Still solving yesterdays’ problems?
Still solving yesterdays’ problems? May 22, 2026 Most IT leaders are still solving yesterday’s problems instead of building for what’s next” said a CISO over a coffee on Friday. And I am seeing it everywhere right now, across most sectors. There’s a huge focus on tools and an endless debate around platforms. But very little clarity on what the business is trying to achieve. Technology isn’t the problem anymore, alignment is……………..and the organisations moving fastest are doing a few things differently: -Treating IT as a commercial function, not support-Designing around outcomes, not systems-Using AI and automation to remove friction, not just add capability-Building security in from day one, not bolting it on later-Making decisions quickly, with clear ownership Everything else is noise, If your IT strategy can’t be explained in plain English in two minutes, it’s not a strategy……… it’s a wish list. Previous Post Related Articles Still solving yesterdays’ problems? Outrunning The Lion May 22, 2026 There’s an old story… Read More AdminMay 22, 2026 Compliance vs Security Compliance vs Security May 22, 2026 Most businesses aim to… Read More AdminMay 22, 2026 Outrunning The Lion Outrunning The Lion May 22, 2026 There’s an old story… Read More AdminMay 22, 2026 Cyber Security in Higher Education: Navigating the 2025/2026 Landscape Cyber Security in Higher Education: Navigating the 2025/2026 Landscape May… Read More AdminMay 21, 2026
Compliance vs Security
Compliance vs Security May 22, 2026 Most businesses aim to be compliant. Policies in place, Controls documented, Boxes ticked. But here’s the question – Does compliance actually mean you’re secure or does it just make you feel like you are? Because when you speak to enough people in the sector, a consistent pattern is clear – Access gets reviewed… occasionally Policies are in place… but not always lived Systems are “patched”… but not reliably Third-party access is granted… and stays All compliant on paper, but in reality?………..Things drift, because compliance is a moment in time and security is continuous, and when businesses focus too heavily on passing the audit… They often stop asking – Does this actually work in practice? Are people actually following it? Has the risk changed since we last looked? That’s where complacency creeps in, most breaches don’t happen because a policy didn’t exist. They happen because what was written… wasn’t what was happening. The real question is – Are you secure………..Or just compliant? Previous Post Related Articles Compliance vs Security Outrunning The Lion May 22, 2026 There’s an old story… Read More AdminMay 22, 2026 Outrunning The Lion Outrunning The Lion May 22, 2026 There’s an old story… Read More AdminMay 22, 2026 Cyber Security in Higher Education: Navigating the 2025/2026 Landscape Cyber Security in Higher Education: Navigating the 2025/2026 Landscape May… Read More AdminMay 21, 2026
Outrunning The Lion
Outrunning The Lion May 22, 2026 There’s an old story – Two people are being chased by a lion.One says, “We’ll never outrun it.”The other replies, “I don’t need to outrun the lion, I just need to outrun you.” This was posed to me this week by a CISO I am working with. Many organisations believe they need a Level 5, best‑in‑class, no expense spared security posture to be “safe”.most don’t. Most attackers aren’t looking for the strongest target. They’re looking for the easiest one.That doesn’t mean doing nothing. It means doing the right things, proportionately: Closing obvious gaps Fixing basic issues Being harder to hit than those around youHiring the right people Security isn’t about being impenetrable. it’s about not being the softest option on the street. Because criminals much like lions, love easy prey. And the same principle shows up in recruitment.Companies don’t lose good people because someone else is perfect.They lose them because somewhere else was easier, clearer, and quicker.Security / Recruitment – Different problems……………………same lion. Previous Post Related Articles Outrunning The Lion Outrunning The Lion May 22, 2026 There’s an old story… Read More AdminMay 22, 2026 Cyber Security in Higher Education: Navigating the 2025/2026 Landscape Cyber Security in Higher Education: Navigating the 2025/2026 Landscape May… Read More AdminMay 21, 2026
Cyber Security in Higher Education: Navigating the 2025/2026 Landscape
Cyber Security in Higher Education: Navigating the 2025/2026 Landscape May 4, 2026 The latest findings from the Cyber Security Breaches Survey 2025/2026 reveal a stark reality for the UK’s Higher Education (HE) sector. While educational institutions across the board are prioritising digital safety, universities find themselves in a unique and high-stakes environment. Here are the most critical threats and emerging trends identified for Higher Education providers this year. 1. A Near-Universal Threat Level The most striking finding is the sheer scale of the challenge: 98% of higher education institutions identified a cyber breach or attack in the last 12 months. This makes the threat nearly universal for the sector, far exceeding the 43% average for UK businesses. Furthermore, these incidents are not one-off events; 29% of universities report experiencing breaches at least weekly, with 12% facing them on a daily basis. 2. The Primary Threats: Phishing and Beyond While phishing remains the most prevalent threat, affecting 96% of HE institutions that identified a breach, it is far from the only concern. Universities are significantly more likely than schools or businesses to face complex, multi-vector attacks. Impersonation: 79% of HE providers reported attacks involving the impersonation of their organisation or staff, a notable increase from 68% the previous year, Malware and Viruses: Over half (51%) of institutions identified viruses, spyware, or malware, Denial of Service (DoS): Nearly half (49%) experienced DoS attacks, which can take down vital online services and applications, Internal Vulnerabilities: Unauthorised accessing of files by staff (29%) and students (23%) is a growing trend, highlighting the difficulty of managing large, diverse user bases. 3. The AI “Arms Race” AI adoption is a major trend, with 63% of HE institutions already using AI tools and another 22% in the process of adopting them. While universities are better informed than schools about using AI to counter threats – such as automating “boring bits” like forcing Multi-Factor Authentication (MFA) – AI is also arming “bad agents”. Specialists in the sector have expressed concern that generative AI is making phishing emails more convincing and increasing the risk of social engineering. 4. Critical Data Vulnerabilities Despite high levels of security engagement, a significant gap remains in data protection. 49% of higher education institutions admitted to holding personal data on employees or students that is not protected by encryption or anonymisation. This represents a major vulnerability, as nearly half of all universities that identified a breach suffered a negative system outcome, such as compromised accounts or loss of access to files. 5. Shifts in Strategy: Insurance and Supply Chains Institutions are evolving their defensive strategies in response to these persistent threats: Specific Cyber Insurance: There has been a massive shift toward specialised protection, with 61% of HE institutions now holding a specific cyber security insurance policy, nearly double the 34% recorded in 2024/2025, Supply Chain Scrutiny: Awareness of third-party risk is rising. 80% of universities have reviewed the cyber security risks presented by their immediate suppliers, an increase from 69% last year, Senior Leadership Accountability: For the first time, 100% of participating HE institutions reported having a senior manager or board member with responsibility for cyber security. Summary The 2025/2026 data shows that Higher Education is a primary target for cybercriminals due to its open nature and the valuable data it holds. While senior management engagement and AI-driven defenses are strong, the high prevalence of unprotected personal data and the increasing sophistication of impersonation and AI-supported phishing remain the sector’s most urgent challenges Sources/Reference Links https://www.gov.uk/government/statistics/cyber-security-breaches-survey-20252026/cyber-security-breaches-survey-20252026-education-institutions-findings Related Articles Cyber Security in Higher Education: Navigating the 2025/2026 Landscape Cyber Security in Higher Education: Navigating the 2025/2026 Landscape May… Read More AdminMay 4, 2026