While governments can’t afford to mimic the startup model entirely – nor should it with the margin for error far narrower – what they can and should do, argues Dr Jon Rimmer, Chief Experience Officer at Mercator Digital, is borrow key traits to improve innovation
Right now, governments are under a huge amount of pressure to match the pace of innovation seen in the startup world; whether that’s rolling out new tech, delivering more responsive public services, or making decisions more quickly.
But the comparison only goes so far. Unlike startups, governments operate under intense public scrutiny, face strict accountability for every penny spent, and have to work through any political fallout if things go wrong.
That in itself is a huge challenge, not least because innovation, by nature, involves risk and even a degree of failure (as many as 90% of startups fail). Add to this the high-stakes world of government digital transformation – where services must be secure, scalable, and citizen-focused – and it’s easy to understand why governments look to big, established systems integrators (SIs) to handle their tech projects. The problem, however, is that the traditional delivery models commonly used here often carry the weight of hierarchy and red tape, stalling innovation.
Take the NHS Test and Trace (NHST&T) initiative as a key example. While much of the underlying technology needed to make the system work already existed, complex structures and layers of approval slowed progress and huge costs. Large SIs were awarded major multi-million pound contracts, often with minimal competition.
Despite this, and a total budget that ended up rising to some £37 billion over two years, the project ended up seeing a series of well-documented setbacks. Meg Hillier MP, Chair of the Public Accounts Committee, said: “Despite the unimaginable resources thrown at this project, Test and Trace cannot point to a measurable difference to the progress of the pandemic, and the promise on which this huge expense was justified – avoiding another lockdown – has been broken, twice.”
It highlights a clear challenge: a default to large SIs and complex hierarchical delivery models, even in cases where smaller, more agile innovators might have delivered faster, cheaper and more responsively.
What needs to change
With examples like Track and Trace still fresh in the public’s memory, and digital transformation now central to public sector reform, partnering with SMEs directly or borrowing the startup-style way of thinking could offer a solution. Here’s why:
SMEs often compete for government work on merit, not legacy relationships, which makes them hungry to prove themselves
Many embrace open-source technologies and reusable components, aligning with Government Digital Service (GDS) principles around interoperability and avoiding vendor lock-in
Lower overheads and leaner teams mean they typically offer better value for well-defined projects
SMEs thrive on speed, unburdened by layers of internal governance, which is perfect for a digital environment that favours test-and-learn approaches and agile delivery
Often founder-led or comprising smaller teams, working with SMEs tends to result in close-knit, more personal relationships with senior experts (such as AI and data analytics, user research, service design, or legacy system integration). Here, issues are spotted early, ideas flow freely, and decisions get made fast.
Despite their strengths, SMEs still often face hurdles when working with governments, from complex procurement processes and large-scale delivery expectations, to tight security requirements. As such, the right commercial support – frameworks like G-Cloud or Digital Outcomes and Specialists (DOS) – must be considered by government teams. The key is to design delivery models that support learning (not perfection) and that fit the project, not the other way around.
It’s also wise to use SMEs for discovery phases, quick-turnaround services, or specialist components of larger programmes. Or better yet, design workstreams that allow them to lead. From there, you can expand on what’s proven to work, which is a much easier way to secure buy-in within the government.
And finally, even if not working directly with an SME, governments can take a leaf out of their playbook by empowering their own internal teams and giving them the autonomy, ownership, and clarity of purpose that a small business thrives on.
More than a seat at the table
Thankfully, we’re already seeing much of the above take hold within the UK Government. Last year, for example, it adopted a ‘test and learn’ culture to tackle public sector challenges, including six- to twelve-month secondments of specialists from technology companies. Earlier this year, that same approach also saw a ‘start-up mindset’ introduced to test AI applications and scale successful experiments.
It’s certainly a positive step in the right direction. But whether governments bring in SME expertise directly, or borrow key traits from the way they operate, if we want public services that are genuinely user-centred, cost-effective, and future-proof, it’s time to give these smaller, agile innovators even more influence – not just a seat at the table.
Emergency departments and minor injury units across Northern Ireland are now benefitting from AI that helps clinicians accurately and efficiently identify bone fractures – deployed rapidly and at scale through Sectra Amplifier Services.
Sectra Amplifier Services, provided by Northern Ireland’s enterprise imaging partner Sectra, enables healthcare organisations to integrate AI tools directly into their existing imaging workflows. Using the service, the region’s Business Services Organisation (BSO) Northern Ireland Picture Archiving and Communication System (NIPACS+) Programme has rolled out BoneView, a fracture detection algorithm developed by AI firm Gleamer, across all five of the region’s geographic Health and Social Care (HSC) Trusts.
The deployment follows a successful trial in the Northern Health and Social Care Trust, where evaluation showed the algorithm helping busy ED professionals read x-rays more accurately, with more clinicians delivering correct diagnoses first time for patients.
Fractures can sometimes be missed from x-rays that are read in emergency settings, resulting in patients being recalled once images go on to be reported by specialist radiologists and radiographers.
However, clinicians in the emergency department using the AI recorded a significant increase in diagnostic accuracy, with the AI helping to reduce both reading time and errors in detecting acute fractures, effusions and dislocations.
The BSO in partnership with Digital Health and Care NI (DHCNI) commissioned Sectra to provide the complete enterprise imaging solution for NIPACS+. The region-wide AI deployment is first to take place in the NIPACS+ Programme, one of the UK’s largest integrated diagnostic initiatives.
Dr Anton Collins, consultant radiologist and SRO of the NIPACS+ Programme, said: “We’ve closely studied how our ED clinicians have benefitted from this innovative use of AI. This has helped to increase accuracy in the emergency department to a similar level seen in radiology. The result: fewer missed fractures, improved clinical decisions, enhanced care, and fewer patients being called back. As we expand the tool across all Trusts, we are supporting staff in delivering the right diagnosis for patients first time. This is not replacing radiologists or radiographers; it is an important way to help busy healthcare teams deliver efficient and effective care.”
NIPACS+ has been providing diagnosticians and clinical teams with a single point of access for medical images across multiple disciplines, and has been modernising how radiology, pathology, and other diagnostic services within HSC can collaborate and better harness imaging technology for patient care.
Joanne Allison, BSO NIPACS+ Programme Manager and co-chair of the Regional Medical Imaging Board AI subgroup said: “Deploying a regionalised AI application is another major milestone for the NIPACS+ Programme, one we are keen to build on. The RMIB AI subgroup is currently identifying need and assessing potential benefits for other medical imaging-related algorithms which will also be deployed through NIPACS+, and our enterprise imaging supplier Sectra.”
Further uses for AI already being explored could aid in areas including chest x-rays and digital pathology, where potential exists to help clinicians detect diseases and cancers sooner. Once assessed, NIPACS+ will be able to achieve similarly rapid deployment. Sectra Amplifier Services allowed Northern Ireland to deploy at pace with BoneView, with due diligence on AI tools available in the service already complete. Sectra, which is also Northern Ireland’s enterprise imaging solution provider, managed contractual, integration, and technical components of the deployment, allowing the AI to scale as needed, and releasing Trusts to focus on assessing clinical merits and effectiveness before it is used in supporting patient care.
The implementation of BoneView is now anticipated to have widespread benefits – and is expected to help clinical teams in the examination of more than 300,000 bone x-rays a year.
Health Minister Mike Nesbitt, said: “This technology is already making a difference to how efficiently and effectively our emergency departments and minor injury unit clinicians can treat patients. With missed fracture rates decreasing significantly, the project is delivering real-time benefits to patients. I’m excited about the potential this project has to improve and streamline workflows, enhance diagnostics and most importantly, improve patient care.”
Jane Rendall, UK and Ireland managing director for Sectra, said: “Northern Ireland is a genuine pioneer in integrated diagnostics at-scale. NIPACS+ is a global exemplar in bringing together diagnostic images as an enabler for transforming how services can work together. It remains a privilege to continue to support the programme, one which I know personally is inspiring and informing how diagnostic services in other parts of the UK can modernise.”
Back and neck pain are often framed as inevitable features of modern life, an individual inconvenience rather than a collective challenge. Yet new evidence shows that spinal health has become one of the UK’s most significant, yet under-recognised, public-sector issues. Affecting nearly one in five adults, spine-related musculoskeletal (MSK) conditions are now a major driver of NHS demand, workforce inactivity and widening health inequalities. The scale and persistence of this burden demand a coordinated response from government, healthcare systems, employers and local authorities alike.
Musculoskeletal conditions remain among the most prevalent long-term health problems in England, with back and neck pain the leading contributors. Spine-related conditions account for up to 30 per cent of GP consultations, placing sustained pressure on already stretched primary care services. The economic consequences are equally stark. More than 30 million working days are lost each year due to MSK problems. At the same time, work-related MSK disorders alone affect over half a million workers annually, resulting in millions of lost working days.
Crucially, this is not a short-term or self-correcting problem. Since 2019, the number of people economically inactive due to long-term sickness has risen sharply, with back and neck pain consistently cited among the leading causes. Once individuals leave the labour market because of chronic spinal pain, return rates are low without coordinated clinical and occupational support. This creates a cycle of reduced participation, lower productivity and increased welfare dependency.
Spine health underpins almost every aspect of daily life, from mobility and independence to work, caring responsibilities, and social participation. When spinal function declines, people reduce movement to avoid pain. Over time, this leads to muscle deconditioning, greater instability and heightened pain sensitivity, a vicious cycle that drives chronic disability.
For the public sector, the implications are profound. In healthcare, delayed access to physiotherapy and rehabilitation increases chronicity, repeat GP appointments and demand for imaging and pain management services. In employment, spinal pain fuels both absenteeism and presenteeism, with productivity losses often exceeding those caused by sickness absence alone. In social care, loss of mobility and independence among older adults increases reliance on formal and informal care networks.
Viewed through this lens, spinal health is not simply an orthopaedic issue; it is a determinant of national capability and economic resilience.
The rise in spinal disorders reflects significant changes in how people live and work. Sedentary behaviour has emerged as a major, modifiable risk factor. Evidence now shows that spending more than six hours a day sitting increases the risk of developing chronic back pain by around a third. Prolonged sedentary leisure time, particularly television viewing, is causally linked with disc degeneration, sciatica and cervical spine disorders.
Hybrid and home working have increased these risks, as, they have reduced incidental movement, such as commuting and walking between meetings. Many home workspaces lack ergonomic design, and long periods of uninterrupted sitting have become normal. Importantly, research suggests that it is not posture alone that causes harm, but prolonged immobility. Regular movement and posture change are far more protective than striving for a single “correct” sitting position.
For policymakers, this has clear implications. Sedentary behaviour is not merely a lifestyle choice; it is embedded in transport systems, workplace norms and digital design. Treating it as a population-wide prevention issue, on a par with smoking or poor diet, represents a major opportunity to reduce future spinal pain and disability.
The UK’s ageing population adds another layer of urgency. Millions of people are living with osteoporosis, leading to hundreds of thousands of fragility fractures each year. A substantial proportion are vertebral fractures, many of which go undiagnosed and are misattributed to “ordinary” back pain.
These fractures are far from benign. They cause chronic pain, loss of height, spinal deformity and reduced independence, and they significantly increase the risk of further fractures. For employers, fragility fractures among working-age adults already cost tens of millions of pounds annually in sickness absence, a figure set to rise as the workforce ages.
From a public-sector perspective, the universal implementation of Fracture Liaison Services (FLS) and proactive vertebral fracture assessment are among the most cost-effective interventions available. Where FLS models are fully operational, re-fracture rates fall, and long-term care costs are reduced. Yet coverage remains inconsistent across the UK.
Spinal pain does not affect all groups equally. Women consistently report higher rates of chronic back and neck pain than men, reflecting a combination of biological factors, occupational exposure and unpaid caring responsibilities. Socioeconomic deprivation is an even stronger predictor. People living in the most deprived areas are more than twice as likely to report long-term MSK pain as those in the least deprived areas.
These inequalities are reinforced by differences in work conditions, access to early intervention and the built environment. Manual and care-related occupations carry higher physical demands and fewer workplace adjustments, whilst communities with limited green space, public transport infrastructure and affordable exercise facilities provide fewer opportunities for protective movement.
For local authorities and integrated care systems, this underscores the need for place-based strategies that link health improvement with urban planning, transport and employment policy.
The evidence points to a clear conclusion – the UK’s spine-health burden is not inevitable, but it will continue to grow without coordinated action. Three priorities stand out.
First, sedentary behaviour must be included within national prevention frameworks. Clear public messaging, such as encouraging people to stand and move every 30 to 45 minutes, should be reinforced by workplace standards, media campaigns and active travel policies.
Second, community MSK services must be treated as core prevention infrastructure. Early exercise-led intervention reduces chronic pain, and long-term work absence. Scaling up first-contact MSK
practitioners in primary care and shortening waits for physiotherapy would deliver both health and economic benefits.
Third, bone health must be a priority through universal FLS coverage and systematic screening for vertebral fractures. As the population ages, preventing spinal fragility will be central to maintaining independence and controlling future care costs.
Spine health offers a powerful lens through which to view the UK’s broader health and productivity challenges. It sits at the intersection of ageing, work, inequality, mental health and physical inactivity. Improving it does not require high-tech solutions, but consistent, evidence-based policy that makes movement easier, intervention earlier and prevention universal.
For the government and the public sector, the message is clear. Protecting spinal health is not simply about reducing pain; it is about safeguarding the nation’s capacity to work, care and thrive. A healthier spine is the backbone of a healthier, more resilient UK.
The Principality of Liechtenstein has awarded its High Priority Ka-band radio spectrum filings to the space mission company, Open Cosmos, enabling it to build and operate its new sovereign LEO broadband satellite constellation.
The spectrum rights, which are an important geo-political asset for Europe, marks a significant step forward in the company’s quest to develop independent, resilient space-based communications and data processing infrastructure, for the world.
Hubert Büchel, Minister of Home Affairs, Economy and Sport of Liechtenstein, says: “This decision underscores Liechtenstein’s commitment to making use of the frequencies allocated to us. We are pleased that, through this filing, with Open Cosmos, we are putting them to good and effective use.”
The UK Government was fully supportive of Open Cosmos’ quest to be awarded these scarce filings. Space Minister Baroness Liz Lloyd said: “This is fantastic news for Open Cosmos and for the UK’s thriving space sector. Securing these valuable spectrum filings is a testament to British ingenuity and ambition, and I’m delighted to see a UK company leading the way in building reliable satellite communications systems for the future.
“With the potential to create hundreds of highly skilled manufacturing and engineering jobs at their Harwell facility, this project demonstrates exactly how our space industry is delivering real opportunities for people across the country while cementing the UK’s position at the forefront of the global space economy.”
The company has had a 100% success rate launching telecom, earth observation and scientific satellites for over a decade, and, following the award of these filings, is now applying this expertise to satellite connectivity and communications. This will be a unique offering that ensures government, enterprise and institutional users, across Europe and beyond, to truly understand critical situations on Earth in real-time management and for quick decision making.
Rafel Jordá Siquier, Founder and CEO of Open Cosmos, said: “Securing these Ka-band Liechtenstein filings is a defining moment for Open Cosmos, as we gain an invaluable opportunity to realise and achieve Europe’s space ambitions and true potential. With our full-stack approach to satellite design, manufacturing, launch and continued operation, we will be quick to deploy and will see our first satellites go up in the coming weeks.”
Open Cosmos, which already provides its full range of services to governments in the UK, Portugal, Greece and Spain, will launch its first two satellites of this new constellation in Q1, 2026. These satellites have been manufactured at Open Cosmos’s headquarters in Harwell, Oxfordshire, with teams across Spain, Portugal and Greece contributing to the programme.
Rocket Lab, one of the world’s leading launch providers, is confirmed as launch partner, with lift-off scheduled from Mahia, New Zealand.
Electric Vehicle (EV) Charge Point Operator (CPO) Believ is welcoming the BSI PAS 1899 review and updated recommendations as an important milestone in industry coming together to improve access of EV charging for all drivers, including those with diverse accessibility needs.
Three years on from the publication of the PAS 1899 accessible charging guidance, a comprehensive review brought together consumer and disability groups, local authorities, and CPOs, including Believ, to assess how well the standard is working in practice and to recommend improvements for its future development.
Believ was involved in both the technical review group, and the accessible charge point data standard working group, supporting the assessment of the existing requirements.
Key amongst the findings was the need to recognise the differences in charge point installation in built environments and to identify industry implementation advice specific to different scenarios, such as managing the logistical and spatial constraints of on-street charge point installations.
The review usefully addresses the challenges faced by local authorities, businesses, private landlords and CPOs, recognising the complexities and technical limitations of accessibility measures, for example understanding that solutions still need to be further developed regarding charging cable weights.
Believ has already been working with local authorities to improve inclusive EV charging infrastructure in three East London boroughs. Believ has collaborated with the boroughs of Waltham Forest, Newham, and Redbridge, leveraging LEVI funding to trial new on-street EV charging bay designs that enhance accessibility, engaging with customers and advocacy groups to understand real-world barriers and rapidly deploy improvements.
Guy Bartlett, Believ CEO, says he is proud of Believ’s involvement in the review:
“At Believ, we see it as our responsibility to help shape the future of accessible EV charging, and we’re committed to continuing to work with industry to recognise what is possible now, while also highlighting challenges that need to be addressed. Making charging inclusive for every driver is not just a technical challenge—it’s a social responsibility that we take seriously.
“We recognise that there is still more work to do in the industry to further accessibility of EV infrastructure, and Believ is committed to working with our supply chain and actively participate and contribute to developing PAS 1899 and ensuring that no driver is left behind in the EV transition.”
The review also highlights the importance of future engagement with European bodies such as CEN and CENELEC, helping to create more consistent, pan-European accessibility guidance, which Believ views as a positive step towards global accessibility standards for EV infrastructure.
To find out more about Believ’s mission, visit: www.believ.com/
The Cyber Security & Resilience Act (CSR) is making its way through Parliament in 2026. Assurance will no longer be enough with the new Act. For too long cyber security it has been an underfunded, poorly-supported, tick-box measure. The arrival of the CSR Act will change this, especially as it comes weaponised by the enforced use of the anew Cyber Assessment Framework, known as a CAF and overseen by the National Cyber Security Centre (NCSC). Each regulator, or Oversight Body, will also have its own, enhanced CAF (eCAF).
For critical national infrastructure and essential services, securing a network has unique challenges. Their systems have often been built up over many years and, in the case of operational tech, there was never any expectation it needed to sit alongside critical information tech. As a result, they are often unable to receive patches, are deeply integrated with critical processes and must remain operational 24/7.
These services can’t just be shut down. So we recommend layering modern security processes around the legacy kit. This approach avoids the rip and replace idea and prepares for evolving threats. Here are some steps to take towards securing your critical network:
Start where you are
The best way build resilience is to properly implement what you already have. It’s not that government organisations don’t invest in cyber resilience, it’s that the implementation often wanes. Before spending on expensive new tools, configure the current systems and bring them up-to-date. This will put you in a better place to plan what needs doing next.
Establish good governance
The Cyber Assurance Framework supports clear, experienced governance. The NCSC says:
‘Effective security of network and information systems should be driven by organisational management and corresponding policies and practices. There should be clear governance structures in place with well-defined lines of responsibility and accountability for the security of network and information systems’1.
Good governance needs to extend throughout the team with training that works. Credentials misuse is an easy way for attackers to access the system, and once they’re in, to move laterally, exfiltrating data as they go. This form of attack has been seen on Councils in 2025.
We’re are not great advocates of the repeated tests some users have to take. Training needs to be interactive and preventative. So it stops users from moving on and redirects them to a test or explanation before they can continue. This method ingrains security procedures across the organisation.
Support the full lifecycle
Part of the responsibility for short-termism lies with vendors. In a legacy system, the original vendors may no longer support the system. We would like to see pressure on vendors to provide ongoing support for legacy systems in government organisations. This would reduce the huge costs in technology end-of-life upgrades. Proper support from vendors will help to manage ongoing changes, and costs, in the cyber risk environment.
Implement zero trust
A resilient system should be built on core zero trust principles. So all users have to explicitly verify themselves, access is limited to just-enough and segment access is minimised. Attacks on Councils in 2025 have come via unauthorised access to outdated legacy systems. In our work, we’ve seen networks where none of the nodes are monitored and no alerts are sent, for example.
Organisations can improve resilience and create an evidence trail by implementing zero trust methods. Instead of believing that everything behind the corporate firewall is safe, a zero trust model assumes every entry is a breach and demands verification from each request.
There’s also the new challenge of OT; dumb end-points. For example, cameras that monitor roads, rail and underground services are being digitalised. Traditionally this has been legacy
technology on isolated networks. Now OT is increasingly on the same network as the critical systems, but without the accompanying security measures. OT needs segmenting and the principles of zero trust applying. Locking down communication between systems and enforcing least-privilege access can reduce attack surfaces and limits who can interact with critical components.
Plan for evidence
The CSR Act will require evidence that your security procedures work in practice. We’ve identified some processes to help with this.
· Create a Senior Information Risk Owner position at Board level, with responsibility for security. This is a good way to ensure that difficult conversations don’t get watered down at a senior level. The SIRO can also lead a security working group, which should include those with expertise and responsibility for security, not just those who procure it.
· Use the existing compliance regimes to accelerate the CAF. Review what’s missing and how you can meet the requirements.
· Identify a breach back-up team and the technology it uses. If or when a breach happens, what do you do? What happens if the SOC is lost or your primary cloud provider goes down? Does everyone know what their role is?
· Start a testing programme for the systems and control you have. Record this and monitor change. This should include a schedule for Cyber Incidence Exercises (CIE). Identify who’s involved.
The best time to start with cyber security is always yesterday. But whatever stage you’re at, now is the moment to review your cyber security. Now that the CAF will mandate certain processes, it’s definitely time to show evidence of your network’s resilience.
Join us at CNI SEC – The Critical Summit for Critical Infrastructure
Thursday 29 January 2026
CNI Sec is an invitation-only gathering of the UK’s most senior cyber leaders in critical national infrastructure. This exclusive forum is designed to drive action, turning complex regulation into workable strategies, securing legacy and OT systems, managing supply chain risk, and staying ahead of the most sophisticated threats.
CNI SEC – The Critical Summit for Critical Infrastructure · Luma
Over the last couple of years, there has been a surge in cyber-attacks. Major incidents have occurred, impacting UK firms like Marks and Spencer’s (M&S), Co-op, and one of the most disruptive, JLR – Jaguar Land Rover. Even data centres were not immune to attack; they faced artificial intelligence (AI) augmented incidents involving credential stuffing, phishing and supply chain infiltrations.
They have led to major breaches with companies, such as Red Hat, Quantas and SK Telecom’s customer data being impacted – causing significant operational disruption by increasingly attacking partners like Snowflake to reach victims that are located downstream from the initial breach.
Google Ai says the key trends also involved “AI-driven social engineering, identity theft and the exploitation of third-party ecosystems, making basic security hygiene and partner verification critical defences against these escalating threats.” With AI, phishing has become more sophisticated and, consequently, harder to spot. Then there are state-sponsored campaigns targeting critical infrastructure, defence and crypto.
The weakest link
However, the weakest link is us as humans. Our own emotions can mean even the most intelligent, alert and knowledgeable person can fall for Authorised Push Payment (APP) scams that may also involve cryptocurrency payments. So, avoiding falling victim as an individual or an organisation doesn’t just involve technology. There is still a need for the human touch and for cyber-security training to keep everyone safe.
Thankfully, the UK has introduced new rules that require banks to reimburse innocent victims of APP scams. Since October 2024, they must comply with the new Payment Systems Regulator (PSR) rules. They aren’t a failsafe because it doesn’t cover payments to third parties, such as payments firms offering access to cryptocurrencies; exceptions for gross negligence also exist. So, with people increasingly turning to cryptocurrencies, there needs to be more work done to regulate the industry.
Industry collaboration
Even though there is more industry collaboration in place to tackle fraud and cyber-attacks, including with regulators, such as the Financial Conduct Authority (FCA), the Payment Systems Regulator (PSR), as well as with consumer and business groups, there is still more to do to combat this type of fraud: this often begins online. AI and machine learning (ML) tech can help to counter bad actors. However, there is a need – even within an organisation – to be able to report a potential incident and speak openly; this includes making it easier to access technical support.
UK Finance reports: “Authorised push payment (APP) fraud losses were £257.5 million in the first half of 2025, a 12 per cent increase on the same time last year. APP cases fell by eight per cent to 110,747.”
Data breach cost: $4.44 million in 2025
So, data breaches aren’t the only concern of which individuals and organisations need to be aware. However, they remain a significant issue, and the way to prevent them is by putting systems, processes, training, and even counselling in place. Rob Sobers, writing for Varonis, reveals the ‘Data Breach Statistics & Trends [updated 2025].’ Citing figures from IBM, he finds that “the global average cost of a data breach was $4.44 million in 2025, a slight drop from the record high of $4.88 million in 2024.” The most expensive healthcare breaches occur in Healthcare.
IBM’s research reports that healthcare data breaches cost on average “$7.42 million, a drop from $9.77 million the year before.” While it does suggest there has been a fall in the overall average of the number of data breaches, the problem remains significant – particularly as IBM says the “average cost of a mega-breach of 50 to 60 million records in 2024 is $375 million, a $43 million increase from 2023.”
He notes that Verizon says, “67% of data breaches involved external actors, while 30% involved internal actors.” The company finds that ransomware was involved in 44% of breaches, up from 32% the year prior, and that only 10% of breaches involved state-affiliated actors. The vast majority of breaches are attributed to organised cybercriminal gangs.
‘Prevention is better than a cure’
It’s therefore crucial to still follow an approach that follows the old adage of “Prevention is better than a cure.” That includes backing up customer and operational data to ensure business and service continuity whenever a successful attack occurs. Obviously, measures also have to be put in place to prevent any cyber-attacks from achieving its goal – disruption and in the case of ransomware, the payment of a significant huge ransom. Still, backing up in at least 3 disparate locations is essential, and the most sensitive data requires an air-gap.
The problem is – even in 2025 – there are very few technologies that can accelerate encrypted data over wide area networks (WANs). WAN Optimisation can’t do it – to send encrypted data, an organisation has to first of all unencrypt it – leaving it vulnerable to the people performing the task, or to bad actors while in transit; then the same keys have to be used to re-encrypt it all. As for WAN performance, there is often no significant increase in data transfer speeds and bandwidth utilisation can be found to be lacking.
SD-WANs are often seen as the answer, but they often need a boost. There are also sectors such as defence that need a performant WAN that can totally expedite and receive encrypted data. To do this with SD-WANs requires a WAN Acceleration overlay. It works by mitigating the effects of latency and packet loss, while also utilising AI and ML to permit data parallelisation, helping to improve bandwidth utilisation by 98%. More to the point, the data remains encrypted, and not even a company such as Bridgeworks and its team can see the data. Nor can any bad actor.
A better WAN tomorrow
Going forth into 2026 with WAN Acceleration, which is sometimes also called Data Acceleration, means that companies and organisations can have a better WAN tomorrow. Cyber-attacks will occur in the New Year. That’s a given. Nevertheless, for everyone it’s vital to put support systems and technologies in place to thwart the attempts of hackers and scammers to allow for a happy and prosperous year ahead. The exception is for those miscreants that want to stop us. They can be obfuscated with WAN Acceleration, and by talking to experts who can help to prevent attacks.
Only a few days away now from New Year’s Day again, fireworks and all. Hopefully, it’ll be a happy and prosperous one for everyone. Unfortunately, cyber-attacks aren’t about fun, prosperity and good will. Of course cyber-criminals might celebrate the new year if their scams and attacks bear them financial rewards, then they really would have something to celebrate. However, most of us don’t wish them such luck; we need to ensure that our data and finances are secured.
David Trossell
Amongst the many cyber-attacks that have occurred in 2025, one that stands out was cyber-attack on the Royal Borough of Kensington and Chelsea, Westminster City Council and the London Borough of Hammersmith and Fulham. These London boroughs in England enacted emergency plans after they were hit by a cyber-attack on 26th November 2025.
For example, across the Pond, the State of Nevada declined to pay a ransom on 6th November 2025, as a result of a data breach that was traced by to May. It disrupted services across more than 60 States agencies, exposing thousands of files, and it allegedly caused $1.3m in recovery costs. Furthermore, despite refusing to pay a ransom, no threat actor was identified.
33.7 million customer accounts breached
At the end of the month, Coupang – South Korea’s largest e-commerce firm – announced a data breach involving 33.7 million customer accounts. This led to names, emails, phone numbers and some order histories being accessed by an unauthorised part over several months, since June 2025. While no payment details were leaked, affected users were warned that they could fall prey to a phishing attack. The suspect: An insider. Even so, with phishing being a potential issue, the threat to the organisation, its suppliers, its reputation and customers is much wider than an individual.
Such issues just aren’t the present that anyone wants just before or even during Christmas, or before the New Year. After all, the festive season isn’t immune to cyber-attacks. Infosecurity magazine warns that ‘UK Shoppers Lost £11.5m Last Christmas, NCSC Warns.’ Phil Muncaster, UK and EMEA news reporter at the magazine adds:
“Scammers have a variety of tools and tactics at their disposal, from advertising non-existent items at knockdown prices, to setting up lookalike web stores promoted by fake ads and phishing messages, which are designed to harvest personal and financial information.”
Devastating impact
Any cyber-attack or scam on an individual or an organisation can be devastating. The first thing to avoid thinking is that you’re too clever or intelligent to become a victim. The truth is anyone can, and so it’s vital to put in place systems and processes to reduce the likelihood of any attack or fraud from succeeding. This includes training, and a means for members of staff to speak up, or to alert others if they see anyone acting suspiciously – including members of internal staff.
What also needs to be borne in mind is that cyber-threats are going to become increasingly sophisticated. Google Cloud therefore advises organisations to plan ahead: “2026 will usher in a new era for cybersecurity. Threat actors will leverage AI to escalate the speed, scope and
effectiveness of their attacks. Simultaneously, defenders will harness AI agents to supercharge security operations and enhance analyst capabilities.”
“This transformation introduces new challenges, including “Shadow Agent” risks and the need for evolving identity and access management, all while geopolitical and financial threats continue to accelerate.”
AI Arms Race
Well into the New Year, it predict that there will be an AI Arms Race, leading to faster attacks that will be counted with an Agentic Security Operations Centre (SOC). Google AI describes it as being: “An advanced, AI-driven cyber-security model where autonomous AI agents work together to detect, investigate, and respond to threats with minimal human intervention, moving beyond simple automation to independent reasoning, planning and dynamic adaptation for faster, more efficient security.” The aim is to predict the next defensive move to avert any potential danger.
Extortion is an old devil. In modern times, it comes in the form of ransomware and data theft, which remain the top threat, and will probably be so in 2026. Various tactics are used to bypass multi-factor authentication. Then there is the Virtualisation Frontline, which is about how attackers are targeting virtualisation infrastructures because this critical layer, says Google Cloud, is a “growing blind spot.” With conflicts around the world continuing – including in Ukraine, the activities of some nation states, such as Russia, are often cited as a major cause for concern.
Quantum risk
Cyberlab warns in its ‘Top 5 Cyber Security Predictions for 2026’ that deepfakes, identity fraud and the human factor will play a significant role in cyber-attacks during the new year. There will also need to be some thought for quantum risk – the risk posed by the increasing use of quantum computers to break current encryption protocols, such as RSA and ECC, which are used to secure data communications.
This threat makes sensitive data particularly vulnerable, and so organisations would be advised to create air gaps for their most vulnerable data. The problem is that bad actors might harvest data now to decrypt it later on, which can lead to financial transactions being compromised or diverted. There could also be national security implications.
With the growth of the Internet of Things (IoT), the risks of this occurring could become more significant, and so there is a need for a Zero Trust Security policy – particularly when it comes to supply chain security, which Cyberlab thinks will become even more of a business requirement than it is today.
Costing UK businesses £14.7bn
Adam Myers, writing for its blog, adds: “In November 2025, the UK Government released a comprehensive report on the economic cost of cyber-crime, which highlights how the average cyber-incident costs a UK business £195,000. Scaling this to an annual UK cost, generates an estimate of £14.7 billion, equivalent to 0.5% of the UK’s GDP. The growing threat landscape and significant cost of cyber-crime makes cyber-security a pressing issue for all UK businesses.”
Therefore, to prevent any disruption or financial upheaval, it’s vital to be able to allow the fireworks to go ahead on 1st January 2026 without having to worry too much about cyber-attacks and data breaches. That’s because any mitigations should already be in place to ensure that they can’t be successful or, where possible, actually happen at all. If they do occur and they are successful, then service continuity rather than the disaster recovery should already be in place.
Be prepared today
This is achieved through by deploying a multitude of strategies – from the implementation of regular training programmes to prevent staff from clicking on phishing emails, to backing up and – whenever needed – restoring data with WAN Acceleration. The latter uses artificial intelligence (AI) and machine learning (ML) to mitigate the effects of latency and packet loss.
To further accelerate the flow of encrypted data, it also deploys data parallelisation to permit faster backups and restores, while also having the ability obfuscate cyber-criminals. In essence, it’s the happy new WAN you want in 2026 – allowing organisations to achieve regulatory compliance, avoid fines caused by data breaches and stay operational. That will help them to save time, money and effort. With that in mind, have a happy and prosperous New Year!
By Mike Lord, CEO and Chairman of Stiltz Homelifts
Mike Lord
For decades, the bungalow has been the gold standard of later-life housing. Single-storey living promises freedom from stairs, simpler maintenance, and the comfort of a private garden. For many older people, it has symbolised a sensible, even aspirational, step down from the family home.
But this long-standing assumption deserves urgent re-examination. As the UK faces a deepening housing shortage and a rapidly ageing population, our fixation on bungalows is not only impractical, it is actively holding back better, more sustainable solutions for older and less mobile people.
In 2022, around 12.7 million people in the UK were aged 65 or over. By 2072, that number is predicted to rise to 22.1 million, meaning our ageing population is not a short-term pressure but an issue that will shape housing, health, and public spending for decades.
Research by the HomeOwners Alliance shows that 38% of homeowners aged over 55 would like a bungalow for their next move – reflecting the demand, but not a viable solution.
Building more single-storey homes would barely scratch the surface of current need. Worse still, it risks diverting much-needed land, public money and policy attention away from approaches that could benefit millions more people.
Bungalows are inherently inefficient in terms of land use. A single-storey footprint requires significantly more space than a two-storey property of the same size. In a country where suitable development land is already critically short, this matters.
Every hectare used for low-density, single-level housing is a hectare that cannot deliver the volume of homes required to meet national targets. With the government committed to building 1.5 million new homes, we must build up, not out.
This is not just an abstract planning issue. Prioritising bungalows at scale would slow delivery, inflate costs, and ultimately reduce the number of homes available for people of all ages.
There is also a human cost to the bungalow ideal that is too often overlooked. Moving to a bungalow usually means moving away. These properties are rarely available in established streets where people may have lived for 30 or 40 years. Instead, they are often located on the edges of towns or in age-segregated developments.
For many older people, this means leaving behind neighbours, routines, and informal support networks. The result can be social isolation, loss of identity, and declining mental wellbeing. Research in our recent white paper – Planning Homes for All Ages, shows that 13% of people over 50 believe moving home would negatively affect their mental health. Forced relocation later in life has been linked to higher rates of depression and anxiety – outcomes that inevitably feed back into health and care services.
There is also a broader community impact. Older residents play an important part of society, from childcare support for working families to volunteering and civic participation. Removing them out of mixed-age neighbourhoods weakens communities at precisely the moment when it is most needed.
For similar reasons, I am sceptical of growing calls from housing-with-care operators, MPs and peers for a national policy to accelerate the development of housing specifically for older people. While specialist provision has an important role, it should not become the default.
Creating “older persons only” neighbourhoods risks institutionalising age segregation. A better approach is one where people of all ages can continue to live side by side, with homes that adapt as needs change over time. This is not only socially healthier, but also more flexible and more resilient in the face of demographic change.
The real solution lies not in mass relocation, but in enabling people to remain safely in the homes they already know. Most older people want this. Families want it, and from a public policy perspective, it makes overwhelming sense.
Simple, well-designed adaptations – handrails, level-access showers, wider doorways – can dramatically reduce the risk of falls and loss of independence. More transformative measures, such as compact domestic lifts, remove the staircase as a barrier altogether, allowing multi-storey homes to function as effectively as single-storey ones.
The economic case is compelling, for every £1 invested in preventative housing adaptations, the NHS and other care agencies save an estimated £1.62. Fewer falls mean fewer ambulance callouts, fewer hospital admissions, and shorter stays, easing pressure on an already stretched National Health Service.
This is why the focus of housing policy must shift decisively towards adaptability. The homes we build today will still be standing in 50 or 100 years. Designing them around the needs of the fully non-disabled first-time buyer alone is short-sighted.
All new homes should be built to support ageing in place from the outset. That means level entrances, wide hallways suitable for wheelchairs, and structural provision for the future installation of lifts. These hese features do not detract from a home’s appeal to younger buyers, they future-proof it.
Local councils have a critical role to play here. Building regulations already allow adaptable, accessible standards, but adoption is inconsistent, and enforcement is uneven. Clear national leadership is needed to ensure that vertical mobility is treated as a core design consideration rather than an optional extra.
Developers, too, must be part of the solution. Incentives, whether through planning flexibility, tax measures or accelerated approvals, could encourage the construction of accessible, multi-storey homes that work for people at every stage of life.
The shortage of suitable housing options is already driving some older people into residential care earlier than necessary, often funded through debt or the forced sale of assets. According to the UK Seniors Housing Report 2024, there will be a shortfall of 46,000 retirement and seniors housing over the next five years. Simply building more bungalows will not close that gap.
The UK’s love for bungalows is understandable, but nostalgia is a poor guide for policy. If we are serious about addressing the housing crisis for older and less mobile people, we must move beyond the idea that single-storey living is the only answer.
By investing in adaptable homes, supporting ageing in place, and designing new housing with vertical mobility in mind, we can create communities that are inclusive, efficient and fit for the future. The choice is not between independence and density, or between well-being and growth. With the right approach, we can, and must, deliver all three.
Electric Vehicle (EV) Charge Point Operator (CPO) Believ is welcoming the BSI PAS 1899 review and updated recommendations as an important milestone in industry coming together to improve access of EV charging for all drivers, including those with diverse accessibility needs.
Three years on from the publication of the PAS 1899 accessible charging guidance, a comprehensive review brought together consumer and disability groups, local authorities, and CPOs, including Believ, to assess how well the standard is working in practice and to recommend improvements for its future development.
Believ was involved in both the technical review group, and the accessible charge point data standard working group, supporting the assessment of the existing requirements.
Key amongst the findings was the need to recognise the differences in charge point installation in built environments and to identify industry implementation advice specific to different scenarios, such as managing the logistical and spatial constraints of on-street charge point installations.
The review usefully addresses the challenges faced by local authorities, businesses, private landlords and CPOs, recognising the complexities and technical limitations of accessibility measures, for example understanding that solutions still need to be further developed regarding charging cable weights.
Believ has already been working with local authorities to improve inclusive EV charging infrastructure in three East London boroughs. Believ has collaborated with the boroughs of Waltham Forest, Newham, and Redbridge, leveraging LEVI funding to trial new on-street EV charging bay designs that enhance accessibility, engaging with customers and advocacy groups to understand real-world barriers and rapidly deploy improvements.
Guy Bartlett, Believ CEO, says he is proud of Believ’s involvement in the review:
“At Believ, we see it as our responsibility to help shape the future of accessible EV charging, and we’re committed to continuing to work with industry to recognise what is possible now, while also highlighting challenges that need to be addressed. Making charging inclusive for every driver is not just a technical challenge—it’s a social responsibility that we take seriously.
“We recognise that there is still more work to do in the industry to further accessibility of EV infrastructure, and Believ is committed to working with our supply chain and actively participate and contribute to developing PAS 1899 and ensuring that no driver is left behind in the EV transition.”
The review also highlights the importance of future engagement with European bodies such as CEN and CENELEC, helping to create more consistent, pan-European accessibility guidance, which Believ views as a positive step towards global accessibility standards for EV infrastructure.
To find out more about Believ’s mission, visit: www.believ.com/
Every crane, cable and concrete pour on a modern construction site is tracked in real time. Yet in the main, the proof of the skills behind them still lives on plastic cards and paper certificates. In a digital age, that’s our weakest link.
While design coordination, logistics and asset management have all become data-driven, one vital element remains stubbornly analogue: how we prove that people are qualified to do their jobs.
And as the UK construction industry races to deliver 1.5 million new homes, decarbonise buildings and close widening skills gaps, trust in workforce data has become key to productivity, safety and reputation.
From plastic cards to living credentials
For decades, traditional certification cards have served as a basic form of identity and competency verification. But the system is straining under modern pressures. Counterfeit cards, inconsistent checking and fragmented records leave employers exposed to compliance risk and costly delays.
Physical cards were designed for a static world. Construction today is anything but static. We need real-time data that verifies a worker’s competence dynamically – not once, years ago, at the point of qualification.
That’s the promise of a digital skills passport: a secure, living record of every worker’s verified qualifications, competencies and safety training, accessible instantly via mobile or cloud-based systems.
Instead of a plastic card, a site manager scans a QR code or opens a profile and sees verified evidence of training, experience and fitness to work. In seconds, they know who’s on site, what each person is qualified to do and when credentials expire.
The result isn’t just administrative efficiency. It’s safer sites, safer workforces, faster onboarding and an industry that can finally trust its own people data.
How the technology works
At the heart of a digital passport is secure, interoperable data infrastructure – built on the same principles that made Building Information Modelling (BIM) transformative. The most advanced systems combine:
Multi-factor authentication and dynamic QR IDs to prevent cloning or screenshots.
Integration with accredited training providers to flag anomalies in real time.
Biometric identity checks to match credentials to individuals.
Live links to governing bodies for instant validation.
Centralised document storage to keep certification evidence within one verified profile.
Together, these technologies create a trusted digital ecosystem that connects people, qualifications and compliance data across employers, projects and supply chains. Causeway platforms already support workforce systems used by more than 600,000 people in the UK – clear evidence that the foundations are laid.
Why it matters now
The call for workforce verification isn’t new. What’s new is the urgency.
The CIOB’s 2025 Capacity Constraints report warns that labour shortages, fragmented data and ageing skills threaten construction’s ability to meet demand.
The Stewart Review of major projects highlighted the same issue in different words: trust and data quality are now as critical to delivery as finance or design.
Meanwhile, a recent RICS Digitalisation Report reported that only 12% of firms use digital tools on all projects, with widespread inconsistency in data sharing and verification.
In short, we can’t build a digital industry on analogue proof.
The shift to digital skills passports mirrors the transformation already underway elsewhere: BIM unifying design data, digital twins monitoring asset performance, and AI optimising planning and maintenance. Workforce data must now become part of that same connected ecosystem.
A foundation for digital construction
A verified digital workforce profile does more than improve safety. It accelerates productivity, strengthens compliance and builds confidence across complex supply chains.
It gives contractors a single version of the truth about their people, enabling smarter deployment, targeted training and faster mobilisation.
And it helps workers themselves by turning qualifications into a portable, trusted asset that supports their career.
If construction is serious about modernisation, this is the next logical step. The technology is proven. The standards are emerging. What’s needed now is collective adoption.
Because the next phase of digital construction isn’t just about modelling buildings – it’s about modelling the workforce that constructs them.
If BIM made our buildings transparent, digital passports will make our people visible – and that visibility builds trust.
The industry has laid the groundwork for a trusted digital system. Now it’s time to build on it.
Awaab’s Law, which came into force on October 27 this year, mandates that social landlords must respond promptly and efficiently to reports of damp, mould, and other emergency hazards.
It establishes clear statutory obligations for housing providers, including stringent response times, investigation procedures, and repair timelines. To comply, landlords must have robust systems in place that ensure timely actions and a clear audit trail.
One of the key obstacles landlords are facing when trying to undertake these duties, is obtaining access to properties to undertake inspections and complete the necessary works.
Siobhan Hardy, Head of Housing Litigation at Forbes, explains: “For many landlords we work with, gaining access to premises where there have been reports of damp or mould is proving a real barrier to them executing their duties.
“In some instances this can arise when tenants refuse access to the property, but in others it may be down to issues like hoarding or condition issues making the specific part of the property inaccessible.
“Our new service is designed to equip landlords with the tools and expertise needed to overcome these barriers and meet their obligations with confidence and ease.”
Non-compliance with Awaab’s Law can expose landlords to significant risks, including enforcement action, regulatory scrutiny, and potential legal consequences.
Forbes’ Awaab’s Law Compliance Service enables prompt action at the pre-action stage, followed by a thorough and effective process to secure an injunction for access, ensuring full compliance with legal requirements.
A new attempt to create a national, longitudinal health record was one of the big ideas in the 10 Year Health Plan. However, the use case and architecture is far from clear, and there are some big commercial issues to address with health tech vendors.
The NHS has a troubled history when it comes to national record and data projects. When the National Programme for IT was launched in 2002, it set out to develop a Summary Care Record that would make data available to clinicians wherever a patient presented for treatment.
England had never had a single database of patient information before, and concerns about security and access effectively scuppered the idea. In 2010, the SCR was scaled back to “hold only the essential medical information needed in an emergency.”
Four years later, NHS England launched the ill-fated care.data project, a plan to create a massive database of secondary and primary care information for planning, research, and commercial exploitation. Amid a huge outcry, and terrible public communications, the idea was scrapped the same year.
A big think tank has a big idea: and the government runs with it
This unhappy history has not put the idea of a single national record to bed. Instead, last summer, the Tony Blair Institute for Global Change argued the NHS should try again.
In a report, it argued the UK now has a “mixture of integrated health data sets.” These include the remains of the SCR, and the shared care records which have been developed over the past decade to improve professional access to health and social care at an integrated care system level.
Then, there are data and analysis platforms, including the Federated Data Platform, which NHS England is pushing hard. And there is the NHS App, which has gone through a decade of stop-start investment, while the use of commercial patient held records has gathered pace.
In its report, the TBI argued that what is needed instead is an “integrated, digital, longitudinal health record” to “act as a single source of the truth” and feed portals for care, planning and research, and patient engagement. Incoming health and social care secretary Wes Streeting embraced the idea.
At the launch of the public consultation that led to the 10 Year Health Plan, he pushed the benefits of a “patient passport” that could be accessed by GPs, hospitals and ambulances, while delivering “suitably protected and anonymised” data to researchers and companies to drive growth.
The 10 Year Health Plan duly featured the development of a ‘single patient record.’ However, it didn’t say how the SPR would be architected or set out a timetable for its development. And there is no mention of the idea in last month’s Medium Term Planning Framework, which sets out NHS England’s ‘to do’ list for the next three years.
But what is the use case?
Members of the Highland advisory board were not surprised that the SPR is missing from the framework. Ian Hogan, a chief information officer at a mental health trust, said it’s clear that the SPR is “very much a second phase” project, given the time it will take to clarify its use case, architecture, and funding.
David Hancock, an expert on interoperability, who has been attending industry events on the SPR, said NHS England has spent most of the summer on a “discovery” programme, to find out what different stakeholders might want from it.
This seems to have found that professionals, particularly those working in long-term and emergency care, want more information from other professionals to provide context for their patients; and patients want professionals to have data, so they don’t have to repeat their histories or end up in hospital when they don’t need to.
This, he pointed out, “is the benefit of a shared care record.” So, on the face of it, NHS England could deliver this at a national level “by joining up the 32 shared care records that already exist” fairly easily as long as it picked the right integration model.
Three prototypes
As things stand, though, NHS England is not doing this. Instead, it is developing three prototypes, using different models: a record with its own database; a record taking feeds from other systems (the approach taken by shared care records such as Interweave); and an Uber-style platform that pulls in ‘events’ data, but doesn’t persist it.
David Hancock suggested this might mean NHS England is starting to think about a different use case for an SPR: to support the NHS App. Andy Kinnear, a consultant who pioneered shared care records when he worked in the NHS, agreed.
“A lot of Wes Streeting’s agenda seems to be about making things better for patients; or at least giving them the same kind of consistent digital experience that we get when we use consumer tech,” he said. “It’s going to be hard for the NHS App to do that if the backend is 200 plus systems. It needs something behind it to create that consistent offer.”
What will the architecture look like?
An SPR to backend the NHS App might be useful. But it doesn’t sound much like the TBI’s all-singing, all-dancing digital health record. Nor would it necessarily deliver the direct benefits to care that are being delivered by the more advanced shared care records (like OneLondon, which has focused on care and end of life plans).
Nor would it automatically open up the kind of data that would persuade companies to offer the NHS “cut price deals on medicines” or “priority access to new treatments”, as promised by Wes Streeting. The advisory board found the lack of clarity about the purpose of an SPR frustrating, given the energy and resources that could be directed to it, when the NHS and its IT teams are under so much pressure.
But the real challenge will come when NHS England has to pick a model. “When this gets really tricky is when you say: how do we do the architecture?” said Andy Kinnear. “I think it would be madness to throw away the achievements of the shared care records, but history tells us that governments are always tempted by the idea of working with big companies on big databases.”
Details will matter
Advisory board members also noted that to build an SPR, NHS England will have to grapple with some of the practical issues that have bugged NHS tech projects for years. What standards will the SPR use to ingest and store data? How will its provenance and quality be guaranteed, so clinicians are confident to act on it?
What kind of security wrapper will it have? What will the access controls look like? Nicola Hayward-Cleverly, a former NHS CIO, consultant and non-executive director, pointed out that in some cases, access needs to be opened-up. The NHS App is still trialling proxy access for the families of frail elderly people, and the parents of children.
In other cases, it needs to be locked down. She gave the example of accessing the data of a serving member of the forces. “We need to work out how to get information out, securely, to where people happen to be, in the context they happen to be in.”
Entrepreneur Ravi Kumar said he has proxy access to the records of some of his elderly relatives in India. But then: “My relatives used to take their paper records to the hospital, and now they just hand over their phone number so anyone behind the desk can call them up. Would that be acceptable here?”
The historical reaction to the idea of a national shared care record, and the work that regional projects have had to do since to win support for their work “data field by data field, clinician by clinician, use case by use case,” as Andy Kinnear put it, suggests it wouldn’t be acceptable.
And it’s notable that the medical and privacy groups that opposed care.data and the FDP are already warning that Wes Streeting’s vision for the SPR will “unavoidably create a vulnerable database, the content of which can be shared with drug companies.”
Health tech companies will want to talk commercials
Another challenge is that an SPR will have commercial implications. David Hancock pointed out that, at some point, vendors may be told they have to integrate with the new record. “What happens when you find that some suppliers will do that quite happily and quite easily, but others won’t?” he asked.
“Do you pay them? Do you create infrastructure to make it easier? Do you support them if they need to re-platform their systems?” Various members of the advisory board pointed out that as things stand vendors can make it difficult or prohibitively expensive for third parties to integrate with their systems, slowing the exchange of information, and blocking innovation.
Imaging expert Rizwan Malik argued the NHS should just be tougher about this. “We should start from first principles, which is that we have lots of data locked up in siloed systems, so how do we unlock them?” he said. “This is our data. We should not allow suppliers to stop us using it.”
He also felt the NHS would be better off creating local, practical use cases for data sharing than going in for another big project, that might not get anywhere. In which case, the best role for government and NHS England would be to stop talking about policy and guidance and start talking brass-tacks on issues like standards and APIs.
Not a quick fix
Overall, the advisory board felt there is a need for clarity about the use case for an SPR, its architecture, and how the NHS and its suppliers will be expected to engage with it. Advisory board chair Jeremy Nettle said sorting out these issues will be possible, but it will not be quick.
“It will be possible to create a database, a data layer, or a backbone, but you won’t just be able to put it in,” he said. “It will take five or ten years.” Which will be well into the next Parliament: a lifetime in the rise and fall of big IT projects.
UK trade association AXREM and health tech growth specialist Highland have extended their partnership for two further years, reaffirming a shared commitment to supporting growth across the UK’s diagnostic and health technology markets.
AXREM represents member companies that collectively provide the majority of diagnostic medical imaging and radiotherapy equipment used in UK hospitals. The association has grown substantially in recent years, now also including suppliers of health IT, AI, digital pathology, teleradiology and patient monitoring equipment. It provides an influential voice for the diagnostic and health tech community, working to facilitate collaboration across the sector on shared priorities and challenges.
Sally Edgington
Highland, formerly known for nearly a quarter of a century as Highland Marketing, partners with health tech companies to drive growth. The company has driven many successful brands in the health tech sector, and revealed its own updated identity in October, in reflection of how it supports success in the sector with much more than traditional marketing. Health tech companies work with Highland to identify their market opportunities, to convince key target audiences in healthcare, and to grow their business by getting directly in front of decision makers.
Since the partnership began in 2024, AXREM and Highland have worked together to deliver best-practice support to AXREM members, including a popular webinar series focused on brand building, communications, and industry storytelling.
AXREM members have also been able to leverage Highland’s services to get directly in front of NHS decision makers from board to ward, stimulating new business opportunities. The renewed agreement will build on this foundation, with new initiatives designed to enhance visibility and influence.
Sally Edgington, chief executive officer at AXREM, said: “Our members are delivering technologies that are fundamental to the future of healthcare. Extending our partnership with Highland will ensure we continue to equip them with the tools, insight, and support needed to tell their stories effectively and demonstrate their value to the health and care system.”
Mark Venables, chief executive officer at Highland, said: “We’re very pleased to extend our collaboration with AXREM for another two years. AXREM plays a vital role in uniting and representing a sector that is crucial to the delivery of modern healthcare. Highland’s mission is to help health tech organisations find new opportunities, convince target audiences, grow and make an impact. We look forward to engaging with more AXREM members to help them deliver.”
By Graham Jarvis, Freelance Business and Technology Journalist
It’s that time of year again. The festive Christmas lights are about to be turned on in the high streets to welcome shoppers, enticing them to buy presents for their loved ones. However, not all the festive commerce occurs in physical stores. Adobe reports that consumers spent by $241.4 billion online between 1st November 2024 and 31st December 2024 – “up 8.7% year-over-year (YoY) and setting a new record for e-commerce.”
The company says consumers spent more than $4 billion in a single day, and m-commerce – mobile shopping – “hit a new milestone, with the majority of online transactions (54.5%) taking place through a smartphone this season (up from 51.1% in 2023).” The highest amount of mobile shopping occurred on Christmas Day itself – involving 65% of online sales in 2024, compared to 65% of them the previous year.
Three categories dominate
Over half of the purchases came from 3 categories: electronics, apparel and furniture of home goods. However, the strongest growth was in the shopping of groceries and cosmetics, which grew between 12.2 and 12.9%. “Other categories with notable growth this season included sporting goods ($7.8 billion, up 7.4% YoY) and toys ($8.2 billion, up 7.8% YoY)”, says its release.
Google AI reveals that even in the UK, 30% of all Christmas sales occurs online with ecommerce volumes being considerably higher than average in the last quarter of the year. It finds that in December 2023, UK shoppers spent £11.2bn online, and “online purchases accounted for 28% of overall retail spending throughout December 2023.”
Christmas Day shopping
With Christmas being front of mind and the need to make savings, Black Friday and Cyber Monday remain a major ecommerce driver because shoppers are shopping earlier to catch the bargains. However, as with Adobe’s research, ecommerce is particularly dominant on Christmas Day, “accounting for about 79% of purchases, as most physical stores are closed” – part citing Megan Robinson’s November 2024 article for Retail Week, ‘UK shoppers are expected to spend £86bn over the festive season, despite a cautious amount of spending over Christmas.’
With this increase in online activity, which also impacts businesses – particularly those involve in ecommerce and m-commerce – data centres often surge in usage. It’s not all about shopping for Christmas presents, and that’s because people want to connect with each other, stream videos, make video calls and play online games.
Data centre surges and outages
However, as they operate on a 24/7 basis, they don’t necessarily see a huge increase in power consumption. The season, nevertheless, can mean that they will experience higher workloads over the festive period, due to increased activity. Unlike the many traditional businesses, data centres don’t close for Christmas. They need to maintain uptime. They are, in effect, like Santa’s sleigh because so many people – consumers and businesses alike – rely upon them to deliver digital services or eventually, as a result of an online order, physical products.
So, while it would be hard to give an exact figure for the financial and economic impact that any data centre downtime might have over the festive period, general estimates from sources like Gartner and BladeRoom Data Centres place the cost of downtime at approximately $5,600 to $9,000 per minute. On top of this, businesses as well as data centres could suffer from other types of damaging impact, such as reputational damage and the loss of customer trust.
But do data centres experience outages at Christmas? Well ,the potential risk is not without precedent. Some data centres have, in the past, experienced significant outages. For example, in 2012, Amazon Web Services (AWS) experienced an outage on Christmas Eve, which lasted 20 hours. Reports explain that the outage was caused by human error and flawed access controls when a developer accidentally deleted a data set. It left millions of Netflix subscribers unable to stream content during peak viewing times.
Human error is not the only cause of outages – not only at Christmas but at any time of the year. In 2015, Vodafone UK’s data centre in Leeds, England, suffered an outage over the Christmas weekend. It was caused by flooding when waters from the River Aire reached the facility. The data centre had to run on emergency power, which eventually failed, due to the encroachment of the floodwaters. Weather conditions delayed engineers from being able to restore voice and data services, which were subsequently operating intermittently and which affected its customers in the North-East. This is because the weather conditions made access to the data centre difficult.
Mind your cyber-stocking
David Trossell
While there are no reports of major cyber-attacks causing data centre outages at Christmas, the season does attract cyber-criminals. So, like Black Friday and Cyber Monday, it’s a period of caution because the threat level to businesses and to consumers is significant. One is that there are often fewer staff available to monitor systems and to respond to cyber-threats. This leaves companies and organisations open to potential attacks because of less rigorous security monitoring – giving hackers an opportunity to strike unnoticed.
Cyber-security firm, Darktrace, reports in 2021: “[Our] security researchers discovered a 30% increase in the average number of attempted ransomware attacks globally over the holiday season in every consecutive year from 2018 to 2020, compared to the monthly average.” The company found that attackers know that organisations may be more likely to pay a ransom quickly to avoid operational disruptions during their busiest sales periods.
While email phishing attacks will play the most major role in cyber-attacks as the biggest threat, there are also online shopping scams, social engineering attacks, insider threats and malware attacks to consider. All of these can have a significant impact on individual and organisations – including on data centres. So, all organisations need to put in place robust cyber-security policies that aim to forestall any kind of cyber-attack. They also need to put in place contingency planning – even for when the cause of an outage is human error or a natural disaster.
Back up, back up!
One key less is not so much about avoiding putting all your eggs in one basket, but about ensuring that your data centre, company or organisations backs up in at least 3 locations. David Trossell, CEO and CTO of Bridgeworks, which recently won the Technology Innovation of the Year at the UK
IT Awards, remarks: “It’s important to ensure that during the festive season data is backed up, and that each disaster recovery site is located outside of their own circles of disruption to enable service continuity whenever any kind of outage occurs.” With backups in place and WAN Acceleration, it’s possible to rapidly failover to maintain services.
While the most prevalently used technology today is the SD-WAN, it often needs a WAN Acceleration overlay to mitigate latency and packet loss. Not only does it boost bandwidth utilisation, but it also enables faster data transfers – whether an SD-WAN is involved or not. One real-world example involved replicating a 2020GB data file in just 25 minutes – 4 times faster than without any acceleration, and so WAN Acceleration offers significant improvements in recovery time objectives (RTOs), and it can enable a big to stay operational or get back to business rapidly.
When there is so much at stake at Christmas, in terms of sales and reputations, he says investing in technology that can improve business and service continuity is the best insurance policy. From a cyber-security perspective, WAN Acceleration can also obfuscate cyber-criminals. It’s therefore the WAN you want, enabling the ecommerce and data centre magic of Christmas. Upon that note, Bridgeworks wishes everyone a safe, happy Christmas and New Year.
By Mark Scrivens, FPT UK Chief Executive Officer, FPT Corporation
Mark Scrivens
Although diagnosis can be one of the great challenges in healthcare, once a healthcare plan is developed, we naturally assume that patients take the medications that clinicians prescribe for them. However, this could not be further from reality. In fact, medication non-adherence represents one of UK healthcare’s most persistent and costly challenges.
Whilst the scale of medication adherence in the UK has not been recently reported, a 2018 report from the Organisation for Economic Co-operation and Development (OECD) estimated that poor adherence results in 200,000 premature deaths in Europe each year. The financial fallout from medication non-adherence is also huge, with approximately $100-300 billion in avoidable US healthcare costs each year through unused medications, tests and excessive healthcare provider visits.
The fundamental cause of this epidemic is fragmented communication between patients and healthcare providers. When medical devices and applications operate in isolation, this cannot provide a connected ecosystem that supports sustained patient engagement and adherence.
As part of the digital transformation in healthcare, there may now be a breakthrough to the crisis, via a comprehensive Internet of Medical Things (IoMT) ecosystem.
Building a comprehensive IoMT ecosystem
In order to best illustrate such a solution that can address the problem of medication non-adherence, we can look at how a leading multinational technology manufacturer with operations across more than 40 countries developed a comprehensive Internet of Medical Things (IoMT) ecosystem to address the issue.
This was based on three core strategic pillars designed to transform patient care delivery:
· Setting up a unified IoMT ecosystem
The foundation of the solution involved creating a seamless communication network that connected all healthcare stakeholders. This unified ecosystem integrates compliant medical applications with intelligent IoMT devices, enabling unprecedented data sharing capabilities while maintaining strict adherence to international healthcare standards, including HL7 FHIR, HITRUST r2, and HIPAA compliance.
· Designing a patient-centric mobile application
The team designed a patient-centric mobile application that would allow patients to actively participate in their own healthcare journey. Through this app, patients can log medication schedules, share progress with healthcare providers and, most importantly, track their adherence patterns in real-time. The platform features intelligent alert systems with customisable reminder options delivered via a variety of channels – SMS, in-app notifications, and email. This allows patients to tailor their medication reminders according to their communication preferences.
· Intelligent and insightful medical decision-making
Taking healthcare beyond patient engagement, the app offers clinicians authorised access to patient data, which drives more intelligent and informed medical decision-making. Pharmaceutical companies can also benefit from valuable insights while receiving regulated software solutions that comply with stringent requirements for protecting patient information and processing data.
Through this multi-stakeholder approach, all appropriate stakeholders in the healthcare ecosystem can utilise shared data to improve patient outcomes while maintaining high standards of privacy and security.
The benefits of patient-centered digital health technology
The implementation of this comprehensive IoMT solution delivered significant improvements across many healthcare metrics, including:
Retention rate – The patient-centric mobile application achieved an impressive 89% retention rate, significantly higher than the typical retention rate of healthcare applications. This retention rate suggests that patients derive sustained value from the platform, with potential for long-term changes in healthcare behaviour.
Patient engagement – Most significantly, patient engagement with the application resulted in medication adherence rates reaching 75%. This achievement is down to the platform’s reminder systems, progress tracking capabilities, and patient empowerment features in encouraging consistent medication compliance.
Data-driven treatment decisions – In generating real-time and accurate patient data, clinicians are able to make more informed, data-driven treatment decisions. Healthcare providers can now access comprehensive patient medication patterns, adherence trends, and outcome metrics. This means more personalised treatment plan adjustments and can enable medication reviews and proactive intervention strategies. This visibility into patient behaviours supports more effective care coordination and potentially better health outcomes across patient populations.
Harnessing clinical research data – Beyond immediate patient care improvements, the platform serves as a valuable tool for gathering clinical research data, enabling advances in medical treatment and understanding to make future improvements in medication management strategies.
The future is connected healthcare
This successful IoMT implementation highlights that comprehensive, patient-centric digital health solutions can meaningfully address the crisis of medication non-adherence. By creating seamless connections between patients, providers, devices, and pharmaceutical companies, healthcare organisations can achieve measurable improvements in patient engagement and outcomes while significantly cutting healthcare costs such as inappropriate or cancelled appointments and medication wastage.
With a medication adherence rate of 75%, this patient-centric app translates to saving lives and improving the UK’s healthcare system. For UK healthcare leaders, it means at last building a holistic ecosystem that supports regulatory compliance and data-driven patient-centered healthcare that benefits citizens and healthcare practitioners throughout the patient journey.
Britain’s Armed Forces will be better equipped, and small British defence businesses will grow rapidly as the Government boosts investment into innovative drone systems this year.
UK Defence Innovation (UKDI) – launched earlier this year – will inject over £142 million rapid investment into drones and anti-drone weapons this year, its first year in operation.
This includes around £30 million investment this year into counter-drone technology to protect the UK homeland and allies, in the face of increasing Russian-linked drone incursions across Europe.
UKDI was launched by Defence Secretary John Healey MP in July this year to be the focal point for innovation within the Ministry of Defence, backed by a ringfenced annual budget of at least £400 million. It takes a new approach, using different ways of contracting, to enable UK companies to scale up innovative prototypes rapidly.
While many of the companies involved remain anonymous, the drones investment this year includes 20 British SMEs, 11 British ‘Micro-SMEs’, and 2 British Academic institutions.
The rapid investment delivers on the Strategic Defence Review which set out how the UK must take the lessons from the war in Ukraine – such as rapidly advancing drones and unmanned systems – to put the UK’s Armed Forces at the leading edge of innovation in NATO.
John Healey MP, Secretary of State for Defence, said:
“After years of hollowing out and underfunding, I am determined to put Britain’s Armed Forces, and British businesses, at the leading edge of defence innovation.
“The Strategic Defence Review was clear that we must learn the lessons of the war in Ukraine, which is why we’re surging investment into drone and counter drone systems. Russia’s continued bombardment of Ukrainian civilians and their grey-zone drone incursions across Europe show why this drone drive is so urgent.
“In a new era of threat, this rapid investment will make the UK secure at home and strong abroad, while making defence an engine for growth, ensuring the UK is the best place in the world to start and grow a defence business.”
Specific examples of this year’s investment includes:
Investment of over £25 million delivering a new Royal Navy uncrewed AI submarine ‘Excalibur’, which will play a key role defending against Putin’s fleet as part of the transformative Atlantic Bastion programme to establish a new hybrid Navy. Excalibur was recently unveiled in Portsmouth alongside other capabilities forming part of the Atlantic Bastion programme.
£20 million to support development of additional laser weapons to complement the UK’s ‘DragonFire’ system. This follows the signing of a £300m contract to install the first DragonFire anti-drone systems onto Type 45 destroyers from 2027, five years earlier than previously planned, creating and sustaining almost 600 jobs across the country.
£7.5 million for a new uncrewed helicopter, part of the Royal Navy’s move towards future ‘hybrid air wing’ aircraft carriers, with flight trials already underway. The project will deliver one of the world’s first full-sized autonomous helicopters.
£12 million to support development of an air-launched collaborative Uncrewed Air Vehicle (UAV), increasing the UK’s effectiveness against air-to-air threats.
£5 million seedcorn investment into prototypes for Land Autonomous Collaborative Platforms – such as autonomous drones to support British Army Apache helicopters.
The rapid investment into emerging British uncrewed systems businesses comes alongside further commitments to industry through the Defence Industrial Strategy that the UK aims to be the best place in the world to launch and grow a defence business.
For example, Ukraine’s largest drone manufacturer, Ukrspecsystems, recently announced £200 million investment to create a new drone factory and training site in East Anglia, creating up to 500 jobs and apprenticeships.
The head of the Armed Forces will issue a rallying cry this evening to the nation to build Britain’s resilience in the face of growing threats and uncertainty.
The Chief of the Defence Staff Sir Richard Knighton will set out how a whole-nation response is needed in a more volatile and uncertain world.
In a speech setting out his priorities of readiness, people and transformation, he will talk about the need to increase the nation’s resilience in the face of increasing threats. Far from being an issue just for defence, he will detail how the long-term success of the armed forces relies on reconnecting with society: making Defence and resilience part of the national conversation and “a higher national priority for all of us”.
Discussing the threats we face, GPSJ understands he will say:
“The situation is more dangerous than I have known during my career and the response requires more than simply strengthening our armed forces. A new era for defence doesn’t just mean our military and government stepping up – as we are – it means our whole nation stepping up.”
An engineer by background, Sir Richard will most likely reference the recent Royal Academy of Engineering and National Engineering Policy Centre report which highlights an engineering skills gap, as well as recruitment and retention challenges, as an example of a fragile system which must be reinvigorated to ensure the nation can continue to function in a crisis.
Drawing parallels to the skills gaps seen across defence, he is expected to talk about the need to work with industry and young people to identify gaps and build pathways to address them.
He is expected to announce £50 million for new Defence Technical Excellence Colleges, which will support thousands of short courses so that defence employers can upskill new hires and existing staff more quickly.
He is also expected to say: “Five colleges in England, and others across the UK, will gain specialist status and major new funding to train people in the skills needed to secure new defence jobs, and help deliver on the ambitions set out in the SDR.
“In addition to training young people for the new jobs of the future, this funding will also support thousands of short courses so defence employers can upskill existing staff quickly, providing the versatility that they – and we – need.”
On defence spending GPSJ expects him to say:
“I find myself in a position that none of my predecessors during my career have faced, looking at the prospect of the largest sustained increase in defence spending since the end of the Cold War. And that is because the price of peace is increasing.”
Highlighting the increased probability of Russia invading a NATO country, he is expected to say:
“The war in Ukraine shows Putin’s willingness to target neighbouring states, including their civilian populations, potentially with such novel and destructive weapons, threatens the whole of NATO, including the UK.
“The Russian leadership has made clear that it wishes to challenge, limit, divide and ultimately destroy NATO, in former President Medvedev’s words, aspiring to “the disappearance of Ukraine and the disappearance of NATO – preferably both.”
Building on the Strategic Defence Review, he will outline the need for a “whole of society” approach to defence and deterrence, to build a “national resilience” to threats.
On resilience, GPSJ expects him to say:
“Our armed forces always need to be ready to fight and win – that’s why readiness is such a priority.
“But deterrence is also about our resilience to these threats, it’s about how we harness all our national power, from universities, to industry, the rail network to the NHS. It’s about our defence and resilience being a higher national priority for all of us. An ‘all-in’ mentality.
And that will require people who are not soldiers, sailors or aviators to nevertheless invest their skills – and money – in innovation and problem solving on the nation’s behalf.”
As part of rebuilding the national resilience, he will speak about the need to rebuild our defence capabilities and the national infrastructure which underpins that resilience.
Closing his speech, the Chief of Defence Staff will be expected to reaffirm the need for action as the uncertainty we face grows greater. He is expected to say:
“We are heading into uncertainty, and that uncertainty is becoming more profound, both as our adversaries become more capable and unpredictable, and as unprecedented technology change manifests itself’.”
ByRichard LaTulip, Field Chief Information Security Officer at Recorded Future
Richard LaTulip
The shape of cybersecurity in the public sector will depend less on how many attacks happen and more on how well agencies can see, manage, and control their systems. Managing vulnerabilities, updating account systems, and using Artificial Intelligence (A)I to support oversight are already converging. Agencies that combine these areas will reduce both risk and cost, while those that don’t may stay reactive and exposed.
Public sector organisations need to move from separate security tools to coordinated, intelligence-driven approaches. The year ahead will bring challenges, but also opportunities for agencies prepared to adapt.
Making patching a core part of defence
Public sector networks are large and often mix old infrastructure with cloud, mobile, and operational technology. By 2026, managing vulnerabilities and applying software updates will move from routine maintenance to a central part of security.
Attackers now exploit unpatched systems very quickly, scanning thousands of devices in minutes. With so many applications, distributed offices, and limited budgets, keeping up with updates can be challenging.
The next step is continuous monitoring and risk-based prioritisation. Instead of occasional checks, agencies will use real-time intelligence that considers both threats and business impact. This helps focus on the weaknesses most likely to be targeted, strengthening security through smart insight rather than sheer volume.
2026 will be the year of supply chain attacks The economic fallout from the Jaguar Land Rover breach – the costliest cyber incident in UK history – showed how a single compromise can disrupt entire communities. Beyond corporate losses, such events affect jobs, local economies, and public confidence. Around 30% of breaches now stem from third-party suppliers, and the risks deepen as threats move through layers of subcontractors and cloud providers. Geopolitical tensions, software vulnerabilities, and misconfigurations add further uncertainty.
To manage this, agencies will need intelligence-driven supply chain oversight – continuous monitoring of supplier exposure, contractual accountability for security standards, and the ability to act swiftly on new intelligence.
Renewed focus on protecting digital access
As government standards for secure login methods and password-free access become more common, public sector organisations face both opportunities and challenges. Stronger login controls
and consistent rules can help prevent account hacking, but making the change isn’t just about installing new technology.
The weakest link is often how identities – staff, contractors, and systems – are managed. Many agencies still rely on old account systems or have unused accounts that create hidden risks. By 2026, cyber attackers are expected to focus more on these account systems themselves.
To stay ahead, agencies should focus on:
● Careful setup and removal of accounts to avoid dormant access
● Ongoing monitoring of staff with high-level access
● Close attention to contractor and vendor accounts
● Connecting identity systems with other IT systems to see where access could pose a risk
Without strong management of accounts and access, modernising login systems may simply shift risks around instead of reducing them.
Tracking digital assets will be a priority
Strong cybersecurity starts with knowing exactly what systems and devices you have. Many public sector organisations still rely on incomplete or outdated inventories. Cloud and hybrid setups can hide forgotten or unmanaged systems, which can become easy targets for attackers.
By 2026, regularly checking and updating asset lists will become standard practice. Tools that automatically discover devices, map networks, and monitor external exposures will help agencies keep an accurate, up-to-date view of their digital environment. The goal goes beyond knowing what exists – it is also essential to understand who owns it, how it’s used, and where it could be vulnerable.
Without this clear picture, even the best security measures may be working in the dark.
A shift towards autonomous defence
Modern public sector systems are complex, and relying on people alone to manage security is no longer practical. AI and automation are becoming essential for spotting threats, prioritising risks, and taking action quickly.
By 2026, AI tools will help identify the most likely vulnerabilities, predict potential attacks, and automatically apply fixes. They can also show how a weakness in one department or supplier could create risks for others.
Even so, automation needs careful oversight. Relying solely on machines can hide mistakes. Agencies will need clear review processes and controls to make sure automation supports decision-making rather than replacing human judgment.
Outlook for 2026
In the coming year, public sector security teams will face pressure to modernise quickly while keeping trust and accountability intact. The agencies best prepared will have three key strengths: a clear view of all their systems and accounts, the ability to focus on the most important risks, and a balance between automated tools and human oversight.
Success in 2026 won’t be about collecting more data, but about understanding it clearly and using it to make smart decisions.
Today’s public sector organisations face unprecedented challenges in training and development. Despite real world risks such as cyber breaches greater than ever before, the UK Government and public sector departments are under pressure to achieve more with less in terms of training their people, stretching limited budgets whilst still delivering quality training.
Government, public sector and, in particular, L&D leaders, need to upskill and reskill workers in order to tackle critical challenges – from digital transformation to leadership development.
In embracing new immersive approaches to train more people, government organisations can save time, reduce expenses, improve worker productivity and satisfaction, whilst meeting their compliance and capacity needs.
Why public sector L&D leaders must improve their training delivery
The world is more unpredictable than ever for government and public sector organisations today. Cyberattacks on national infrastructure, sudden supply chain problems, threats to space and maritime assets, healthcare systems that are pushed to their limits, and regulatory scrutiny that is getting stricter all the time – there has never been more pressure to be ready.
Organisations face a critical skills shortage requiring rapid and effective upskilling and retraining of their workforces. Remote and hybrid work models are becoming permanent fixtures. It’s no surprise that time consuming traditional training methods are increasingly seen as ineffective, with workers disengaged.
Coupled with standard online training tools leading to poor attention, limited retention, and reduced application of learning, training is neither time nor cost efficient.
The limitations of Learning Management Systems (LMS)
Whilst there is a place for Learning Management Systems (LMS) – they are great for sending out information and keeping track of compliance, making sure that everyone finishes the required training modules – they have serious limitations when it comes to situations where real-world decisions can mean life or death.
Organisations have a hard time connecting LMS use to real-world results, lower risk, higher productivity, or higher value. People are rarely tested on how well they work together, prioritise, and handle stress in high-stakes situations.
In the public sector, finishing an online module isn’t enough to say that someone is “ready” for real world situations. Immersive training fills this important gap by giving experiences, behavioural insights, and hands-on learning that an LMS alone simply can’t.
How an immersive learning platform transforms training
Advances in cloud technology and immersive platforms have made it much easier to do realistic training by enabling people to train alongside their jobs. This way, it’s business as usual providing critical services while also learning important skills.
Public sector teams can run crisis simulations right in the places where they work with the right people. They can bring together learners from multiple locations in collaborative virtual environments that foster engagement and peer learning.
Training is adaptable, frequent, and team leaders can design tailored immersive learning scenarios that address their specific organisational challenges and objectives. In addition, expert facilitation guides participants through scenarios that build practical skills and knowledge retention. People retain up to 75% of what they learn through immersive experiences, compared to just 10–20% with standard slide presentations.
Most importantly, the platform can reduce training costs by up to 60% and decrease training time while improving outcomes. With advanced analytics that capture data this can create bespoke skills gap analysis and demonstrate its value for future training investment decisions. This means that those who embrace innovative learning solutions stand to gain a significant competitive advantage.
The public sector needs to embrace technology to grow
In today’s world, organisations must show that their teams are skilled and ready, even when under the most pressure. Learning must be based on the real problems teams face, with performance clear and measurable, and improvement constant.
With a blend of the right people and technology, public sector organisations can confidently face the problems of today and tomorrow. Experiential learning gives public sector organisations the power to:
Build and measure operational capabilities with confidence
Strengthen collaboration across agencies and teams
Provide clear assurance to ministers, boards, and regulators
Protect the people and services society depends on every day
In addition, AI functionality within the platform now provides real time analysis providing greater insight and enabling the analysis and reporting of learning to be achieved within hours and not weeks.
Defining a new era in Government learning
It’s important for L&D leaders to undertake a full assessment of specific training needs to enable them to scale training investments effectively. With the right platform, teams can develop tailored immersive learning scenarios that address their specific organisational challenges and objectives. Advanced analytics can deliver bespoke skills gap analysis and demonstrate return on investment.
Forward thinking organisations aren’t choosing between digital and in-person training; they use both. While digital, cloud-based simulations make sure that people regularly and without interruption build their skills, live crisis workshops build trust, leadership, and a shared understanding of the situation. This mixed approach makes readiness more than just a yearly task; it becomes a strength that grows to counter the changing risks of the future.
Recent Comments