By Jaime Craggs, Public Sector Client Manager, BlueFort Security
After Covid, many of my contacts within the public sector began to find that remote working was being embraced, enabling them to perform their roles from home and benefit from a much shorter commute. The downside of course was the lack of in-person collaboration, problem sharing, and discussing what’s going on in their world. This is why in-person events are so important post Covid.
Last week I attended this year’s ISfL Conference in the heart of London. Aimed at cybersecurity professionals in the public sector, this well-attended, annual event aims to highlight and celebrate the role WARPs (Warning, Advice & Reporting Point) play in strengthening cyber resilience across the sector.
Given that a key principle of fighting cybercrime is the sharing of intelligence, information, experience, and even moral support, WARPs are a vital part of strengthening the public sector’s cyber resilience.
There were plenty of great and insightful conversations on the day, but I’ve shared some main takeaways below. Feel free to get in touch if you want me to expand on any of these points.
Takeaway One: The Importance of Resilience
Resilience was the key theme of the conference, and as such, it was the red thread running through many of the keynotes and panel sessions. When it comes to an organisation’s cybersecurity strategy, understanding the difference between protection and resilience is critical. To my mind, protection is about the tools you use to prevent or limit the chance of an attack, whereas resilience is how well your organisation can bounce back when the inevitable happens, and defences have failed. Or, as the saying goes, “protection comes from the outside, resilience comes from within”.
What I heard time and again during the conference is that resilience has to be a team sport. It’s not just a technical issue. It’s everyone’s responsibility, from the executive suite to individual employees, to actively manage risks and build a security-conscious culture, and I am one hundred per cent in agreement.
Takeaway Two: CAF Compliance
Continuing the resilience theme, it’s little surprise that CAF compliance was a topic that was widely discussed. In the ‘Cyber Security Strategy 2022-2030’, the UK Government set out its intention to adopt the CAF as the ‘assurance framework for government’.
The latest version of CAF was issued in August last year and contains some of the most significant changes, including over 100 new Indicators of Good Practice (IGPs). Lots for organisations to get their heads around, and I heard first-hand at ISfL how organisations within the public sector are making significant progress in strengthening their cyber resilience, utilising the CAF framework.
In the spirit of sharing best practice, BlueFort participated in a keynote with Richard Smith, IT Security Operations Manager at Buckinghamshire Council, and Peter Batchelor, Regional Sales Director at Silverfort, one of BlueFort Security’s technology partners. Silverfort’s Unified Identity Security Platform protects every identity in an environment, including those that previously went unprotected. Silverfort’s capabilities directly align with CAF’s core principles, including identity and access control, privileged user management, and continuous monitoring. Richard specifically discussed how Silverfort’s platform had helped Buckinghamshire in their adherence to CAF and to bolster their identity security against threats, significantly reducing their risk.
As an aside, Peter recently launched a Public Sector and NHS Community. You can read more here – but essentially it’s a community focused on sharing insights, experiences, and ideas around the NCSC Cyber Assessment Framework (CAF).
Takeaway Three: Incident Response Program is Key to Resilience
The importance of an effective incident response program is beyond doubt and is critical in the context of CAF compliance Objective D (“Detecting and Responding to Incidents”), which requires organisations to have robust, tested incident response plans. Knowing how to respond to cyber incidents and having a plan in place that has been tested, can greatly increase the likelihood of successfully overcoming an incident while reducing the impact on the organisation and its stakeholders. This statistic from Vectra AI illustrates the point: in 2025, organisations with formal, tested IR plans and dedicated teams reduced the average cost of a data breach by over £350k (approx. $473,706). With the UK Government also looking to ban public sector organisations paying ransoms, the potential disruption from a Ransomware attack is front-of-mind for most, and further solidifies the need for strong IR plans.
Takeway Four: AI is Part of Everyday Security
Notable by its “not quite” absence, but with significantly less discussion than last year’s conference, was the topic of AI. The lack of discussion around AI didn’t necessarily feel like it represented a lack of interest, but more the acceptance that AI is a known entity now (love it or hate it). We are definitely seeing more customers and vendors integrating AI into their cybersecurity, and this is no doubt in response to the rise in increasingly sophisticated, AI-driven threats appearing. For example, Abnormal shared a blog last year on the availability of AI phishing kits being sold to attackers to allow them to automate the sending of believable phishing emails. It feels that AI has become less of a novelty now and more integrated into everyday operations, leaving other, more pressing issues that need security teams’ attention to take precedent.
Takeaway Five: The Skills Gap Grows as Technology Evolves
The conversation around the cybersecurity workforce is pivoting. While the number of professionals available in the talent pool is still a challenge due to budget constraints, it’s also about the skills and knowledge candidates can bring to the table. This becomes less of a people shortage, but more of a skills gap. There is still a lack of talent, but the focus for security leaders is increasingly about the makeup of their teams. For example, do they have the necessary skills to secure increasingly adopted AI tools in their environments? This Cybersecurity Workforce Study from ISC2 is really insightful, and its findings echo many of the conversations that I’m having. We touched on this in our 2026 Cyber Predictions blog too!
Takeaway Six: Collaboration as a Foundation
My final key takeaway is a theme and message which was extremely strong throughout the day -Collaboration – both internally and externally. This highlights the importance of internal collaboration and understanding between the technology teams at the coal face of fighting cybercrime and an organisation’s executive team. Without this, it’s difficult for executive teams to truly understand the risks they are facing or support those on the front line. Speakers also called out the importance of collaboration with suppliers and partners to ensure they have a cohesive relationship. This needs to be built early, enabling your partners and suppliers to become part of your wider team, so that if things go wrong, you can lean on them for support.
I know firsthand that good collaboration and support does happen in many instances, and this issue is in no way just a public sector challenge; however, it remains a very real challenge. To illustrate the point, a recent Accenture survey found that 95% of CEOs say that cybersecurity is critical, yet only 15% of them talk about it at board meetings.
Finally, if I have to sum up this year’s ISfL conference, I’d use the word community. The WARP community is built on trusted collaboration, both within public sector bodies and also drawing advice, experience, and knowledge from the private sector. This was evident in spades at Goodenough College last week. I consider myself, my BlueFort Security colleagues, and our technology partners, privileged to be part of this supportive, collaborative community.
For many years, BlueFort has enabled public sector organisations to deploy leading enterprise security technologies to protect against evolving threats. Strengthening the cyber resilience of UK government and public sector organisations is central to our mission.
Interested to know more? Drop me a line.
