The UK rail sector faces complex cyber security challenges under the NCSC Cyber Assessment Framework (CAF). This includes protecting operational technology (OT), managing legacy signalling systems, and securing a highly fragmented supply chain across Network Rail, TOCs, and ROSCOs. The Department for Transport applies CAF within the NIS Regulations, prioritising passenger safety alongside cyber resilience, particularly during CP7 infrastructure programmes.

I've had this conversation more times than I can count. A client comes to us having already deployed SD-WAN across their estate, and now they want to layer on cloud security. What should be straightforward always turns into a rework project. Here's how I think about it — and how to avoid the same trap.

In 2026, most organisations will be asking whether their cyber security operations capability is actually working for them. 

They have multiple tools deployed, dashboards lighting up, frameworks adopted, compliance boxes ticked. Yet, the same operational issues keep surfacing… alert fatigue, slow response, brittle processes, disengaged users, and a lingering sense that security is always one step behind the attackers.