Each year, CYBERUK sets the tone for how cyber security is expected to operate in practice – not just in policy terms, but in what organisations are actually held accountable for. This year’s theme, “The next decade: accelerating our cyber defence”, signals something that’s been building for a while. The conversation has moved on. The expectation now is delivery but faster, more measurable, and under greater scrutiny.
The difficulty is that many organisations are still structured around earlier models – where defining good practice was often enough. That gap is starting to show.
Resilience is being tested, not described
Resilience continues to be positioned as the outcome that matters, but the expectation has shifted. It’s no longer something that sits comfortably in strategy documents or framework mappings. It’s something organisations are expected to demonstrate.
That’s straightforward in principle, but harder in reality.
In regulated environments, resilience isn’t owned by a single system or team. It sits across suppliers, legacy platforms, operational constraints and competing priorities. Controls may exist, but whether they hold under real conditions is a different question.
That’s where much of the pressure now sits, not in defining resilience, but in evidencing that it works.
Technology is outpacing the structures around it
AI, data security, and emerging cryptographic approaches all feature heavily in this year’s agenda. That’s expected.
What gets less attention is the gap between how quickly these technologies move and how slowly the governance and assurance models around them tend to follow. That gap is real, and in controlled environments it creates a specific kind of pressure.
Adoption is rarely the hardest part. The challenge is integrating new capabilities in a way that remains auditable, supportable, and defensible under scrutiny, where the question isn’t just can this be used, but can it be used in a way that holds up when someone looks closely.
The threat conversation is more direct and more persistent
The threat itself hasn’t fundamentally changed, but the tone of the conversation has.
There’s a more explicit acknowledgement of sustained, state-linked activity, alongside the continued impact of ransomware and criminal capability. The implication is less about isolated incidents, and more about continuous exposure.
That has consequences for how organisations respond. Point-in-time assurance or reactive controls become harder to justify when the expectation is that defence operates continuously.
The ecosystem is where things either hold or don’t
The emphasis on “ecosystem” is perhaps the most telling. Cyber security in regulated environments rarely sits neatly within organisational boundaries. Delivery depends on how well multiple parties (e.g., suppliers, integrators, internal teams) operate together.
And this is where things tend to break down. Responsibilities blur and assumptions creep in. Assurance artefacts exist, but don’t always reflect operational reality. And when something does go wrong, it’s often unclear where accountability truly sits.
That’s not a new problem, but it’s becoming harder to ignore.
Logiq will be attending CyberUK 2026. If you’re there and want to continue the conversation, the team will be on-hand across the three days, 21-23 April.
Related Links:
