Tag Archives: resilience

The Curious Presence of Cyber in Local Government Strategy

Leave a Reply

Cybersecurity is no longer absent from local government strategy, but according to research from the Local Gov Strategy Forum, it remains structurally subordinate. Despite increased investment and board-level visibility, it does not shape transformation. Instead, it sits behind financial survival and service modernisation, creating a misalignment where systemic risk is acknowledged but not architecturally addressed.

Contents

Table of Contents

1. Introduction

When I wrote about “The Curious Absence of Cyber in Local Government Technology Strategy“, the claim was deliberately provocative.

The latest Local Government Strategy Forum research (June 2026) suggests something more precise, and arguably more concerning (“Local Government Strategy Forum, 15th-17th June 2026, Client Research Report” website and PDF).

Cyber isn’t absent. It’s present, visible, and increasingly funded. And yet it still doesn’t appear to matter.

2. Cyber Is Present, But Not Leading

The report shows that 58% of councils are increasing cybersecurity spend, placing it alongside cloud, data, and just behind AI in terms of investment priority. On paper, this looks like progress.

Cyber is now described as “board-level”, tied to governance, regulation, and organisational risk. There is a clear awareness of increasing incident rates, regulatory pressure, and systemic vulnerability. None of that is surprising. What is more interesting is what cyber is not doing. It is not shaping strategy.

3. Strategy Is Still Driven by Service Transformation

The dominant strategic priority across the cohort is not resilience, risk, or assurance. It is the modernisation of service delivery. This is framed in familiar terms:

  • digital access
  • automation
  • AI-enabled services
  • data-driven decision making

The language is about capability, efficiency, and transformation. Cyber does not appear in that framing. It sits adjacent to it.

4. Cyber’s Actual Position in the System

This is not an omission. It is a positioning decision. Cybersecurity is treated as a constraint on transformation, not a determinant of it. It appears in the report in three consistent ways:

  • First, as governance.
    Something to align with frameworks, codes, and upcoming legislation.
  • Second, as a consequence.
    Something that becomes relevant when incidents occur, services are disrupted, and regulators become involved.
  • Third, as a capability gap.
    A shortage of skills, capacity, and internal expertise constrains the ability to manage risk effectively.

All of these are valid. None of them places cyber at the centre of how systems are designed, procured, or operated.

5. The Operating Environment

At the same time, the report is explicit about the conditions in which this strategy is being executed. Councils are operating under significant financial pressure, with multi-billion-pound funding gaps and a requirement to invest in technology to deliver measurable returns within 12–24 months.

They are constrained by legacy systems, fragmented data, and limited internal capacity, and are increasingly dependent on external partners to deliver transformation programmes. These are not marginal factors. They are the environment in which strategic decisions are made.

6. What This Report Actually Is

It is worth being explicit about what this document represents.

This is not a strategic analysis of local government. It is a synthesis of delegate input, survey data, and sector references, produced in the context of a vendor-facing forum. Its purpose is to describe demand, identify constraints, and signal where solution providers can position themselves.

That shapes what it does, and what it does not do.

The report captures stated priorities and perceived barriers. It does not interrogate them. It does not distinguish between different types of authority, levels of maturity, or organisational capability. It does not attempt to explain why these patterns exist, or whether they are internally consistent.

This is not a flaw in the report. It reflects its purpose. The value of the document lies in what it reflects, not what it concludes.

7. Signal versus Interpretation

Read in that context, the report provides a useful signal. It confirms that:

  • AI and automation dominate investment narratives
  • legacy systems and skills gaps remain persistent constraints
  • councils require demonstrable returns within short timeframes
  • delivery capacity, rather than ambition, is the limiting factor

These are not new insights, but they are consistently reinforced. What is less clear, and left unexplored, is whether these conditions can coexist without failure. What the report does not provide is interpretation.

It does not explore the interaction between these factors or the structural implications of pursuing transformation under these conditions. It does not examine whether prioritising service modernisation over resilience is sustainable, or how these choices compound risk over time.

As a result, the document describes a system under pressure without analysing how that system behaves.

8. The Implicit Strategic Hierarchy

Within that environment, the implicit hierarchy becomes clear:

  1. Deliver financial sustainability
  2. Modernise services
  3. Manage cyber risk

Cyber is not ignored. It is simply third.

9. The Unresolved Tension

This matters because the same report also describes cyber risk as systemic, increasing, and operationally disruptive. Incidents do not degrade performance: they stop services.

That includes housing systems, revenues and benefits, and social care delivery. In other words, the failure mode of digital transformation in local government is not inefficiency: it is unavailability.

10. Cyber as Architecture, Not Assurance

There is a tension here that the strategy does not resolve. If cyber risk has the potential to interrupt or disable core services, then it is not just a governance issue. It is an architectural one. It should influence:

  • how systems are integrated
  • how data is structured and shared
  • how suppliers are selected
  • how services are designed and operated

But that influence is not visible in the strategic framing.

11. A Coherent but Fragile Model

Instead, the report reinforces a model in which:

  • transformation is driven by service outcomes and cost pressures
  • technology choices are shaped by delivery constraints and ROI
  • cyber is layered on top as assurance and compliance

This is a coherent model. It is also a fragile one.

12. The Underlying Assumption

A more accurate description of the current state might be this:

  • Local government is not failing to consider cyber.

It is assumed that cyber can be addressed after the fact, without fundamentally altering the trajectory of transformation. That assumption may hold in the short term. It becomes harder to sustain as dependency on digital services increases.

13. The Missing Layer

There is a layer missing from the report, and it is the one that matters most.

The document identifies cyber risk as systemic, increasing, and disruptive. It also shows that digital transformation is accelerating, driven by financial pressure and policy direction.

What it does not do is connect these two observations.

There is no attempt to model how increased dependency on digital services interacts with underdeveloped cyber capability, or how architectural decisions made under delivery pressure affect long-term resilience.

Instead, cyber and transformation are described in parallel. That is not an absence. It is a misalignment.

And it is not theoretical. It is already embedded in how systems are being designed, procured, and operated.

It will only become visible when those systems fail under conditions they were never structured to withstand.

14. Conclusion: Misalignment, Not Absence

The original argument was that cyber was missing from the strategy. The updated position is narrower and less comfortable. Cyber is present, funded, and discussed, but it is not doing the work that its risk profile would suggest. That is not an absence. It is a misalignment. And it is one that will only become visible under stress. The conditions for that failure are already in place.

Ides of March 2026: Motivational Quotes on Betrayal, Resilience, and Overcoming Hardship

Leave a Reply

Throughout history, words have served as powerful tools for inspiration, warning, and encouragement. Whether it’s facing betrayal, enduring hardship, or rising above challenges, the right quote at the right time can provide strength and perspective. Below is a collection of timeless motivational quotes that speak to resilience, betrayal, and overcoming adversity.

Continue reading

Advances in Nature‑Inspired Cyber Security and Resilience Reviewed: Ambitious But Largely Speculative

Leave a Reply

The book Advances in Nature-Inspired Cyber Security and Resilience is an ambitious but largely speculative collection of academic experiments trying to borrow concepts from biology for cybersecurity. While the underlying resilience principles (adaptivity, diversity, redundancy) are sound, the research remains mostly theoretical and poorly translated to operational use. The algorithms look good in simulation but fail in real environments with real constraints. It’s more a showcase of potential than a set of deployable solutions. Insightful, yes, but still speculative: interesting to read, not ready to run.

Continue reading

Nature-Inspired Cyber Security and Resiliency Reviewed: Fundamentals, Techniques and Applications

Leave a Reply

A grounded, unromantic review of Nature-Inspired Cyber Security and Resiliency (IET, 2020). The book argues that we can borrow defence principles from biology (immune systems, swarms, self-healing) to build adaptive digital security. The idea is clever but mostly speculative. The theory works on paper; the engineering doesn’t. Nature may be elegant, but enterprise networks aren’t petri dishes. Useful metaphors, immature mechanisms: an interesting academic exercise, not an operational blueprint.

Continue reading

Scale by Geoffrey West Reviewed: Where Physics Meets Hubris

Leave a Reply

Geoffrey West’s Scale seeks universal mathematical laws of growth across biology, cities, and corporations. It’s bold, partly right, and mostly over-extended. The biological physics hold up; the social analogies don’t. Useful for thinking about efficiency, fragility, and systemic limits; but best treated as heuristic, not law.

Continue reading

Structuring Cyberpsychology: From Foundations to Practice

Leave a Reply

This article sets out the structure of a cyberpsychology curriculum designed to address the coherence gap identified in Cyberpsychology Today. Rather than treating cyberpsychology as a loose collection of effects, this framework organises the field from foundational theory through to applied practice. The phases that follow are not arbitrary. They reflect the minimum conceptual spine required to study how persistent, mediated digital environments shape human psychology, and how that knowledge can be responsibly translated into research, policy, and real-world intervention. What follows is not a manifesto, but an architecture for learning.

Continue reading

The Work Speaks for Itself

Leave a Reply

This article explains why I am stepping back from writing about neurodiversity as a primary lens for my work. Not because the subject no longer matters, but because over time it has begun to obscure achievement rather than illuminate it. This is a reflection on explanation, authority, and the point at which context stops being helpful and starts getting in the way.

Continue reading

Ontological Desynchronisation: From Birthgaps and Behavioural Sinks to Algorithmic Capture

Leave a Reply

Ontological Desynchronisation offers a compelling synthesis of demographic, behavioural, and algorithmic dynamics to explain contemporary societal fragility. Building on reproductive desynchronisation and behavioural sink theory, it introduces ontological capture as a missing mechanism linking algorithmic governance to population collapse and civic erosion. The article is strongest in showing how temporal compression undermines judgement, coordination, and intergenerational continuity. While some remedies remain aspirational, the framework is original, integrative, and strategically valuable, reframing collapse not as decline in numbers alone but as a failure of shared time, attention, and becoming.

Continue reading

From Policy to Place: Aligning the UK Cyber Policy with the West Midlands Futures Growth Plan

Leave a Reply

The UK Cyber Policy 2025 and the West Midlands Futures Green Paper 2025 set bold agendas but risk gaps without practitioner-led delivery. The national policy offers ambition but lacks continuity, metrics, and practitioner voice. The regional plan lays strong scaffolding but underweights cyber, leaning too heavily on AI. A ten-point roadmap shows the way forward: formally recognise cyber as a standalone cluster, unify governance, foster community, attract investment, establish a hub, launch a festival, rebuild narrative, reform SME funding access, enhance talent strategy, and create a regional benchmarking index. Anchored in the West Midlands Cyber Hub, this approach can balance national ambition with regional delivery, making resilience a driver of inclusive growth.

Continue reading

The West Midlands Futures Green Paper (2025): Synopsis, Key Takeaways, Critique, and Recommendations

Leave a Reply

The West Midlands Futures Green Paper sets a bold agenda, but risks leaning too heavily on AI. Cyber must be treated as a foundational enabler across every sector, from advanced manufacturing to healthcare, and anchored in a practitioner-led West Midlands Cyber Hub. Such a hub can drive assurance, skills conversion, supply-chain uplift, and regional equity, ensuring growth is both resilient and inclusive.

Continue reading

Databricks vs Snowflake: A Critical Comparison of Modern Data Platforms

Leave a Reply

This article provides a critical, side-by-side comparison of Databricks and Snowflake, drawing on real-world experience leading enterprise data platform teams. It covers their origins, architecture, programming language support, workload fit, operational complexity, governance, AI capabilities, and ecosystem maturity. The guide helps architects and data leaders understand the philosophical and technical trade-offs, whether prioritising AI-native flexibility and open-source alignment with Databricks or streamlined governance and SQL-first simplicity with Snowflake. Practical recommendations, strategic considerations, and guidance by team persona equip readers to choose or combine these platforms to align with their data strategy and talent strengths.

Continue reading

16 Years On: Was I Right About the UK’s Industry and Innovation Imbalance?

Leave a Reply

Exactly sixteen years on from my 2009 article on the UK’s economic imbalance, I reflect on how services continue to dominate GDP, while manufacturing still punches above its weight in R&D. I was right about the R&D gap, but missed the rise of intangible capital and startup-led innovation. Cybersecurity emerged as both a strategic asset and an innovation driver. Government efforts have been patchy, and real balance remains elusive. The future lies in resilience, not symmetry.

Continue reading

Of Course You’re Not Resilient… You Never Practised Failing

Leave a Reply

A blunt critique of organisations that claim to be resilient but have never stress-tested their systems, rehearsed recovery under pressure, or practised failure in any meaningful way. The article challenges boardroom bravado and highlights the psychological and operational consequences of untested confidence, arguing that true resilience is earned through discomfort, not declared in policy.

Continue reading

Inside the Breach: What M&S and the Harris Federation Reveal About UK Cyber Vulnerabilities

Leave a Reply

Two senior leaders, Sir Charlie Mayfield, former John Lewis chairman, and Sir Dan Moynihan, CEO of the Harris Federation, joined BBC Radio 4’s Today Programme on 1 May 2025 to discuss the impact of recent cyber attacks on Marks & Spencer, the Co-op, and UK schools. Their stories offer rare insight into how institutions respond to major breaches and what it really takes to recover.

Continue reading

Steering Regional Resilience: Reflections on Two Years Supporting DSIT’s Cyber Local Programme

Leave a Reply

As Chair of the West Midlands Cyber Working Group, I’ve helped lead DSIT’s Cyber Local steering group for the region over the past two years. Working alongside regional experts, I’ve supported the selection of projects that strengthen cyber resilience on the ground, including Aston University’s powerful work on cyber violence against women and girls. This experience has reinforced just how critical locally informed funding is to building practical, inclusive, and impactful cyber capability.

Continue reading

Scaling Cyber: A Startup Founder’s Journey from Idea to Exit

Leave a Reply

This virtual book is a guide to the entrepreneurial journey, drawn from real-world experiences in cyber startups. It distils insights from my time on the NCSC for Startups accelerator (cohort 13, 2023), the DSIT Cyber Runway Scale programme (2024/2025), and my mentoring on DSIT’s Cyber ASAP programme. It’s a collection of lessons, reflections, and hard-earned knowledge from the founders, investors, and industry leaders I’ve met along the way. Thanks to Marcel Duchamp you can think of it as a “ready made”, a curated work built from my blog articles, assembled to help you navigate the path from startup to scale, and beyond.

Continue reading

The Ides of March: Reflections on Cyber, Startups, and Scaling Innovation

Leave a Reply

The Ides of March is a fitting time to reflect on betrayal, resilience, and the realities of UK cybersecurity. In the past two weeks, I’ve balanced DSIT’s Cyber Local funding process, chaired the West Midlands Cyber Working Group (WM CWG), led two funding bids, scaled one startup in a brutal funding climate, and booted up a second from scratch. Along the way, I’ve won the Pitch Battle at Cyber Runway Live, launched the UK’s first dedicated universal cyber risk score and comparison site, and tackled everything from weaponised AI threats to Kafka-powered scalability, all while navigating the messy, unpredictable, and often painful journey of building something that lasts.

Continue reading

From Founder to CEO: Lessons in Leadership, Growth, and Resilience

Leave a Reply

For any startup founder, the journey from idea to execution is filled with challenges. However, the biggest transformation isn’t just in scaling a business, it’s in evolving from a founder into a CEO.

Continue reading

The Lifelong Bond Between Oliver Sacks and Leonard Shengold: A Journey of Healing and Transformation

Leave a Reply

The lifelong relationship between neurologist Oliver Sacks and psychoanalyst Leonard Shengold bridged the fields of neurology and psychoanalysis, blending Sacks’ focus on neurological disorders with Shengold’s exploration of trauma. Their five-decade-long therapeutic bond profoundly shaped Sacks’ work, emphasizing the interplay between identity, resilience, and human experience, and illustrating the value of interdisciplinary collaboration in understanding the mind.

Continue reading

Myth of the West: Failed Utopia

Leave a Reply

This article, the culmination of my reflections on the myth of the West, deconstructs the utopian dream of the Western frontier, exploring its evolution from Manifest Destiny to Silicon Valley. Through historical analysis, literary critiques, and a look at Hollywood’s portrayal of the West, it examines how the promise of freedom and opportunity often fell short, revealing the complexities of the Western ideal. For me, this myth resonates deeply, intertwined with personal influences like Celtic romanticism, family legacies, and cross-cultural inspirations from Kurosawa.

Continue reading