WhoshouldIsee Tracks

Contents

Protecting Public Data in an AI-Driven World: Key Takeaways from the Northern WARP Conference 2026

By Darren Smith, Head of Public Sector, BlueFort Security 

Cybersecurity is often framed as a technology challenge. New platforms, stronger controls, and better detection capabilities understandably dominate much of the conversation. Ultimately, every security decision is (for the time being at least) still made by people.

Whether that’s a frontline worker deciding whether to approve an authentication request, a member of staff assessing the legitimacy of an email, or a CISO determining where to invest limited resources, the human factor remains central to cyber resilience.

This was one of the key themes running through this year’s Northern WARP Conference, held at King’s House Conference Centre in Manchester on 3rd July. Bringing together public sector cybersecurity professionals, information governance leaders, and industry experts from across the UK, the event focused on “Protecting Public Data: The Human Factor”.

Now in its sixth year, the Northern WARP Conference has become an important opportunity for public sector organisations to share experiences, discuss emerging challenges, and learn from each other. What stood out throughout the day was not only the quality of the sessions, but also the collaborative atmosphere. Discussions continued beyond the formal presentations, with delegates openly sharing challenges, approaches, and lessons learned.

As always with these events, there were plenty of valuable conversations. These are some of my key takeaways.

Takeaway One: The Human Factor Remains Central to Cyber Resilience

Despite the rapid evolution of cybersecurity technology, one theme remains consistent: people continue to sit at the centre of both risk and resilience.

This was particularly evident given the event’s focus on protecting public data. While organisations continue to invest in security controls and technical capabilities, effective cybersecurity still depends on the decisions made by individuals across the organisation.

The challenge is only becoming more complex as artificial intelligence (AI) becomes increasingly embedded into both offensive and defensive cybersecurity.

One of the recurring themes throughout the day was the dual nature of AI. On one hand, organisations are rightly concerned about how attackers can use AI to increase the speed, scale, and sophistication of cyberattacks. AI-enabled phishing and more convincing social engineering campaigns are all actively increasing pressure on already stretched security teams. And that’s before you even mention Claude Mythos

However, there was also recognition that the challenge is not simply the technology itself. The question is how organisations enable people to make better decisions when faced with increasingly sophisticated threats.

This was the theme behind BlueFort’s session, delivered alongside our partner iboss, entitled “Enhancing Human Decisions with AI-Powered SASE.”

I presented the session with Simon Eappariello, SVP EMEA & APJ at iboss, and we looked at how capabilities like AI-powered security, Zero Trust Network Access (ZTNA), cloud-delivered security controls, and continuous monitoring can help organisations strengthen security while enabling users to work effectively.

The key message was that technology alone is not the answer. Organisations need the right strategy, processes, and expertise in place to ensure emerging technologies are adopted securely and deliver meaningful outcomes.

Takeaway Two: AI Adoption Requires the Right Foundations

The discussion around AI has understandably moved quickly from “should we use it?” to “how do we use it safely?”

This transition introduces a range of considerations for public sector organisations. AI has the potential to transform productivity, service delivery, and decision-making, but it also introduces new risks around data protection, governance, access control, and accountability.

One of the challenges highlighted during many of my conversations at Northern WARP was that lots of organisations understand the importance of adopting AI securely but are still working through what that looks like in practice.

This is where having the right foundations becomes critical.

Many of you will have heard me say that before implementing new technologies, organisations need visibility of their current security posture, an understanding of where risks exist, and a clear roadmap for improvement. This requires more than simply deploying new tools. It requires ongoing assessment, expertise, and the ability to continuously adapt as both threats and technologies evolve.

This is one of the principles behind BlueFort Evolve, our outcome-driven cybersecurity services ecosystem. By combining specialist expertise, structured assessments, and continuous improvement activities, Evolve helps organisations identify gaps, validate technology decisions, and maximise the value of their security investments over time.

The reality is that cybersecurity teams are being asked to secure increasingly complex environments while managing limited resources. Access to the right expertise, at the right time, is becoming just as important as the technology itself.

Takeaway Three: Governance and Compliance Continue to Shape Cyber Priorities

Unsurprisingly, governance and compliance remained a significant topic throughout the conference.

For many public sector organisations, the National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) continues to provide an important structure for improving cyber resilience. However, one of the strongest messages from the discussions was that compliance cannot simply become a tick-box exercise. Frameworks such as CAF provide valuable guidance, but effective cyber resilience requires embedding security into organisational culture.

This means recognising that cybersecurity is not solely the responsibility of IT and security teams. Every employee who accesses systems, handles information or makes decisions that affect risk has a role to play.

The upcoming Cyber Security and Resilience Bill was also part of wider conversations around the increasing expectations being placed on organisations to demonstrate stronger resilience and accountability. The road ahead is clear: organisations will increasingly need to demonstrate not only that they have security controls in place, but that those controls are effective, understood and continuously improved.

Takeaway Four: SASE Is Becoming the Direction of Travel, But Complexity Remains a Barrier

Another recurring theme throughout the day was the evolution of network security.

Most public sector technology leaders recognise that traditional security models built around fixed networks and perimeter-based controls no longer reflect how their organisation now operates. Users are distributed, applications are increasingly cloud-based, and access needs to be secured regardless of location.

This is driving greater interest in Secure Access Service Edge (SASE), which brings networking and security capabilities together through a cloud-native architecture. However, while the strategic direction is increasingly understood, implementation remains a challenge. 

Conversations with delegates highlighted common concerns around replacing legacy infrastructure, managing migration complexity and ensuring that security improvements do not disrupt critical services.

The challenge is therefore not necessarily recognising the need for change, but understanding how to make that transition effectively, reducing complexity while improving security outcomes.

Collaboration Remains the Foundation of Cyber Resilience

If there was one overarching theme from Northern WARP, it was collaboration.

The event itself demonstrated the value of bringing together public sector organisations, security professionals, and technology experts to share experiences and learn from each other. Cyber threats are evolving rapidly, and no organisation can realistically address every challenge alone. Building resilience requires collaboration, knowledge sharing, and access to the right expertise.

Technology will continue to advance, and AI will undoubtedly play an increasing role in both cybersecurity and the wider public sector landscape. But the fundamentals remain the same: understanding risk, making informed decisions, and ensuring that people, processes, and technology work in lockstep.

For public sector organisations protecting sensitive information and essential services, that combination will remain critical.

BlueFort Security is committed to helping public sector organisations strengthen cyber resilience through leading security technologies, specialist expertise, and outcome-driven services. Our work with organisations across the sector is focused on reducing risk, improving security maturity, and helping teams navigate an increasingly complex threat landscape.

If we didn’t get a chance to chat during the conference, or you weren’t able to attend, drop me or Jamie Craggs a message or call us on 01252 917000.

Get in touch with BlueFort

Related articles