• Employees are rarely tired of change itself. They are tired of change that feels arbitrary, disconnected from their work or unlikely to make a lasting difference.
• They’re likely to be wary of one-size-fits-all messaging, a focus on end states and mistaking new tech for change.
• Employees are already telling stories about transformation, in meetings, messages, team conversations and exit interviews. Pay attention to them.
• The question for any leader running a transformation isn’t whether their people will engage. It’s whether the story they’ve been given is one worth engaging with.

Most leaders don’t realise their workforce has already priced in the assumption that this transformation, like the last three, will quietly fade. Employees are rarely reacting to a single change programme in isolation. There is almost always another initiative underway, with a name, a senior leader behind it, a timeline and a promise that the organisation will work differently once the work is complete.

For leaders, these transformations feel necessary because markets shift, technology advances, customer expectations change and organisations need to respond. For employees, the experience can feel very different, as they hear the announcement, take on extra work and wait to see whether the latest effort creates meaningful progress.

When employees hold back from fully engaging with the transformation in question, this is often labelled resistance, but in many cases it’s a rational response to repeated change that has failed to instil belief. Employees are rarely tired of change itself. They are tired of change that feels arbitrary, disconnected from their work or unlikely to make a lasting difference.

This is where communication becomes essential. A strong change story explains where the organisation has come from, where it is going, why the journey matters and how people fit into that direction. People commit when they understand what the work is asking them to do and why it’s worth doing. Three mistakes tend to stop that from happening.

The one-size-fits-all message

Most change communication still follows a one-size-fits-all model, where a small group at the centre decides the message, packages it into presentations and expects the same explanation to work across the whole organisation.

The assumption is that if the strategy is explained clearly enough, people will understand it and act on it. This overlooks how people make sense of change, because employees interpret messages through their own context, history and concerns. A message that sounds energising at executive level may sound unrealistic to the teams expected to deliver it.

Leaders can create a shared narrative that teams can make their own. The core direction should stay consistent, but its explanation should reflect different roles, customers and working environments. A product team, finance team and operations team should all understand the same overall story, while being able to explain what that story means for their own work.

The destination fixation

Change programmes often focus heavily on end states, such as a platform migration, new operating model or target improvement by a specific date. This gives leaders a clean way to organise the work, but it can also train employees to treat change as a temporary disruption.

Once the deadline passes, the organisation moves on, whether the new way of working has taken hold or not. This is one reason people wait change programmes out, because they have seen initiatives end when the timeline ended, rather than when the organisation had genuinely changed.

Leaders can instead frame change as a continuing capability, with visible progress along the way. Leaders need to show progress in a rhythm that matches how work actually happens, so if teams work in regular releases or quarterly cycles, the change story should move with that cadence and show what has been learned, what has improved and what comes next.

When progress is visible, employees are less likely to see transformation as something imposed from above. They can see how the work is developing and how their contribution is shaping the next stage. That sense of movement is essential, because belief grows when people can connect effort to progress.

The spreadsheet story

The third mistake is mistaking the platform for the change. A new tool, operating model or technology stack is treated as if it will, by its arrival, produce the new behaviour the organisation needs. It won’t. The change is what people decide to do differently, and that decision is rarely made on the strength of a financial case alone.

Logic matters, but it rarely carries behaviour on its own. Change asks people to give up familiar routines, accept uncertainty and learn new ways of working, which requires emotional commitment as well as understanding. If leaders only explain the benefits and ignore what people may feel they are losing, the story will not be trusted.

Leaders can make people the centre of the change story. A new operating model becomes easier to understand when employees can see what it means for their decisions, capabilities and contribution. Telling someone that the company is reorganising around product teams gives them information, while helping them understand how their role will shift and create more value gives them a reason to engage.

Leaders should also look for stories already emerging in the organisation. A team that solved a customer problem in a new way, a group that changed how it made decisions, or a function that learned from a difficult release can all show the wider change in practical terms. These examples are often more powerful than another presentation because they make progress visible.

Moving from announcements to belief

Narrative is not a communications exercise that happens after the transformation plan has been written. It needs to be part of how change is designed, led and measured from the beginning, because the story people believe will shape the behaviour they bring to the work.

Employees are already telling stories about transformation, in meetings, messages, team conversations and exit interviews. The question is whether leaders are shaping those stories with clarity and honesty, or leaving people to conclude that this is another programme they simply need to wait out.

So the question for any leader running a transformation isn’t whether their people will engage. It’s whether the story they’ve been given is one worth engaging with. If it isn’t, no amount of communication will fix it, and the workforce will do what it has learned to do: wait.

Alex Adamopoulos is CEO of Emergn.

How to match tech investment with real-world output – Your tech dashboards are saying that your systems are running, but your employees might be having a completely different experience

Five key steps towards a connected enterprise – Here is your comprehensive five-step guide towards establishing and maintaining a truly connected enterprise

5 types of transformation fatigue derailing your IT team – Fatigue is the biggest risk to IT teams dealing with a continuous transformation strategy. Here’s what to watch out for and what to do

The post Your employees are waiting for your change programme to blow over appeared first on Information Age.

• Technical debt usually builds up when your organisation is faced with tight deadlines and resource constraints.
• Velocity loss is the symptom organisations notice first.
• The information needed to prevent this typically exists inside the organisation already. Request a ‘technical debt wish list’ from the development team, i.e. things they’d fix if given time.
• Change your organisation’s rules by tracking technical debt ratio, devoting some engineering time to technical health and making it safe for developers to speak up about errors.

In Jenga, you remove blocks from the base to build higher. Early moves are easy – the tower is stable, choices are plentiful. But each block pulled weakens the foundation while adding height. Eventually, every move becomes precarious. The tower wobbles. You’re no longer building; you’re desperately searching for that one block you can pull without the rest of them toppling.

This is exactly how technical debt accumulates. Every shortcut, every quick fix, every ‘we’ll refactor later’, is a block pulled from your foundation. Unlike Jenga, which is a zero-sum game where players are bound by the rules to pull blocks, many organisations opt to pull those blocks deliberately. Subsequently, technical debt creates a perpetual state of instability that is estimated to cost enterprises trillions globally each year.

How the game starts

It all begins innocently with quick fixes: ‘Let’s leave it for now and come back later when we have more time.’ That’s the biggest lie in software. And the usual suspects are behind it: deadlines, resource constraints, and a natural desire to chase the next big thing. It’s understandable, as no one wants to crack their heads on problems they’ve already solved – or sort of solved. At the beginning, it’s an easy way out because the early blocks are easy to pull, but as time passes, things start to get shaky.

The velocity trap

Those early shortcuts seem harmless until you measure what happens next. Consider a typical software company a couple of years into operations. Development velocity – the amount of work, number of commits, or code changes per individual that can happen in a function of time – starts dropping. And one of the biggest underestimated items is when some kind of work simply cannot be done because we’re so deep in technical debt that we just can’t move forward anymore.

Why? Because developers spend increasingly more time navigating around weak spots, like Jenga players circling the tower, testing each block.

Where the debt hides

Velocity loss is the symptom organisations notice first. But the underlying problem takes different forms, and some are far more expensive than slow shipping.

Architectural mismatch is the silent budget killer. If you build a real-time system in a language designed for stateless web, you’re going to have a hard time. The more you push it, the slower you get.

Picture this: a stateless framework handles maybe 20-24 concurrent users on a piece of hardware like a MacBook Pro for something like a Zoom video call. A proper stateful solution on the same hardware can serve tens of thousands of simultaneous connections. If you’re dead set on the stateless solution, you’ll pay hundreds of thousands of dollars in cloud costs versus a fraction with the stateful one. The same problem, same hardware, radically different economics because of an early architectural choice that might have seemed reasonable at the time. On the other hand, stateful implementation might be an overkill and overspend for just a web application based on customers using it occasionally and without a need to see data or information in real time.

Security exposure is a time bomb. Every piece of software has a countdown timer, and when it runs out, be it that vendor support ends or open-source software isn’t kept up to date any longer, vulnerabilities discovered afterward never get patched.

Cybersecurity is a constant arms race between bad and good actors. The former find ways to exploit vulnerabilities, and the latter figure out ways of fixing them. Remove the good actors from the equation altogether, and you’re a sitting duck. If anyone still runs Windows 2000, you can bet their computer is compromised. Because that version of Windows is so old, no one supports it anymore. In whatever state it was on the last day of support, that’s what it is today. And as it ages, malicious agents have more time to find effective attack vectors.

That was the case in 2017, when Equifax failed to patch a known vulnerability in Apache Struts. The result: 147 million Americans’ data exposed. Total cost exceeded $1.4 billion. One missing patch. One block too many. A similar mistake occurred when Marriott acquired Starwood Hotels, only to later discover that Starwood’s compromised infrastructure became a gateway for attackers to infiltrate Marriott’s broader network.

The competitive cost

The damage isn’t only internal. While you’re navigating your wobbling tower, someone else is building afresh. Here’s the question worth asking: could a 17-year-old with an AI model and a MacBook disrupt your organisation in a couple of years?

The answer increasingly depends on technical debt. Start-ups build on solid foundations using modern architectures. They deploy in minutes what legacy systems require weeks to ship. They scale automatically while incumbents provision servers manually. Amazon deploys new code every 11-12 seconds. Meanwhile, many enterprises still run critical operations on systems written before their newest employees were born.

Furthermore, because of all the accumulated complexity, we are reaching a point where it becomes almost impossible to comprehend the entirety of a system and all the implications the new changes may have on it. And because the prep work and experimentation do not go into value creation but to ensure the said system still works, it leads to uncertainty and slowdown. In effect, technical debt determines whether you can respond to market shifts on time.

The players who know

The information needed to prevent all of this typically exists inside the organisation already. Your developers know exactly which blocks are risk factors. In every codebase, there are sections marked ‘TO-DO’ or ‘Fix me later’. These are distress signals from developers’ past selves, warning future maintainers.

What I often do is I request a ‘technical debt wish list’ from the development team – things they’d fix if given time – the response is immediate and detailed. They know which services will fail under load, which integrations are held together with digital duct tape, and which databases haven’t been backed up properly in years.

Yet in most organisations, acknowledging technical debt hurts performance reviews. Developers who advocate for refactoring over features are seen as not delivering value. So they stay quiet, pull the safe blocks, and watch the tower wobble, knowing exactly which move will bring it down.

Change the rules

If the problem is structural, so is the solution. Organisations that successfully manage technical debt share three characteristics:

They measure it explicitly by tracking ‘technical debt ratio’, the percentage of engineering time spent on maintenance versus innovation. When it exceeds a certain level, they prioritise refactoring sprints. They budget for it by allocating some percentage of engineering time to technical health. They make it safe to speak up. When developers can flag problems without being blamed for not shipping new features, they are more likely to point out those vulnerabilities.

The most effective practice I’ve seen is simple: ask your team regularly, “If we were starting from scratch today, how would we build this?” Use that question as a forcing function. The gap between the answer and your current reality is your debt, made visible.

It’s all about choice

Technical debt trades the future for the present. And sometimes that’s necessary; sometimes the shortcut is the right call. The problem arises when organisations pretend the trade-off doesn’t exist, when they stop tracking the cost, when they silence the engineers who see it accumulate, or those who care about high quality.

Then, technical debt creates a slow-motion collapse. Value erodes gradually. Competitors gain ground. The tower doesn’t fall all at once; it just becomes impossible to build any higher. It’s your turn. Choose your next move wisely.

Lukasz Lazewski is CEO of LLInformatics.

Read more

How to match tech investment with real-world output – Your tech dashboards are saying that your systems are running, but your employees might be having a completely different experience

Are you really ready for AI? Exposing shadow tools in your organisation – Without clear AI governance, employees often misuse publicly accessible external tools, known as ‘shadow AI’

Five key signs of a bad MSP relationship – and what to do about them – Sometimes, the relationship with your managed service provider (MSP) may not work out long-term. Here are five signs of an underperforming partnership, and how to overcome them

The post How technical debt turns your IT infrastructure into a game you can’t win appeared first on Information Age.

We’ve identified the key business mobility trends reshaping how businesses are equipping, protecting and empowering their workforce. These trends illustrate why a robust, end-to-end mobility strategy, delivered by an experienced partner, is essential to supporting workforce performance and long-term business outcomes.

From zero-touch enrolment and provisioning to end-to-end device lifecycle management, this article explores the key trends businesses should prioritise to optimise their business operations.

Zero-touch device enrolment and provisioning

Zero-touch enrolment and provisioning is a fast, seamless and secure way for your business to deploy Android and Apple devices (using Apple Business Manager) to your workforce at scale. Whether you’re just looking to set up a single employee or an entire team, devices are pre-configured by your mobility partner according to your preferences and shipped, so workers can get started right away.

For IT leaders this removes the operational bottlenecks traditionally associated with device setup and onboarding while ensuring every device is configured, consistently from day one.  

With the flexibility to create, edit and assign configurations, and add/remove users and devices, zero-touch gives you full control over your setup. When delivered through an experienced mobility partner such as Vodafone Business, it supports large-scale rollouts without compromising security, control or user experience.  

Zero Trust security principles

Where zero-touch removes the operational bottlenecks and the potential for errors during setup, a Zero Trust architecture provides the foundation for protecting a distributed workforce over time. As employees access company data across devices, networks and locations, traditional perimeter-based security models are no longer sufficient. 

The Zero Trust principle is simple: never trust, always verify. In other words, it assumes that both internal and external threats to your network are ever-present, and no user or device should be automatically trusted. Rather than assuming access is safe once granted, a Zero Trust approach Trust continuously evaluates user identity, device health and contextual signals before allowing access to systems and data.

This is rapidly becoming the norm, with over 60% of organisations worldwide already having fully or partially implemented a Zero Trust strategy, according to research from Gartner. The research highlights how it replaces implicit trust with explicit trust, enables remote workers to securely connect to applications, and drives consistent security posture and access policies as just some of its key strengths. 

When you consider that under half (45%) of UK business leaders have ensured all staff have basic cyber awareness training, and nearly three quarters (71%) believe at least one employee would fall for a convincing phishing email (according to a 2026 Vodafone Business study), it’s clear that Zero Trust principles provide a resilient security framework that doesn’t rely solely on user behaviour, while still complementing training and education programmes. 

Security is enforced through a combination of continuous validation and monitoring:

• Every user, regardless of their role go through continuous validation and monitoring – authenticated using multi-factor authentication methods. Additional checks are also pt in place such as device health and location to ensure devices have not been compromised.

• By carefully managing permissions for each user and requiring verification for access a least privilege approach ensures users only have as much freedom to move around inside your network as is necessary to perform their role. Thereby reducing exposure and containing potential breaches.

• By dividing your network into separate secure zones (micro-segmentation), each with protected access.  In the event of a breach ‘lateral movement’ of the attacker from one segment to another can be reduced – ultimately reducing your attack surface area in turn reducing exposure and containing potential breaches.  

For operational and IT business leaders, consistency is critical. Using a single trusted provider for mobility and security ensures policies are applied uniformly across devices, applications and networks. Vodafone Business’s security portfolio supports this approach with a comprehensive suite of defence-grade options.

Unified cloud and connectivity delivered by a single provider

With hybrid and remote workforces now very much the norm, reliable and secure access to cloud-based tools is a non-negotiable requirement for modern organisations. Employees need to be able to log in securely and collaborate effectively on any device, whether they’re working from home, the office, or on the move.

A cloud-first approach, delivered through a single provider, ensures your team can access the same apps, data, and services wherever they’re based. For operational and IT leaders, consolidating cloud, connectivity and security under one experienced provider reduces complexity, improves visibility and simplifies management.

A unified approach plays a key role in strengthening business resilience. By reducing dependency on on-premise infrastructure, businesses can continue operating even when individual locations experience disruption.

A hybrid approach that integrates a secure, connected cloud solution, on-premise infrastructure, and software-based connectivity provides the flexibility and reliability that businesses need.

Alongside mobility solutions, Vodafone Business provides secure and scalable cloud infrastructure, including Dedicated Private Cloud, storage and backup and multi-access Edge Computing. These are some of the essential priorities for operational and IT leaders managing complex digital estates who are looking for capabilities that support performance-critical applications, while reducing latency and downtime.

According to Aberdeen Strategy and Research “Secure, Connected Cloud and the Path to Effective IT Modernisation”, businesses that implement unified hybrid cloud, security and connectivity with a single vendor are 50% more likely to experience less downtime and 45% more likely to see improved cybersecurity. 

End-to-end device lifecycle management

As device estates grow, operational and IT business leaders are placing greater emphasis on lifecycle management as a lever for cost control, risk reduction and sustainability. 

Managing devices from provisioning through to retirement ensures consistency, accountability, data security and predictable operating costs.

Starting with costs, centralised procurement and deployment enables bulk purchasing or leasing, making costs predictable and ensuring devices are fit for purpose, and critically have the most up-to-date security applied. Standardisation simplifies support, reduces downtime and avoids unnecessary spend on over-specified hardware or unused licences.

Finally, businesses can extend the life of devices through leasing and refurbishment, thereby reducing electronic waste and the need for frequent replacements.

Lifecycle management also ensures security remains consistent throughout a device’s lifespan – from applying polices before deployment to securely wiping and retiring devices at the end of life. This eliminates your exposure to data loss and supports regulatory and compliance requirements.

Vodafone Business’s team of mobility experts can provide a professional and managed end-to-end service, covering everything from enrolment, applications, and security management through to secure device retirement. And, through Vodafone Business’s Device Lifecycle Management (DLM) programme, 95% of returned devices can be reused, helping to meet ESG requirements.

Building a resilient mobility strategy with the right partner

While each of these trends delivers value independently, their true impact is realised only when they are implemented together as part of a single, coherent mobility strategy. Managing devices, connectivity, security, cloud access and lifecycle services across multiple vendors often results in fragmented, inconsistent polices and increased operational overhead.

Any business keen to embrace these trends and build a mobility strategy fit for today should choose an experienced partner to optimise execution.

This allows you to avoid the hassle of managing multiple suppliers and contracts, simplifies delivery and ensures every element of your mobility strategy works seamlessly together.

With a partner like Vodafone Business, businesses benefit from access not just to technology but to expertise, best practices, and ongoing support. This reduces complexity and allows internal IT teams to focus on higher-value initiatives rather than the day-to-day mobility operations.

Discover Vodafone Business’s comprehensive mobility solutions. 

For further details on how Vodafone Business can support your business’s mobility strategy – visit  Your guide to building a robust mobility strategy | Vodafone Business

Sources

Gartner: Implement Zero-Trust Architecture to Adapt to a Shifting Threat Landscape

Spiceworks: Secure, Connected Cloud And The Path To Effective IT Modernisation

The post The business mobility trends driving workforce performance in 2026 appeared first on Information Age.

• For CIOs, the goal with AI is to scale the use cases that already deliver value, supported by governance that ensures trust, security, sovereignty and meaningful impact.
• Digital twins are becoming an essential for modern industries. By connecting IoT signals, process data and AI models, they create real‑time feedback loops that continually refine how systems run.
• CIOs must take a strategic approach when it comes to cloud and decide which systems stay put, which move, and which require sovereign control, balancing agility, performance and oversight across trusted environments.
• By unifying automation, data governance and AI, CIOs can turn sustainable IT practices into day‑to‑day operations, such as delivering more reliable green reporting.

The role of the Chief Information Officer (CIO) has never been more complex. With budgets under pressure and organisations racing to harness AI for meaningful transformation, many CIOs face board expectations that far outpace operational reality. 

Research shows a third believe their leadership teams hold unrealistic assumptions about how emerging technologies will impact performance. These days, CIOs are strategic leaders expected to blend human expertise with technological potential to deliver measurable business value.

CIOs need a clearer idea of where they’re heading. Over the next 18–24 months, these four tips will be essential to turning innovation into impact. 

Tip 1: Scale for AI impact

AI is a key starting point. Its potential to reshape business isn’t theoretical anymore, which is why board‑level curiosity has rapidly turned into a demand for measurable outcomes. For CIOs, that means shifting from proof to purpose and industrialising operational AI with FinOps, MLOps and clear sustainability frameworks and ROI guardrails.

The goal isn’t to multiply pilots. Rather, it’s to scale the use cases that already deliver value, supported by governance that ensures trust, security, sovereignty and meaningful impact. The CIOs who succeed will strike the right balance between creativity and control, turning experimentation into sustainable, enterprise‑wide performance.

A major next step is scaling AI across the entire software development lifecycle, not just at isolated stages. By treating each user story as a clear unit of value, teams can capture the intent behind the work and measure the outcomes more reliably. For example, when developers use AI to generate tests, highlight risks, and check that features behave as expected, each prompt becomes a traceable part of the build process. This strengthens engineering discipline and helps teams learn faster as they deliver.

Tip 2: Build a data platform and governance aligned with the highest standards

Increasingly, CIOs are recognising that data governance and AI governance can no longer run separately or distinctly from each other. They need to be fused into a single, accountable framework that ensures the same trusted data used to train models is the data driving decisions across the business. Many organisations are responding by creating a Chief Data & AI Officer role to unify ethics, compliance and architecture under one roof.

Beyond governance, CIOs can take proactive decisions regarding data by using digital twins. Once seen as experimental, digital twins are becoming an essential for modern industries. By connecting IoT signals, process data and AI models, they create real‑time feedback loops that continually refine how systems run. For example, a customer support team can create a digital twin of its operation by connecting live ticket volumes, agent availability and system performance into one real‑time model. This lets leaders forecast demand, test staffing changes, and trial new AI routing rules without affecting customers. It moves the function beyond simple automation, allowing complete reimagination of process redesign, not just automation around the edges.

See also: Why every business needs to start digital twinning in 2026 – Danielle Jaffit introduces us to the concept of digital twinning and how it can help unite silos across your organisation

Tip 3: Move towards agile and secure IT infrastructures

IT is becoming genuinely intelligent, shifting from reacting to problems to predicting and preventing them. For CIOs, this is an opportunity to go beyond using smart tools simply to speed up tasks. Instead, intelligent IT can become a real-time engine that improves how the whole organisation performs while keeping innovation safe and controlled. Modern observability platforms give you the ability to act quickly in the face of problems, leading to reductions in downtime and improved user experience. For example, spotting a slowdown in a core application hours before users notice. IT teams can fix the issue early, preventing outages and protecting productivity.

Another crucial aspect around IT infrastructure is hybrid cloud, which is now a cornerstone of digital transformation. One core priority is optimising the cloud estate as organisations blend public, private and trusted clouds, making the ability to control where data lives and moves essential. The principle around optimisation should also remain the same: use the cloud for innovation but stay grounded with the resilience and trust that regulated workloads demand. CIOs must take a strategic approach and decide which systems stay put, which move, and which require sovereign control, balancing agility, performance and oversight across trusted environments.

Tip 4: Redefine how IT department performance is assessed

ESG has become a key driver of business performance. By unifying automation, data governance and AI, CIOs can turn sustainable IT practices into day‑to‑day operations, such as delivering more reliable green reporting. On top of this, by prioritising sustainable IT operations and eco‑design principles, like embedding lifecycle thinking into system architecture by default, IT and business systems can reduce waste and deliver measurable impact. With more green regulations and expectations, building sustainability into IT and linking environmental goals directly to business results places CIOs central to how ESG is put into practice.

The shift from CAPEX to OPEX has changed how CIOs manage performance. Lean Portfolio Management (LPM) helps replace slow annual planning with continuous, outcome‑based funding, allowing investment to shift quickly toward the work that delivers the most value. Product‑mode teams add accountability and agility, while FinOps gives leaders real‑time visibility over cost and impact. Together, these capabilities can help CIOs strengthen financial discipline, balance efficiency with trust, and stay responsive in a fast‑moving economy. 

CIOs must conduct the orchestra

As technology, regulation and customer expectations continue to accelerate, the CIO’s advantage will come from their ability to orchestrate, not just implement change. The next 18–24 months will reward leaders who build organisations that learn quickly and govern intelligently. Success will depend less on any single transformation effort and more on the CIO’s capacity to create momentum by aligning people, platforms and priorities so innovation becomes not an initiative, but a sustained organisational rhythm.

Fiz Yazdi is UK managing director at Sopra Steria Next.

More articles for CIOs

What is the role of the CIO? – The CIO role is one of the key leadership roles in the tech sector, and ensures that all capabilities in the organisation are running as they should be

How CIOs can mitigate IT employee fatigue – Gartner has identified four ways in which chief information officers (CIOs) can go about mitigating IT employee fatigue, to effectively retain talent

The value of reducing middle office emissions for ESG – CIOs, find out why a straightforward change to your middle office can make a huge impact on emissions

The post Four actions CIOs must take to turn innovation into impact appeared first on Information Age.

• In 2026, global adoption of IPv6 stands at 45% and it’s climbing.
• ISPs increasingly run IPv6-only core networks, while cloud providers are exponentially driving IPv6-native services. Together, these shifts create a growing blind spot for monitoring focusing on IPv4 in a world of IPv6.
• Dual-stack monitoring is common, but it doesn’t automatically translate into effective monitoring. Many environments have IPv6 enabled on routers and firewalls, but monitoring remains heavily weighted towards IPv4.
• Most teams have more IPv6-capable devices than they realise, and the first step is to identify what is actually using IPv6 today. Effective monitoring tools should surface IPv6 issues clearly, showing when AAAA records fail or when neighbour discovery breaks, without requiring teams to interpret raw packet captures.
• Effectively monitoring IPv6 doesn’t require a rebuild. Visibility can be built into IPv6 traffic currently flowing through IT channels, spotlight gaps, and setup warnings for IPv6 related problems.

Throughout the age of the internet, IPv4 has proven a sturdy foundation for internet communications. While this protocol has withstood various digital transformations, modern internet communications systems are shifting towards a new chapter of IPv6.

The adoption of IPv6 protocols has slowly pushed its way into the mainstream. In 2026, global adoption of IPv6 stands at 45% and climbing. When looking at regional uptake, the rates can soar even higher. For example, this year the US hit 50%, whilst other pioneering countries such as France hit peaks of 85%.

Yet, there seems to be a reluctance to address changing times across IT teams. Dual-stack monitoring has been kept in place as if IPv4 is still the norm. The issue with this isn’t just a rigid mindset, as uptake increases, teams looking at IPv4 are missing the growing pile of IPv6 issues that fly over their heads.

Today, IT teams can no longer afford to ignore the IP transition.

The growing gap in internet protocols

IPv6 user growth is not slowing down. It is already carrying a major share of day-to-day internet traffic, often without anyone making a conscious decision to use it. Devices increasingly prefer IPv6 connections automatically through Happy Eyeballs, which means users can be connecting over IPv6 even when teams are still thinking in IPv4 terms.

ISPs increasingly run IPv6-only core networks, while cloud providers are exponentially driving IPv6-native services. Together, these shifts create a growing blind spot for monitoring focusing on IPv4, in a world of IPv6.

Overreliance of dual-stack monitoring

Dual-stack monitoring is common, but it doesn’t automatically translate into effective monitoring. Many environments have IPv6 enabled on routers and firewalls, but monitoring remains heavily weighted towards IPv4.

That is how teams end up in a position where a service appears healthy via IPv4 while IPv6 is degraded or unavailable, and the first clear signal comes from the helpdesk rather than from monitoring. In healthcare, manufacturing, and other environments where network failures have real-world consequences, teams can’t afford to discover IPv6 outages through patient complaints or production line stoppages.

This gap is harder to close if teams assume IPv6 behaves like IPv4. The protocols operate differently in ways that affect both monitoring and troubleshooting. IPv6 addresses use 128 bits rather than 32, which makes traditional scanning methods impractical. Fragmentation happens at the source rather than at routers. ICMPv6 plays a much bigger role than ICMP did in IPv4 networks. DNS lookups use AAAA records rather than A records. These differences change what teams need to measure and how they interpret what they see.

The issues with gaps

The issue with widening gaps in internet protocol monitoring lies in its subtlety. Issues don’t start at scale; they begin small and scattered in incidences across systems. With time, visibility deteriorates and issues pile up, and performance degrades without any clear cause.

Subsequently, security gaps begin to form in the blind spots and issues only become clear after large scale breakdowns, leaving teams forced into reactive troubleshooting.

An effective strategy for a system-ready IPv6 transition

The transition window is closing fast. Teams need monitoring solutions that can identify and baseline IPv6 traffic quickly, not tools that require weeks of manual configuration before they provide useful data. Auto-discovery capabilities matter more for IPv6 than they did for IPv4. Manual enumeration of 128-bit address spaces isn’t realistic.

Uptime monitoring should cover IPv6-enabled devices and endpoints, and IPv6 connectivity should be verified. Teams need to know whether IPv6 networks can route traffic, whether DNS resolution works for AAAA records, and whether firewall rules are blocking legitimate IPv6 traffic.

In dual-stack environments, traffic analysis also matters. Teams should understand the IPv6 to IPv4 ratio, which services rely on which protocol, and whether there are performance differences between them. Having IPv4 and IPv6 visibility side by side reduces the risk of treating one protocol as the default view of service health.

There are also areas that are specific to IPv6 operation, including router configurations, neighbour discovery messages, tunnel endpoints, and VPN behaviour with IPv6. IPv6 monitoring needs to work consistently across traditional data centers, cloud instances, remote sites, and increasingly, OT environments where IPv6 is being deployed for IIoT devices.

Real-time notifications remain important. When an IPv6 route fails or DNS stops answering AAAA queries, teams need timely alerts to avoid discovering the problem through user reports.

Monitoring IPv6 at scale

Most teams have more IPv6-capable devices than they realise, and the first step is to identify what is actually using IPv6 today.

Not every team has IPv6 protocol experts on staff. Effective monitoring tools should surface IPv6 issues clearly, showing when AAAA records fail or when neighbour discovery breaks, without requiring teams to interpret raw packet captures. The best monitoring approaches work out of the box for standard IPv6 scenarios but still allow protocol-level customisation when teams need deeper visibility into ICMPv6 or specific tunnel types.

Monitoring also needs to be consistent across both protocols in dual-stack environments, so teams can compare performance and connectivity directly rather than treating IPv6 as secondary.

Scale adds another challenge. Manual checking is not realistic with IPv6, and adding monitoring infrastructure shouldn’t require proportional increases in operational overhead or specialised expertise. API integration becomes essential, not just for automation, but for keeping IPv6 monitoring sustainable as environments grow. The goal is lateral scaling: covering more IPv6 endpoints without adding headcount or complexity.

The monitoring priorities will differ depending on the environment. ISP teams may need to track customer IPv6 adoption rates and monitor tunnel endpoints. Enterprise teams may need to watch IPv6 traffic across VPNs, verify authentication, and track remote worker performance. Cloud teams may need to monitor IPv6 connectivity across AWS regions, check dual-stack load balancers, and verify SSL certificates.

What does this mean now and in future?

IPv6 is already becoming the standard for all sectors of IT. From government to mobile networks, the change is underway, if it hasn’t happened already. IT teams must realise that dual-stack is not a blanket solution for internet protocol monitoring. IPv6 is distinct from its former IPv4, requires different metrics, and must be treated as such. For teams who want to reduce downtime and stop firefighting complications, IPv6 needs to be given the right visibility today.

Effectively monitoring IPv6 doesn’t require a rebuild from the ground up. Teams can use the foundations that already exist. Visibility can be built into IPv6 traffic currently flowing through IT channels, spotlight gaps, and setup warnings for IPv6 related problems. As IPv6 becomes the standardised route for internet services across the world, teams that enact now will gain advantage over those that don’t. Actively adjusting to monitor IPv6 will put teams in better stead to manage both performance and security.

Martin Hodgson is account executive at Paessler GmbH.

Read more

Smart auto-tiering vs. data reduction – logical efficiency vs. architectural efficiency – When assessing your data storage, you’re likely choosing between data reduction and smart auto-tiering. Here’s a breakdown of the two

What is intelligent data management? Everything you need to know – In partnership with Informatica, here’s an introduction into intelligent data management and why your organisation could benefit from an intelligent data management cloud platform

The post Eliminating blind spots – nailing the IPv6 transition appeared first on Information Age.

• We’re moving from Software as a Service to AI as a Service. Instead of a user moving between SaaS platforms to complete a task, with Agentic AI, an agent can call the necessary systems directly and execute the required steps itself.
• The next phase of agentic AI is not about enabling single agents to collaborate.
• Many organisations are unaware of how to safely design and implement agents. At present, many are just letting them loose and are happy with results, but without realising or planning for the underlying risks.
• The role of developers is likely to evolve. Rather than focusing solely on building integrations between systems, they will increasingly design, refine and supervise agent behaviour within defined governance frameworks.

Recent years have seen AI transform from a generative tool to a workplace colleague. Gone are the days of 2023 when generative AI was the pinnacle of innovation – we are now seeing AI systems operate autonomously within businesses, supporting workers in day-to-day tasks or taking over some entirely.

For the Software-as-a-Service industry, this is especially relevant, as Agentic AI is increasingly applied to software creation, delivery and management. Indeed, the scope for change is so profound that SaaS models and applications as we know them may disappear entirely, as a transformation brings new opportunities to integrate AI agents.

How Agentic AI changes SaaS

To put this in context, ‘traditional’ SaaS is a user-centric model: human users log in, navigate interfaces and manually execute workflows in a process which, generally speaking, is familiar to us all. Similarly, applications are designed around dashboards, configuration panels, and predefined user journeys, delivering value through access to functionality employees actively use.

Agentic AI changes this operating model because agents do not rely on dashboards or visual interfaces. Instead of a user moving between SaaS platforms to complete a task, an agent can call the necessary systems directly and execute the required steps itself. Tasks that once required manual coordination across tools can now be orchestrated end-to-end within a defined objective.

This shifts software from being a primary workspace to being an underlying capability. The interface becomes less important than how systems connect and how tasks are executed behind the scenes. Given that the role of agents is to achieve outcomes, the focus moves from “Which application does the user open?” to “Which services can the agent call?” The disruption, therefore, is not about software vanishing but about control shifting from user-driven workflows to autonomous orchestration.

The rise of agent collaboration

But where is this taking us? The next phase of agentic AI is not about making single agents smarter; it’s about enabling them to collaborate. For instance, the Model Context Protocol, developed by Anthropic, provides a mechanism for linking agents so that information does not remain trapped within a single application or stack. Rather than responding to isolated prompts, agents can pass tasks, data, and state to one another as part of a wider workflow.

In addition, Microsoft’s recent introduction of its Work IQ orchestration capability is another step towards bringing agent-to-agent collaboration into mainstream enterprise tooling and out of experimental environments.

The underlying point of all this innovation is that when agents can operate across internal and external ecosystems, the boundaries between applications begin to blur. The result is a shift from isolated automation to coordinated execution, where multiple agents contribute to achieving a single outcome.

In this environment, human users are no longer the sole orchestrators of workflow. Instead, agents can initiate, adapt and complete processes with limited intervention. This represents an architectural turning point because once context sharing and agent coordination are embedded in enterprise platforms, software shifts from something users operate to something agents consume. Interfaces become secondary to integration layers, and workflows are triggered by objectives rather than manual input.

Building for the AI as a Service era

As with every other AI-centric innovation, building new capabilities depends on robust governance and infrastructure that can support increased autonomy. An important part of the overall challenge is that many organisations are unaware of how to safely design and implement agents. At present, many are just letting them loose and are happy with results, but without realising or planning for the underlying risks.

For instance, when agents can share context and coordinate across systems, operational complexity also increases. This means businesses will need to set out extremely clear policies defining what agents are permitted to do and what they aren’t. These should be implemented as guardrails built into the orchestration layer itself, particularly where agents exchange sensitive business data.

Managing these issues appropriately is vital, not least because turning on collaborative agent capabilities without appropriate oversight risks exposing data in unintended ways. In this context, human oversight remains important, especially in environments where agents are making decisions based on incomplete or evolving information.

Infrastructure foundations must also support traceability and accountability across agent-led workflows. It is not enough to know that a task has been completed; organisations must understand how decisions were reached and ensure that policies are consistently enforced.

At the same time, the role of developers is likely to evolve. Rather than focusing solely on building integrations between systems, they will increasingly design, refine and supervise agent behaviour within defined governance frameworks.

Ultimately, organisations that take the time to strengthen their governance models and infrastructure foundations now will be better placed to manage the transition to agent-led systems. The bottom line is that as autonomy increases, so too must the structures that support it.

Mark Skelton is CTO at Node4.

Read more

Digital friction is where most AI initiatives fail – Get your digital employee experience in line to ease the introduction of AI initiatives into your organisation

From generative to agentic AI – now the real transformation begins – Node4’s Mark Skelton takes us through the move from generative to agentic AI and how to approach it in your organisation

Why ISO 42001 sets the standard for responsible AI governance – With the use of AI increasing inall areas the development of effective governance is paramount. ISO 42001 is the latest standard helping businesses build trust moving forward

The post Goodbye Software as a Service, Hello AI as a Service appeared first on Information Age.

There are very few people in the storage industry who have had the privilege of building both sides of this equation. I have seen both smart auto-tiering and data reduction from the inside: algorithmically, architecturally, and economically. Both aim to reduce flash consumption. But they do it in fundamentally different ways.

Data reduction and smart auto-tiering aim to solve the same business problem: reducing reliance on costly flash storage. From a business or CFO’s perspective, they can appear similar since each promises savings. Architecturally, however, they take fundamentally different approaches.

Data reduction

Data reduction works by altering the data itself through compression and deduplication. Compression shrinks data blocks, while deduplication stores only one copy of identical data. The result is that less physical flash is required to store the same logical data footprint, which can deliver immediate capacity savings and attractive marketing claims like ‘3× efficiency’. In practice, results vary widely depending on workload type, data formats, and usage patterns.

Media such as video or images often compress poorly, and inline reduction consumes significant CPU and DRAM resources as components can be costly and unpredictable. Ultimately, data reduction produces logical savings without changing the underlying storage architecture or addressing the economic gap between flash and HDD.

Smart auto-tiering

Smart auto-tiering takes a different path. Instead of modifying data, it changes where data resides. Frequently accessed hot data is placed on flash, while infrequently used cold data is automatically moved to lower-cost HDD storage based on real usage patterns. By optimising placement rather than shrinking data, smart auto-tiering can dramatically reduce flash requirements – modern systems may operate with roughly 10 per cent flash and 90 per cent HDD, and long-term data environments can achieve even more extreme ratios over time.

Because this method doesn’t depend on data type, savings tend to be stable and predictable, and capacity is guaranteed rather than variable. The key challenge is engineering a truly intelligent tiering engine. if data can’t move between tiers fast enough, flash fills up and the system effectively becomes an expensive all-flash environment.

Why it matters

The distinction between these approaches matters more today than ever. Flash was once used primarily as a performance tier, but AI workloads and modern applications increasingly assume flash as the default. At the same time, flash pricing has risen relative to HDD, making simple logical savings insufficient. Compression reduces size, auto-tiering reduces exposure. They are not competing technologies so much as solutions to different economic challenges. Data reduction helps store more within existing flash, while smart auto-tiering reshapes the storage cost structure itself.

In the end, choosing between them isn’t just a technical preference, it’s a strategic decision. Organisations designing infrastructure for the AI era must think beyond short-term efficiency gains and consider architectural efficiency. Understanding the difference between logical optimisation and structural optimisation is what separates incremental savings from long-term cost control.

Gal Naor is CEO of StorONE.

Data storage problems and how to fix them – Digitising data storage can be a daunting task and some of the biggest barriers businesses face are with infrastructure, costs, security, compliance and people

Flash storage prices are surging – auto-tiering is now essential – This article explores what you should do now that flash storage is becoming unsustainable for organisations

The post Smart auto-tiering vs. data reduction – logical efficiency vs. architectural efficiency appeared first on Information Age.

• Middle office functions include reconciliation, risk management and trade matching.
• They run continuously, at scale, against fragmented data sources, and in legacy environments they do it on servers burning energy at peak-load capacity around the clock.
• Institutions migrating middle office reconciliation workloads from private to public cloud infrastructure have seen emissions reductions in the range of 60-80 per cent – without changing the underlying business process.

ESG is now a primary driver of a bank’s cost of capital. For CIOs, that makes the middle office – reconciliation, data normalisation, trade matching, exception management – the most consequential real estate on the balance sheet.

They run continuously, at scale, against fragmented data sources, and in legacy environments they do it on servers burning energy at peak-load capacity around the clock.

Capital markets firms face mounting pressure to reduce emissions year-on-year, whether through board commitments or customer demands. Pillar 3 disclosures coming into force at the end of the year will require firms to provide more detailed ESG reporting data, raising the compliance stakes further. Research consistently shows the business case is real: high ESG scores now correlate with lower credit spreads and reduced regulatory capital charges, reflected in tighter spreads and deeper trading activity.

These forces have turned ESG from a reporting exercise into an infrastructure challenge. CIOs are now responsible for systems that must demonstrate measurable, year-on-year emissions reductions – and that makes them, for the first time, direct actors in a firm’s cost of capital.

Middle office functions carry a disproportionate emissions burden precisely because of how they were built. Reconciliation processes were designed for resilience over efficiency – running parallel checks across multiple systems, maintaining redundant data stores, and keeping infrastructure on standby for end-of-day settlement spikes that represent a fraction of the actual processing calendar. A firm running overnight batch reconciliation on on-premise infrastructure is pays an energy premium for old architecture. The ESG case for change and the operational case for change are the same case.

The compounding impact of the move to cloud

A common transition across financial services, from on-premise systems to cloud-native infrastructure, is also one of the most impactful single changes firms can make to their operational emissions profile. Legacy, on-premise environments weren’t designed for this level of scrutiny or efficiency as they involve fragmented data sources, manual processes, and limited analytics capabilities, making it difficult to track progress, ensure accuracy, or respond quickly to increasing regulatory requirements.

Institutions migrating middle office reconciliation workloads from private to public cloud infrastructure have seen, in my experience, emissions reductions in the range of 60-80 per cent – without changing the underlying business process. For firms still running on-premise, the reduction potential is likely greater still. These reductions come from structural changes: more efficient compute utilisation, lower idle capacity, and the elimination of energy-intensive infrastructure that was designed for peak load rather than day-to-day reality.

As data automation processes like reconciliations are rebuilt on cloud-native foundations, these changes don’t plateau and year-on-year improvements follow naturally from the architecture itself. Platforms are natively designed for the cloud, allowing data to be collected, normalised, and reconciled once rather than repeatedly across fragmented systems, without requiring a broader process reorganisation.

This matters as sustainability reporting demands defensible baselines and consistent measurement, which means partner selection now carries ESG weight. Auditable emissions data and public net-zero commitments are the baseline.

Complex data processes sit at the heart of capital markets operations, touching every part of the trading ecosystem, from boutique asset managers to the largest global institutions. Reductions in emissions reverberate across the industry. When shared infrastructure reduces its emissions footprint, every client on that infrastructure benefits simultaneously. ESG improvement becomes a network effect – one firm’s infrastructure decision compounds across its entire counter-party ecosystem.  

Danielle Price is chief financial officer at Duco.

Read more

Four key data management steps for effective ESG reporting – Patrick McCarthy, chief revenue officer at Precisely, provides four key steps for utilising data management in ESG reporting processes

What is an intelligent data management cloud platform and why does my organisation need one? We clear the fog around what an intelligent data management cloud platform is and why it could give your organisation the competitive edge

How CIOs can mitigate IT employee fatigue – Gartner has identified four ways in which chief information officers (CIOs) can go about mitigating IT employee fatigue, to effectively retain talent

The post The value of reducing middle office emissions for ESG appeared first on Information Age.

• Despite employees encountering tech problems, including slow applications, intermittent performance degradation and device conflicts, they typically adapt their behaviour.
• As traditional service models struggle to surface these problems, the gap between what tech monitoring captures and what employees truly experience continues to widen.
• When issues do reach the service desk, they are often diagnosed several times as they move between support teams, largely because the original context is missing. This is when engineers spend time piecing together what happened from fragments of information, which slows resolution and discourages users from escalating similar problems in future.
• The same gap helps explain why many automation and intelligence initiatives struggle to deliver the productivity gains hoped for by leadership teams.
• For IT teams responsible for digital employee experience (DEX), the challenge is increasingly about understanding how work actually runs in everyday conditions rather than relying solely on system status indicators.
• For DEX and IT operations teams, the priority is simply knowing where work slows down and what employees experience when it does. With clearer operational context, teams can address recurring issues earlier and make decisions based on how technology performs in practice, not just how systems report their own health.

Most organisations believe they have a reasonable understanding of how well their tech environments are performing. Systems are monitored and uptime reviewed, while incident volumes and service levels continue to dominate reporting.  On paper, everything looks under control. However, that confidence often proves misplaced. 

Across enterprises, a large proportion of daily IT friction never reaches dashboards or support queues. Despite employees encountering IT problems, including slow applications, intermittent performance degradation and device conflicts, they typically adapt their behaviour. Work often continues, just more slowly, and the impact is absorbed into everyday operations rather than recognised as an incident.

A useful indicator of the scale of this problem comes from the 2025 Work Relationship Index. Only around 20 per cent of employees report a healthy relationship with work, a sharp decline from the previous year, with recurring technology frustrations frequently cited as a contributing factor. In large organisations, that disengagement represents substantial lost output, even when no individual system appears to be failing.

Why many execution failures never surface

Enterprise IT has traditionally relied on two primary signals to understand system health: automated monitoring and user-reported incidents. That’s although neither was designed to reflect how work is actually executed across today’s distributed environments.

Monitoring tools detect outages and clear threshold breaches reliably. However, partial degradation and context-specific issues often pass unnoticed. Many environments report strong availability metrics even when applications remain slow or inconsistent for users.

A major constraint is limited quality data. Most organisations lack continuous, contextual, and trustworthy execution data that reflects how work is actually performed across devices, applications, and environments. Without that foundation, leadership decisions are based on inferred system health rather than observed work conditions.

Incident data fills part of that gap, but it depends heavily on human behaviour. Service desks often see this first: systems show as available, yet users report delays that never register as incidents. Intermittent or tolerable problems are more likely to be worked around, because reporting them interrupts work and often leads to prolonged troubleshooting. 

Many users simply adapt and this behaviour reflects a broader organisational pattern in which visible tickets represent only a fraction of the execution issues affecting productivity. As traditional service models struggle to surface these problems, the gap between what technology monitoring captures and what employees truly experience continues to widen.

Silent sufferers and rational workarounds

These blind spots give rise to what practitioners often refer to informally as ‘silent sufferers’: employees who are persistently affected by tech issues but rarely appear in support metrics.

This behaviour is rarely about engagement or training. It reflects how people behave under pressure. Employees are measured on output, not on how they report technology issues. When adapting to friction is quicker than escalating it, silence becomes the rational choice.

When issues do reach the service desk, they are often diagnosed several times as they move between support teams, largely because the original context is missing. This is when engineers spend time piecing together what happened from fragments of information, which slows resolution and discourages users from escalating similar problems in future.

The invisible productivity gap

Over time, this creates an invisible productivity gap, which is the difference between perceived system health and real execution conditions. This widening disconnect is increasingly understood as a digital employee experience (DEX) issue that focuses on whether tech genuinely supports day-to-day work. Leadership dashboards often suggest stability, while employees experience work as slower and more fragmented. Tasks take longer and concentration is repeatedly broken, while small frustrations gradually accumulate into measurable inefficiency.

This gap is not theoretical as a 2025 Deloitte study on workforce capacity found that employees spend roughly 41 per cent of their work time on activities that add little direct organisational value. In practice, much of this time disappears into everyday workarounds: switching between tools, retrying failed actions, waiting for applications to respond or finding alternative ways to complete tasks instead of raising a ticket. Work still gets done, which means the underlying problems often never appear as incidents, even though their cumulative impact on productivity is significant.

The same gap helps explain why many automation and intelligence initiatives struggle to deliver the productivity gains hoped for by leadership teams. IDC’s FutureScape 2026 forecasts indicate that close to half of AI-driven digital initiatives are likely to miss their expected ROI. A common factor is the absence of reliable execution data, which makes it difficult for organisations to understand how work actually unfolds across systems and devices. When that visibility is missing, automation and AI programmes tend to reproduce existing operational blind spots rather than resolve them.

Why execution-level visibility matters now

IT leaders are under growing pressure to show that tech investment improves productivity, but uptime figures rarely explain why employees still struggle to complete everyday tasks. Service desks often see systems reported as healthy while users continue to experience delays, slow responses or inconsistent performance.

This is where digital employee experience (DEX) becomes critical. Improving experience requires visibility into how work actually performs across devices, applications and environments over time, particularly when problems emerge gradually rather than as clear incidents.

For IT teams responsible for digital employee experience (DEX), the challenge is increasingly about understanding how work actually runs in everyday conditions rather than relying solely on system status indicators. A device or application may appear healthy from a monitoring perspective while employees still encounter delays, inconsistent behaviour or repeated interruptions during routine tasks. Greater visibility into execution conditions gives DEX teams the context needed to identify where effort is being lost and why problems persist even when traditional metrics suggest everything is operating normally.

Turning visibility into outcomes

Productivity cannot be managed effectively if it cannot be seen. Organisations that rely only on alerts and reported incidents tend to underestimate how much everyday tech friction affects work.

For DEX and IT operations teams, the priority is simply knowing where work slows down and what employees experience when it does. With clearer operational context, teams can address recurring issues earlier and make decisions based on how technology performs in practice, not just how systems report their own health.

Undetected technology friction carries organisational consequences beyond IT operations. In an environment where tech spending is under closer scrutiny, improving execution visibility has become a practical requirement for turning digital investment into measurable productivity gains.

Oli Giordimaina is chief product and AI officer at Lakeside Software 

Read more

Only 22% of IT staff fully understand capabilities of AI tools – AI is being explored across multiple sectors, but IT staff surveyed by SolarWinds are found to be struggling to use tools to full capability

6 things you can do to make your IT staff happier – Over 80% of knowledge workers say they’re unhappy at work. Three quarters of staff say they’d move jobs to be happier at work. Here are 6 ways to make your staff feel better about the daily grind

Breaking down silos between IT and security teams – Mike Arrowsmith explains the benefits of breaking down the barriers between your organisation’s IT and security teams

The post How to match tech investment with real-world output  appeared first on Information Age.

While organisations can’t predict the next crisis, they can ensure their business continuity plans are designed for the realities of modern work.

A robust mobility strategy is now fundamental to operational resilience. Secure, flexible and scalable mobile connectivity underpins how employees collaborate, access data and stay productive wherever they are. In 2026, mobility is no longer a support function – it’s a core business capability.

In this article, we explore why business mobility should be central to your continuity planning, and why partnering with a single, trusted provider is critical to reducing risk, complexity and cost.

Cyber security: building proactive mobile security into your business continuity strategy

Cyber security remains one of the most significant threats to business continuity – and mobile devices are increasingly the weakest link. From poorly disguised mobile phishing texts to sophisticated mobile malware and credential harvesting attacks, mobile devices now poses a significant security, compliance and financial risk to organisations across every sector.

The scale of the challenge is growing. In a 2025 UK government survey, 42% of small businesses reported experiencing a cyber incident in the previous year – a figure that reflects a broader rise in attack volume and sophistication across organisations of all sizes. For larger enterprises, the impact of a successful breach can include operational disruption, data loss, regulatory penalties and long-term‑term reputational damage. With more teams working and accessing sensitive data remotely, mobile devices are a growing target for cybercriminals.

Despite this, many organisations still lack adequate defences. Too often, security controls are bolted on to fragmented infrastructure, creating gaps in visibility and accountability at exactly the point where employees are most exposed – on mobile devices, working remotely.

A more effective approach is to build security into the foundation of your mobility strategy. Working with a single provider enables consistent, zero trust security policies across mobile, fixed and cloud environments, with continuous identity verification and real time monitoring for anomalous behaviour. This reduces risk without adding friction for employees who need to collaborate quickly and securely.

Vodafone Business operates a secure-by-design network, applying consistent security policies from SIM to cloud. Its network meets strict UK government security standards, is externally assessed, and holds accreditations including Cyber Essentials Plus and ISO 27001. With 24/7 monitoring from dedicated security operations centres and 99.99% core network uptime, security and resilience are built in, not layered on.

On top of this strong network foundation, Vodafone Business works with industry leading security partners to extend protection to the device and application layer, helping organisations address mobile specific threats such as malicious apps, unsafe networks and phishing attempts. Crucially, this layered approach is delivered with single accountability, simplifying governance and compliance.

Research from Aberdeen Strategy & Research shows the value of this model: organisations using a single provider for unified cloud, connectivity and security are 45% more likely to report improved cyber security, and 90% experienced no data breaches in the previous year.

Evolving ways of working, demand a stronger mobility strategy

Remote and hybrid working are now firmly embedded in enterprise operating models. Whether driven by resilience planning, talent acquisition or employee expectations, distributed workforces depend on reliable, secure mobile connectivity to function effectively.

However, many organisations are still relying on fragmented communications environments. According to an Aberdeen Strategy & Research report on driving growth with Secure, Connected and Unified Communications, businesses using disjointed tools cite productivity management and employee engagement as their biggest challenges. Switching between multiple platforms doesn’t just waste time, it increases security risk by fragmenting data and complicating access controls.

A clear, cohesive mobility strategy, with one provider, helps organisations avoid this trap. Rather than assembling a patchwork of disconnected solutions, working with a single provider allows businesses to simplify management, improve user experience and maintain consistent security standards as teams move between locations.

The benefits are measurable. Organisations using unified communications are 11% more likely to see productivity improvements and 19% more likely to report higher customer satisfaction, compared to those relying on fragmented tools. (Aberdeen Strategy & Research Report)

Vodafone Business supports this shift with a range of coverage and connectivity solutions designed for modern, mobile workforces. Following the Vodafone-Three merger, customers can now access both networks at no extra cost, eliminating 16,500 square kilometres of UK network not-spots and enabling employees to work effectively wherever business takes them.

Rapid technological change: reducing complexity while staying competitive

For businesses, procuring and managing the technology that keeps you competitive, while being prepared for unforeseen disruptions, and being able to adapt to evolving ways of working can be challenging – but it doesn’t have to be.

Keeping pace with technological change is essential for resilience – but it’s also a growing challenge. Many organisations still depend on outdated or poorly integrated infrastructure sourced from multiple vendors. Aberdeen Strategy & Research found that 21% of organisations using disconnected systems struggle with poor integration, limiting their ability to adopt new technologies quickly and securely.

A single mobility strategy reduces this complexity. It makes it easier to introduce new tools, scale services up or down, and ensure employees can securely access the applications and data they need – without disrupting operations.

Device lifecycle management is a critical but often overlooked part of this picture. Ageing devices increase security risk, reduce productivity and undermine sustainability goals. A structured approach to device provisioning, management and secure retirement helps organisations stay protected, minimise downtime and reduce electronic waste through responsible refurbishment, resale or recycling.

Vodafone Business helps organisations stay ahead of technological change through professional and managed services that cover the full device and connectivity lifecycle. From enabling secure access to cloud-based applications to maximising the value of emerging technologies such as AI based applications – maximising the value of emerging technologies.  Vodafone Business supports businesses as their needs evolve.

Choosing the right partner for long term resilience

Building a robust mobility strategy isn’t about buying a single product, it’s about forming a long-term partnership. A trusted provider brings together secure connectivity, strategic expertise and lifecycle services under a single accountable relationship, reducing operational burden and strengthening resilience.

Vodafone Business goes beyond network provision, working alongside organisations to design and deliver mobility strategies aligned to their business continuity goals. Its professional and managed services span device enrolment, management, security, cloud access and retirement, helping businesses operate with confidence in an increasingly uncertain world.

Discover how Vodafone Business can help you develop your business continuity plan.

Sources

Spiceworks: Aberdeen Strategy and Research Drive Business Growth with Secure, Connected and Unified Communications

Spiceworks: Aberdeen Strategy and Research – Secure, Connected Cloud and the Path to Effective IT Modernisation

The post Why a robust mobility strategy must sit at the heart of your business continuity plan in 2026 appeared first on Information Age.

• After a cyber incident you should determine exposure, find out if you’re compromised, follow your framework, recover and learn from the incident.
• Having the right data helps to form a clear picture.
• Curated threat intelligence refers to information that has been carefully selected, validated, and placed into context with an organisation’s environment, rather than raw data feeds delivered in bulk.

Exploited in the wild. Four words that strike fear in security practitioners. They don’t mean the clock is ticking, but it began ticking days or weeks ago, and now the alarm is sounding. The immediate priority now is to determine exposure and confirm any compromise.

One example of this situation that quickly comes to mind is the research our Rapid7 Labs team did in July 2025 on a previously unknown vulnerability in Microsoft SharePoint: CVE-2025-53770. The zero-day vulnerability allowed attackers to place a backdoor on on-premises SharePoint servers and steal the systems’ security keys, leading to full compromise of the machine.

The vulnerability highlighted the importance of speed and decisive action in identifying and remediating the threat, particularly the need to determine exposure and conduct a threat hunt to confirm any compromise.

As criminal threat groups improve their tooling and exploit previously unreported vulnerabilities for initial access, the need for defenders to adapt their response has never been greater.

Task one: determine exposure

When a security advisory is published, the first question is whether any assets are potentially exposed. In the past, a vendor’s claim of exploitation may have sufficed. Given the precedent set over the past year, it is unwise to rely solely on a vendor advisory for exploited-in-the-wild status.

Too often, advisories or exploitation confirmations reach teams too late or without the context needed to prioritise the response. CISA’s KEV, trusted third-party publications, and vulnerability researchers should form the foundation of any remediation programme.

The first task at this stage is to determine exposure. This, of course, demands comprehensive content coverage and, potentially, vulnerability validation to establish whether assets are truly susceptible to the reported risk.

Being able to answer senior management’s most important question of “are we exposed?” is a requirement that demands immediate attention. While it may sound straightforward, those managing vulnerability programmes know this is where claims of commoditisation are often overstated.

Secondly, where additional evidence is required to drive remediation, further validation may be necessary. Open-source tooling such as Metasploit can provide that validation and, in some cases, may be a necessary part of the response.

Task 2: ask yourself if you’re compromised

Depending on the answer to the exposure question, the next question should be whether the organisation is compromised. At this stage, the threat actor may have held the zero-day for days, weeks, or even months, and could already be at the final stage of the kill chain, exfiltrating data over an extended period.

This phase focuses on determining what has been taken and eliminating any remaining persistence, such as additional backdoors established by the attacker.

Many organisations will leverage their incident response (IR) retainers to assess the extent of the compromise or, at a minimum, perform a rudimentary threat hunt for indicators of compromise (IoCs) before involving the IR team.

As with the first step, accurate, high-fidelity intelligence is critical. Simply downloading IoC lists filled with dual-use tools from social media will generate noise and likely lead to inaccurate conclusions.

Arguably, the cornerstone of the initial assessment is ensuring that intelligence incorporates decay scoring to validate command-and-control (C2) infrastructure. For many, the term ‘threat hunt’ translates to little more than a log search on external gateways.

For example, if traffic is observed to known domains or IP addresses, the assumption may be made that there is evidence of compromise. Such findings are likely to trigger a more comprehensive assessment and/or bring in external support.

If the foundation of this exercise is outdated intelligence drawn from security research that equates publishing seven pages of Indicators of Compromise (IoCs) with expertise, then the entire process is pointless.

Task three: follow your framework

The approach at this stage will be dependent on the results of the previous assessments. There is no default playbook here; however, an established decision framework that dictates how a company reacts is key.

For example, I have witnessed organisations determine that the threat actor has been within the environment for years, and the only way to identify any additional backdoors is to monitor the threat actor within the environment. In other cases, the priority is to expel the actor quickly, especially if ransomware has not yet been deployed.

Regardless, analysts must conduct a final check for any signs of persistence that may have evaded initial detection. During the SharePoint exploit, we used known ToolShell behaviours to ensure the attacker left no lingering footholds.

Task four: recover from the attack

With containment and remediation complete, the work is not finished. Focus now shifts to communication, clarity, and validation.

A detailed incident report should include a forensic timeline, a confirmed root cause, all remediation actions, and what did and didn’t occur, such as data loss, lateral movement, or persistence.

Clear, timely reporting builds stakeholder confidence and closure, while enabling the security team to assess their response, recognise successes, and highlight areas for improvement.

For me, the most important point is ensuring senior management fully understands any gaps that exist. I won’t use the phrase “never waste a good security incident.” However, make no mistake, if improvements are needed, now is the time to secure the appropriate investment.

If a threat actor has already compromised the environment and no meaningful changes are made, it is highly likely to happen again. This is not meant to spread fear, but to acknowledge that organised criminal groups are equipping themselves with increasingly capable tooling.

Spotting the small things makes all the difference

A critical element is having the right data to form a clear picture. A security team’s success depends on spotting subtle process anomalies and filtering alert noise to assemble it.

This is where curated threat intelligence becomes absolutely critical. Curated threat intelligence refers to information that has been carefully selected, validated, and placed into context with an organisation’s environment, rather than raw data feeds delivered in bulk.

Instead of overwhelming security teams with thousands of indicators or alerts, context-driven intelligence focuses on what is relevant, credible, and actionable for a given situation. This allows suspicious activity to be identified and verified earlier, reducing the attacker’s window of opportunity before they are able to escalate.

Investing in intelligence that is validated, relevant, and tailored to your environment ensures that the security team is not chasing noise but instead concentrating on the threats that truly matter.

Raj Samani is SVP chief scientist at Rapid7.

Read more

Bridging the IT and security team divide for effective incident response – Greater alignment between IT and security teams is crucial for effective incident response – here’s how to lay down the foundations

Why shutting down systems can backfire during a cyber attack – Despite what instinct might dictate, shutting down your systems during a cyber attack could lead to a slew of negative outcomes

Prioritising cyber resilience in a cloud-first world – Despite complexity and cost, it’s certainly worth devoting time to your organisation’s cyber resilience strategy. Here’s what to do

The post What the first 24 hours of a cyber incident should look like appeared first on Information Age.

• Organisations should be focusing on how to optimise collaboration, not whether it should happen.
• Collaboration is about survival in an environment defined by resource scarcity (e.g. critical minerals, water), volatile supply chains and rapid business change.
• Companies are finding new ways to work together by sharing data, aligning operations and building resilience through networks.
• Sharing data and insights improves information, brings expertise to bear in new ways, and unlocks our ability to tackle higher-order business problems.

The headlines tell a story of division: nations are locked in trade disputes, societies are polarised, global institutions are in disarray.

Around the world, the appetite for collaboration appears to be at a historically low ebb. Indeed, one of the five key themes for this year’s Annual Meeting of the World Economic Forum (WEF) is, “How can we cooperate in a more contested world?” Discord and disruption are seemingly our lot these days. But that’s not the case everywhere, and not in all instances.

In fact, in the industrial sector, quite the opposite trend is emerging. Companies are finding new ways to work together by sharing data, aligning operations and building resilience through networks.

None of the big challenges confronting industry are amenable to solving in isolation. Virtually all demand cross-organisational solutions, teaming and sharing. Collaboration within industry, perhaps to a refreshing degree, is a mutual value creation.

That’s not to say this collaboration is easy or that there aren’t constraints. To take but one example, trade barriers increase the costs of exchange, driving up execution complexity. And to be sure, there are other countervailing forces in play, such as the strategic shift towards “geopatriation” and sovereign compute, where companies (and countries) look at the notion of hosting their information in data centres abroad with growing unease.

But constraints also act as incentives to innovate. Partnering with others to harness data, insights and resources that exist outside an organisation’s perimeter is proven for success with an ironclad investment case. 

While leaders are justifiably focused on managing information and operational risks, and it would be naïve to suggest that information hoarding and “walled gardens” aren’t part of industry’s cultural fabric, virtually no one is opposed in principle to collaboration. It’s more a question of how to optimise collaboration, not whether it should happen.

Industrial collaboration is understood by nearly all actors for what it is: a source of competitiveness, and a catalyst for transformation. In many instances, it’s also a necessity. Collaboration is about survival in an environment defined by resource scarcity (e.g., critical minerals, water), volatile supply chains and rapid business change.

Few if any senior leaders or boards in the industrial sector question the value of connecting operations, either within companies or with third parties. Inside firms, managers at all levels that don’t foster collaboration are quickly identified as ineffective and sidelined.

Industrial collaboration is on the upswing

We should step back from cynical rhetoric and short-term news cycles and look to concrete data on collaboration. The new Global Cooperation Barometer, published this month by McKinsey and the WEF, reveals that multilateral institutions are under strain, but that cooperation is not disappearing. Rather, it’s shifting.

Where the Paris Agreement or global trade and security frameworks may falter, this analysis (and many others) finds smaller, focused partnerships are gaining traction. Innovation and technology collaboration is advancing, even as geopolitical tensions rise. Data flows, AI partnerships and digital infrastructure projects are increasing among like-minded organisations. Climate and clean technology alliances are expanding as industries and regions pursue decarbonisation and energy security together.

These trends all tell the same tale, underscoring a crucial point that’s getting lost: Interdependence isn’t going away, and collaboration is increasing. We should embrace it wherever common cause, synergy or the need exists.

The promise (and reality) of radical collaboration

Over the past 12 months, I have written about “radical collaboration,” which I have defined as “the act of breaking down silos and institutional divides, sparking shared insights that boost the quality and capacity of a team or business.”

This collaboration is radical in its extent: more organisations, more stakeholders, more data, spanning entire business ecosystems. But it is not radical in its intent. The act of collaboration isn’t at all radical in industry. On the contrary, it’s ubiquitous.

We need more collaboration today than we did last year. And we should challenge the pervasive narrative that collaboration is dimming or unworkable. Because that is just not true.

As political systems bog down, industry is proving that collaboration can continue to thrive and accelerate where a strong economic rationale compels innovation. Radical collaboration, powered by digitalisation, is how companies will navigate complexity and build a future that works within planetary boundaries.

Predictability is collapsing, and the world is more “contested” (to use WEF’s term). But these are drivers of collaboration, not brakes on it. Sharing data and insights improves information, brings expertise to bear in new ways, and unlocks our ability to tackle higher-order business problems.

I see a critical role for the industrial sector in our increasingly contested world. Industry must continue to lead by example, creating connections that serve as both a force and a template for expanding collaboration in other spheres of endeavour.

Caspar Herzberg is CEO of AVEVA.

Read more

Breaking down silos between IT and security teams – Mike Arrowsmith explains the benefits of breaking down the barriers between your organisation’s IT and security teams

5 types of transformation fatigue derailing your IT team – Fatigue is the biggest risk to IT teams dealing with a continuous transformation strategy. Here’s what to watch out for and what to do

The evolution of the CTO – from tech keeper to strategic leader – Rohan Patel of builder.ai explains how the role of the Chief Technology Officer (CTO) is changing and what you can do to succeed

The post Why industrial collaboration survives in a contested world appeared first on Information Age.

• Anti-fragility is ‘the ability to thrive in the face of disruption’. It defines systems that thrive and improve from stress, volatility, disorder and shocks, rather than just resisting them.
• An anti-fragile approach actively benefits from each attack, identifying weaknesses, addressing them, and adapting as needed.
• Compliance doesn’t equal protection. Instead, organisations must look beyond regulatory mandates, formalising a post-incident learning, anti-fragility strategy in order to make proactive and ongoing security improvements. 

The last year has made it clear that cybersecurity is far more than a technology problem, it is an economic one as well. Cybercrime is estimated to cost the global economy more than $10 trillion every year. If cybercrime were an economy of its own, it would be the world’s third largest, bested only by the US and China.

From the M&S cyberattack that saw the retailer lose over £300 million in sales to the Jaguar Land Rover attack that is estimated to have cost the UK economy over £1.9 billion, recent headlines have told a clear story: cybercrime is now a systemic risk that demands attention.

That attention must be given in the year ahead. Resilience has long been treated as a byproduct of cybersecurity, rather than a fundamental business outcome, and in 2026, that must change. Organisations now recognise what’s at stake, be it catastrophic financial losses or reputational damages, regulatory hurdles, or a host of other issues.

The conversation has thankfully been moving in the right direction, from attack prevention to breach containment and continuity. But I’d argue we’re not aiming high enough. Today, true resilience is not about just being able to withstand crises, but harnessing them to become stronger.

What is anti-fragility?

That ability to thrive in the face of disruption must become the basis for improved resilience. Modern organisations shouldn’t strive for survival, but for continual improvement.

In the cyber sphere, that is crucial. Threat actors are constantly changing tack, targeting new CVEs, and executing increasingly complicated supply chain attacks. Resilience must therefore move in tandem as an ongoing process of learning and adapting.

That is the crux of anti-fragility. It defines systems that thrive and improve from stress, volatility, disorder and shocks, rather than just resisting them.

If a security model is only designed to recover, it remains just as vulnerable as before. But an anti-fragile approach actively benefits from each attack, identifying weaknesses, addressing them, and adapting as needed.

No company can ever guarantee that it will have zero incidents. It’s simply not realistic. Data from the National Cyber Security Centre shows the UK is now experiencing four nationally significant cyberattacks every week, while 43 per cent of businesses experienced a cybersecurity breach in the last year.

In that context, the focus needs to move from putting out digital fires as quickly as possible to understanding why and how they started in the first place. Only that approach will ensure they can be prevented and put out more quickly and effectively in the future.

Firms must look beyond legislation to make the necessary strategic improvements

Increasingly, organisations are recognising the value in anti-fragility as a strategy and more will adopt it next year. However, getting there means going beyond regulatory compliance. Compliance lays the foundations from which successful cybersecurity can be built, yet many currently see it as the finished structure.  

There are several problems with that. Security legislation frequently lags behind the threat landscape, and so the gap between a new threat emerging and a new law coming in to address it can stretch over the course of years. Organisations must therefore understand that compliance doesn’t equal protection. Instead, they must look beyond regulatory mandates, formalising a post-incident learning, anti-fragility strategy in order to make proactive and ongoing security improvements. 

A breach containment strategy should be at the heart of this. It’s an approach to limit the scope and impact of a cyberattack by aiming to prevent the lateral movement of attackers.  

At the heart of containment is microsegmentation and Zero Trust, which focus on reducing the impact through strict access controls. By proactively segmenting networks, isolating workloads, and limiting unnecessary permissions, critical operations can continue to run even during and after a cyber incident.  

Every attempted breach can be analysed, providing insights that can help to find weak points, bolster the protection of critical assets, and strengthen defences in a more adaptive, intelligent way.  

AI security graphs play a critical role by providing a comprehensive view of how elements within a network environment connect and interact. The AI element helps to correlate thousands of signals across environments to expose relationships between workloads, users, and systems. This shows potential attack paths and vulnerabilities – where attacks are likely to begin and how they could move through the environment. 

For companies, that ability to turn data into insight and act upon it can become a genuine differentiator. Cybersecurity in 2026 will be defined not by those avoid incidents, but those who learn from them.  

Resilience is the new baseline, while anti-fragility is the goal. Organisations that treat every attack as an opportunity to improve will outpace those that simply recover. That means implementing the right security policies, leveraging the right tools, formalising post-incident learning, and turning key data into actionable insights. 

For those that get it right, anti-fragility will enable companies to turn disruption into strength. 

Trevor Dearing is director of critical infrastructure at Illumio.

Read more

Prioritising cyber resilience in a cloud-first world – Despite complexity and cost, it’s certainly worth devoting time to your organisation’s cyber resilience strategy. Here’s what to do

Ransomware has evolved – so must our defences – Ransomware threats are advancing. Jamie Moles goes into what a triple extortion threat is and how to protect your organisation against them

Why slow recovery is the real threat of ransomware events – With ransomware attacks, it’s a case of when (not if) you’ll be hit and, crucially, how long recovery takes. Here’s how to bounce back quicker

The post Anti-fragility – what is it and why should it be the goal for your organisation? appeared first on Information Age.

Alongside the second reading of the Cybersecurity and Resilience Bill, the government has released a Cyber Action Plan.

What’s in the Cyber Action Plan?

As you’ll see, the Plan is geared more towards public services such as the NHS and local councils. Though there is mention of the supply chains that provide services to them – firms that may very well be in the private sector – they’re largely overlooked. They’re also looked at through the gaze of the public sector organisation.

The only steps in the document related to supply chains were as follows:

• Make sure that organisations within the supply chain understand their accountability and responsibility for government cybersecurity and resilience
• Supply chain security will be a key focus of learning and development initiatives. The aim is to support commercial and procurement professionals to embed appropriate cyber knowledge and understanding into their operations to assure the cybersecurity and resilience of government suppliers
• A new Software Security Ambassador Scheme is being launched to drive adoption of the Software Security Code of Practice. This is a voluntary project designed to reduce software supply chain attacks and disruption

What the experts have to say

Though experts in the field largely welcome the legislation, they agree that there are some blind spots and that the proposed investment just isn’t adequate for the scale of the problem.  

Matt Cooke, director of cybersecurity strategy at Proofpoint, said:

“We are seeing a shift where Advanced Persistent Threat (APT) groups and cyber criminals are increasingly targeting the interconnectedness of government by using vulnerabilities in the vendor ecosystem to bypass traditional perimeters and gain a foothold in sensitive national networks.

“The challenge is that modern government services rely on a complex web of third-party cloud services and collaboration platforms. This distributed supply chain has expanded the human attack surface exponentially. Attackers are leveraging this trust by using sophisticated credential theft and account takeover techniques to move laterally from a supplier directly into the heart of government departments.

“While centralised incident response through the Government Cyber Unit is a positive step, the focus must shift toward proactive supply chain integrity. Protecting digitised public services requires a move away from legacy thinking. We must secure the individuals who manage these systems and ensure that any link in the supply chain, no matter how small, cannot become a single point of failure for our national digital infrastructure.”

James Neilson, SVP International at OPSWAT, said:

“The £210 million funding commitment is limited given the size and complexity of public sector networks. Even after £2.6 billion was allocated in 2021 for cybersecurity and legacy IT modernisation, significant issues remain. If the government is serious about improving cyber resilience, further investment will be required.

“The plan must address supply chain risks. Many recent public sector attacks originate from third-party breaches, so departments must ensure suppliers meet robust incident response standards to avoid ongoing security gaps.”

Trevor Dearing, director of critical infrastructure at Illumio:

“Chaos is now driving most attacks, and we’re seeing more organisations forced to shut down operations as a result. While the plans centre on government and digital services, they overlook the private organisations that manage much of our critical infrastructure. If we want real progress, response teams need to cover both public and private sectors. 

“Also, investment alone won’t fix the problem. The public sector continues to lag behind the private sector in attracting cyber talent. To build effective teams, it must compete on salaries and benefits and ensure strong coordination and clear accountability across agencies to defend against increasingly sophisticated threats.” 

Read more

The Cyber Security and Resilience Bill – what’s next for SMEs? – The government’s Cyber Security and Resilience Bill was announced in April. Here’s what your business can do to prepare for what’s ahead

The post Cyber Action Plan and what it means for supply chains appeared first on Information Age.