Layer Between Strategy and Execution is Regional Capability Infrastructure

CYBERUK 2026 defines a clear national cyber strategy, but leaves a critical gap between ambition and execution. This article identifies the “missing layer”: the regional capability infrastructure required to translate policy into scalable organisational resilience. Without it, capability remains uneven, SMEs struggle to progress, and the system evolves by default rather than design, undermining the goal of distributed national resilience.

Continue reading →

CYBERUK 2026: System Ambition vs Operational Reality and the Rise of a Two-Speed Cyber Economy

CYBERUK 2026 reveals a coherent but challenging shift in UK cyber strategy: from building a policy ecosystem to operating a national cyber system. While the government drives system-level resilience and AI-enabled defence, organisations are expected to execute fundamentals under increasing pressure. The result is a growing gap between ambition and capability, driving the emergence of a two-speed cyber economy where cyber security becomes a condition of market access.

Continue reading →

CYBERUK 2026: The Perfect Storm and the Limits of Fundamentals

Richard Horne’s CYBERUK 2026 keynote frames cyber security as operating in a “perfect storm” of rapid technological change and rising geopolitical tension. While reinforcing the importance of fundamentals, the speech highlights how AI and evolving threats are reshaping the landscape. The core challenge is whether organisations can maintain baseline security as capability gaps widen, raising the risk of a two-speed cyber economy.

Continue reading →

CYBERUK 2026: From Policy Ecosystem to Operational Doctrine

The UK’s Security Minister, Dan Jarvis MBE’s CYBERUK 2026 speech, signals a shift from building a cyber ecosystem to actively operating a national cyber system. It elevates baseline security expectations, embeds supply chain enforcement, and positions AI as central to defence. However, this transition risks concentrating market power, potentially excluding SMEs while increasing dependence on a small number of large firms and frontier AI providers.

Continue reading →

UK Cyber Policy Ecosystem Mapped: Structure and Evidence

This article maps the core policy architecture and supporting evidence underpinning the UK cyber security ecosystem. By separating system-defining strategies, legislation, and sectoral analyses from the research and technical studies that inform them, it provides a clearer view of how cyber policy, economics, and regional development interact across government and industry.

Continue reading →

No Cyber Idea: Why I Built Cyber Tzar (and Why I Don’t Buy the Consulting Model)

Cyber risk has become an exercise in interpretation rather than reduction. The industry has over-optimised for modelling, scoring, and explaining exposure, often driven by consulting-led approaches that rely heavily on subjectivity and narrative. This piece argues that the real problem is upstream: data acquisition, normalisation, and comparability. Cyber Tzar was built to industrialise that problem, collapsing the time between discovery and action, and shifting organisations away from “bean counting” risk towards actually reducing it. The distinction is simple: attackers exploit exposure, not models.

Continue reading →

JLR Bail Out: When £1.5 Billion Doesn’t Fix the Problem

A £1.5B response to supply chain disruption risks masking a deeper structural problem in UK manufacturing. Cyber risk is systemic, flowing both upstream and downstream across interconnected supply chains, with SMEs bearing a disproportionate impact. The West Midlands, though not yet cyber-affluent, can lead by building coordinated regional capability, shifting focus from reactive recovery to operational resilience, visibility, and cluster-driven economic stability.

Continue reading →

The Curious Absence of Cyber in Local Government Technology Strategy

A forthcoming Local Government Strategy Forum event highlights the technology investment priorities of councils representing nearly £2 billion in budgets. The data shows strong interest in AI, automation and service transformation, but no explicit mention of cybersecurity or risk management. This article explores what that absence reveals about how local government frames technology strategy, and why resilience often remains invisible in leadership investment narratives.

Continue reading →

Can’t Understand Neurodivergent Thinking

Using the February 2026 BAFTA controversy involving Tourette’s activist John Davidson as a cultural flashpoint, this essay examines why neurodivergent people are instinctively rejected. Blending research, lived experience, and sector insight, it argues that discomfort with autistic cognition is not merely institutional but biological and tribal. Instinct, however, is not justification. Inclusion requires discipline, not sentiment. Tolerance must extend beyond what feels comfortable.

Continue reading →

CyberDIVA and the Architecture of Online Harm

A reflection on the CyberDIVA conference at Aston University, examining cyber violence against women and girls, the fragmentation of the UK response ecosystem, and the architectural incentives shaping harm in modern digital environments. The article connects operational realities to broader structural questions around platform design, AI integration, economic alignment and the need for systemic accountability in an increasingly asymmetric web.

Continue reading →

When It Comes To Cyber The Midlands Defence Blueprint Is Polite Fiction

The Midlands Defence & Security Blueprint presents itself as decisive and strategic, but in reality it repeats the same structural failures that undermined Midlands Engine. Cyber remains subordinated, underfunded, and ownerless, while coordination is mistaken for delivery. Written from the perspective of a practitioner who has built cyber capability on the ground, this article argues that resilience will not come from another blueprint, but from funded authority, real centres, and delivery.

Continue reading →

Merry Christmas and Happy New Year 2026 from the West Midlands Cyber Hub

As the new year begins, the West Midlands Cyber Hub is delivering an ambitious programme of practical, community-driven cyber events from January to March… with more already in development. This programme is focused on building cyber capability, confidence, and collaboration across the West Midlands, supporting organisations, practitioners, and the wider regional economy.

Continue reading →

The Work Speaks for Itself

This article explains why I am stepping back from writing about neurodiversity as a primary lens for my work. Not because the subject no longer matters, but because over time it has begun to obscure achievement rather than illuminate it. This is a reflection on explanation, authority, and the point at which context stops being helpful and starts getting in the way.

Continue reading →

Systems in Tension: Britain’s China Crisis Spy Farce and the Architecture of Denial

A forensic if mordant look at how the “Chinese spies in Parliament” case collapsed. I don’t think it was lies, more a system that’s eating itself. Legal, political, and economic silos each told their own version of the truth until coherence disappeared into the vortex. Between Cummings’ claims, Martin’s rebuttals, the embassy standoff, and Kemi Badenoch’s attack on Starmer, it’s a living portrait of Britain’s institutions locked in tension. Prosperity versus protection; diplomacy versus denial. But it doesn’t mean the system is broken; it might be working exactly as intended. Get the money in at all costs?

Continue reading →

Cyber Security Skills in the UK Labour Market 2025: A Critical Analysis

This article critically examines the Cyber Security Skills in the UK Labour Market 2025 report, highlighting strengths, weaknesses, and regional implications. It synthesises the findings into a practitioner-academic analysis, with recommendations for aligning graduate supply, employer demand, and future skills in areas such as AI and cyber resilience.

Continue reading →

Pre-Launch Reflections: The West Midlands Cyber Hub

The pre-launch of the West Midlands Cyber Hub at Enterprise Wharf brought together over 100 leaders from across the region’s cyber ecosystem, CISOs, CTOs, startups, universities, government, community partners, students, practitioners, and members of the interested public. What began as a vision to give the West Midlands a proper home for cyber has now become real, supported by DSIT, Innovate UK, Aston University, West Midlands Cyber Resilience Centre, Midlands Cyber, TechWM and the Innovation Alliance for the West Midlands.

Continue reading →

Cyber as a Cluster: A Critical Review of the Midlands Engine Cyber & Defence Report (April 2025)

Cyber in the West Midlands is no longer just a business activity, it’s a cluster. With the right action, it can become a strategic economic engine. This review critiques the Midlands Engine Cyber & Defence Report (April 2025) and sets out a ten-point plan to make that transformation real. The opportunity is clear. The data is in. Now we must deliver.

Continue reading →