In 2026, most organisations will be asking whether their cyber security operations capability is actually working for them. 

They have multiple tools deployed, dashboards lighting up, frameworks adopted, compliance boxes ticked. Yet, the same operational issues keep surfacing… alert fatigue, slow response, brittle processes, disengaged users, and a lingering sense that security is always one step behind the attackers. 

The water sector faces a unique set of pressures, such as geographically dispersed assets, legacy Operational Technology that predates the internet, and a regulator (the Drinking Water Inspectorate or DWI) that is increasingly focused on evidence over assertion.

If you spend any amount of time around operational technology environments, you start to hear the same things repeatedly. The problem is that many of these statements aren’t quite true, or they’re only true in very specific circumstances, and over time they’ve been stretched into almost fact, facts that people stop questioning. That’s where a lot of trouble starts.