Cyber Security
Fresh from CYBERUK2025 in Manchester, we’re still absorbing a truly thought-provoking agenda. A huge thank you to the NCSC and all involved in curating such a rich and engaging event. It was great to connect with new voices, reconnect with sector leaders like James Garnett and Adam Holt (BlueVoyant), and immerse ourselves in the latest thinking on cyber strategy and resilience.
As we reflect on the experience, several powerful themes continue to resonate — all of which are deeply relevant to the challenges and opportunities we face across the education sector:
1. The Cost of Inaction
We were reminded that cyber resilience isn’t just about systems — it’s about consequences. Failures to implement basic controls like multi-factor authentication (MFA) have already resulted in regulatory fines. Often, the barrier is cultural, not technical — and outdated systems are exposing organisations to avoidable risk.
2. Cyber Governance is Evolving
The forthcoming Cyber Security and Resilience Bill signals a step change in expectations, requiring organisations to report material risks and controls in their annual reports. This shift will push cyber resilience up to board level, where it belongs — but we must also focus on moving beyond awareness to genuine engagement.
3. Privacy and Security by Design
Throughout the event, the message was clear: we must design for risk, resilience, and effectiveness from the outset. This is as much about organisational mindset as it is about frameworks — embedding cyber thinking into every transformation journey.
4. Procurement, Standards and Accountability
From Cyber Essentials to third-party risk, supply chains and procurement emerged as critical pressure points. Simply mandating standards isn’t enough — we need clear accountability, robust monitoring, and a commitment to building resilience across all layers of delivery. Check out the latest DfE Technology Standards for Cyber Security.
5. People are the Frontline
From team shift patterns to simulated crisis scenarios (including a superb crisis simulation by Google Cloud and Mandiant), it’s evident that strategy will only succeed if our people are equipped, supported, and empowered to act. Human resilience is just as vital as technical controls. Has your organisations leadership team exercised its Cyber Security and/or Business Continuity Plans recently?
These reflections will undoubtedly shape our continued work with Trusts and partners. As digital transformation accelerates, the importance of secure, resilient foundations has never been clearer.
Let’s keep the conversation going — and ensure we’re not just cyber-aware, but cyber-prepared.
