Tag Archives: UK Cyber

The Gap Between Reality and Reporting: A Model of True Cyber Exposure in the UK

Leave a Reply

The UK’s cyber security data does not describe a single reality; it describes three filtered views of it. By overlaying Breaches Survey, ICO, and NCSC data, a clearer model emerges: one of layered visibility, not layered severity. This article introduces a “true exposure vs reported exposure” framework, showing that most cyber risk sits below what is detected, reported, or acted on, and that the current strategy is focused on the wrong layer.

Continue reading

The UK Cyber Security Breaches Survey 2025/26: Stagnation, Scale, and the Illusion of Progress

Leave a Reply

The UK Cyber Security Breaches Survey 2025/26 suggests stability, but closer analysis reveals a system stuck in place rather than improving. Breaches remain widespread, detection uneven, and incentives misaligned. What looks like progress is often an artefact of measurement. This article argues the UK has reached a cybersecurity plateau, where risk is normalised, resilience is incomplete, and meaningful change will require structural, not incremental, intervention.

Continue reading

Trust, Labels, and the Path to Meaningful Security: Rethinking CRT Adoption in the UK

Leave a Reply

This article critically examines the UK’s Cyber Resilience Test (CRT) as a cybersecurity labelling initiative aimed at building consumer trust in connected devices. While affirming CRT’s importance, it highlights the need for clearer value propositions, stakeholder alignment, and behavioural insights to ensure meaningful adoption. Drawing on global examples like Singapore’s CLS and the EU’s CE mark, it argues that CRT must evolve from a technical standard to a culturally embedded trust signal. The piece advocates for a dynamic playbook that supports SMEs, educates consumers, aligns with procurement policy, and adapts over time — turning CRT into a living, ecosystem-wide standard.

Continue reading

The Ides of March: Reflections on Cyber, Startups, and Scaling Innovation

Leave a Reply

The Ides of March is a fitting time to reflect on betrayal, resilience, and the realities of UK cybersecurity. In the past two weeks, I’ve balanced DSIT’s Cyber Local funding process, chaired the West Midlands Cyber Working Group (WM CWG), led two funding bids, scaled one startup in a brutal funding climate, and booted up a second from scratch. Along the way, I’ve won the Pitch Battle at Cyber Runway Live, launched the UK’s first dedicated universal cyber risk score and comparison site, and tackled everything from weaponised AI threats to Kafka-powered scalability, all while navigating the messy, unpredictable, and often painful journey of building something that lasts.

Continue reading