In my first blog of this two-part series, I broke down the five automation metrics and principles I rely on most to help leadership demonstrate value. This second blog builds on that thinking. In my e-book, ‘Network automation in 2026: building resilience, assurance and future-ready networks’, I explained that one of the biggest challenges that network and operations leaders face today is making every change safe. 

Automation is not just about efficiency, but maintaining control within modern networks that are dynamic, distributed and tightly-connected to cloud platforms and third-party services. While automation is essential, speed without control creates risk. By unifying the three capabilities of assurance, observability and lifecycle management, it becomes possible to execute network changes in a safe and repeatable way.

Assurance: Validate before and after every change

For me, assurance is the foundation. Validate every change is safe and compliant before it goes live, then confirm it behaves as intended after deployment. Continuous validation before and after every change is now expected, helping to ensure changes are safe and compliant. Streaming telemetry and service mesh architectures provide real-time visibility, making it easier to spot issues and respond quickly

How to implement assurance:

• Define policies as code and embed them in your pipeline. 
• Run intent checks to catch misconfiguration and drift early. 
• Use change windows that include automated validation and safe rollback paths.

Outcome: Fewer failed releases and emergency fixes and better audit outcomes because evidence is generated as part of normal work. 

Observability: Real insight from streaming telemetry

In my first blog, I covered MTTR and MTTD with the time it takes you to detect issues and restore normal service. Observability is what drives this. Move beyond static, device-centric health checks to provide continuous visibility across paths, services and users.

How to implement observability: 

• Stream telemetry from network and edge assets into a common model. 
• Use service mesh patterns where appropriate to trace requests end-to-end. 
• Align dashboards to service objectives, not individual devices. 

Outcome: Faster detection, clearer root cause and performance data that stakeholders can actually trust. 

Lifecycle management: Remove tech debt as you modernise

Teams often try to automate on top of legacy risks. Lifecycle management prevents that. You plan upgrades, renewals and retirements proactively to prevent new changes from piling risk onto legacy.

How to implement lifecycle management: 

• Maintain an accurate inventory and map controls to business risk. 
• Standardise on reference designs that are easier to secure and support. 
• Budget for renewal and decommissioning alongside new projects. 

Outcome: Lower exposure, simpler operations and a platform that adapts as the business evolves. 

How to implement a safe automation framework

To bring assurance, observability and lifecycle management together for safe automation, I recommend organisations consider the following best practices:  

1. Start with responsibility: Assign clear owners for providers and controls. Everyone should know who approves what. 
2. Use reference designs: Build simple patterns that map known threats to specific controls, then reuse them. 
3. Automate safely: Codify configuration and policy, prevent drift and escalate recovery with tested rollbacks. 
4. Adopt Zero Trust: Assume breach, verify access and enforce least privilege across sites and clouds. 
5. Strengthen monitoring: Track performance, changes, access and compliance in one place. 
6. Keep governance practical: Set standards that teams can follow, measure them and iterate. 

What to measure

To make progress visible and defensible, you can refer back to the core metrics from my e-book and previous blog:  

• Change success rate and rollback avoidance 
• MTTR and MTTD
• Compliance score and drift
• Latency and packet loss against service objectives.

These metrics will help you determine whether your automation is actually making change safer.  

Two quick wins for the first 30 days

If you want to quickly build momentum, I recommend: 

• Pre-change validation on one high-traffic service: Add automated checks for policy compliance and performance impact, then track the effect on change success rate. 
• Drift detection with weekly remediation: Choose a critical domain, enable drift alerts and close gaps to raise your compliance score. 

Where SD-WAN and SASE fit

At the edge, SD-WAN and SASE extend consistent policy and observability to every site. They simplify operations, support identity-led access that aligns to Zero Trust and reduce risks from technical debt and legacy systems so networks can adapt securely as business needs evolve. 

How we can help

In my work with clients, I see the same challenge time and again: network change needs to move faster, but it also needs to be safer and more predictable. At CACI, we help organisations bring structure, visibility and governance to complex networks so change can happen with confidence. 

We support teams in putting practical assurance and observability in place, improving lifecycle management and reducing configuration drift, without slowing delivery. That means fewer regressions, clearer accountability and a more predictable change pipeline.
 
If you’d like to explore how this approach could work in your environment, visit our Network Automation page to start the conversation with our specialists. 
 
You can also download my new Network Automation in 2026 eBook for a deeper dive into how assurance and automation work together to build resilient, future-ready networks. 

In my new e-book ‘Network automation in 2026: building resilience, assurance and future-ready networks’, I uncover how network automation is no longer just about speed, but about reducing operational risk, strengthening compliance and stabilising services when the unexpected strikes. To meet the expectations of leadership, network automation must clearly demonstrate its ability to deliver on outcomes.  

This first blog in a two-part series breaks down five automation metrics and principles I rely on to help advise leadership: practical, executive-friendly and aligned to how boards evaluate resilience, risk and customer experience.

1. Change success rate and rollback avoidance 

What it is: This is the proportion of changes that complete as planned without causing incidents or requiring rollback. 
Why it matters: In my experience, this is one of the fastest ways to prove to leadership that automation is about increasing safety and predictability, not just throughput. 

How to improve:  

• I always begin with applying pre-change validation, policy gates and standardised reference designs that map controls to threats with simple, repeatable patterns. These give teams simple, repeatable patterns that map controls to threats. 
• Instrument your pipelines to capture change outcomes automatically.
• Assign clear ownership to execute each change and align teams.  

What good looks like: A steady rise in successful, first-time changes and a consistent fall in rollbacks over consecutive release cycles. 

2. Mean time to detect (MTTD) and mean time to repair (MTTR)

What it is: The time it takes you to detect issues and restore normal service. 
Why it matters: I find that detection and recovery are very important for leadership, especially because automation and observability deliver measurable business value. 

How to improve:  

• Stream all of your telemetry into a single view, then use intent checks to highlight drift or policy violations and automate first line remediation where safe.  
• Strengthen monitoring by tracking network performance, changes, access, compliance and security events.

What good looks like: Faster detection windows followed by runbook-driven recovery that is measured in minutes, not hours.

3. Compliance score and configuration drift

What it is: A combined indicator of how closely your estate aligns to policy and how far it strays from approved configurations. 
Why it matters: Boards and auditors need confidence that controls are enforced consistently across hybrid estates. 

How to improve:  

• Treat policies as code and run continuous checks.  
• Block non-compliant changes before they land.  
• Generate audit evidence automatically to save a huge amount of time.  
• Keep governance practical by setting clear standards, control owners and measurable policies. 

What good looks like: A rising compliance score with drift trending down. Exceptions are documented and time-boxed. 

4. Alert volume reduction

What it is: A measure of how many alerts actually correlate to meaningful incidents. 
Why it matters: High alert volume hides real risk and drains team capacity. 

How to improve:  

• Consolidate tooling, de-duplicate at the source, only measuring what maps to user or service objectives.  
• Safely automate by applying Infrastructure as Code and Policy as Code to prevent drift and speed up recovery.

What good looks like: Fewer alerts, higher signal quality and a clear link between alerts and customer impact. 

5. Latency and packet loss against service objectives

What it is: End-to-end performance measured against the targets that matter most for your services. 
Why it matters: User experience is the ultimate goal. Device health means little if transactions stall. 

How to improve:  

• Set service-level objectives (SLOs) for your priority journeys, instrument path visibility and factor network changes into performance reviews.  
• Adopt Zero Trust principles to assume breach, verify access and enforce least privilege.  

What good looks like: Stable or improving latency and loss for your top services, even during high change periods. 

How to get started 

I recommend teams start small when adopting these metrics, but take the following into consideration: 

1. Select two high impact metrics that you can measure today. 
2. Automate the collection and reporting so data is timely and trusted.
3. Share a simple scorecard with trend lines and short commentary.
4. Only add more metrics when the first set is stable. 

How we can help

In my work with CIOs, one of the biggest challenges I see is turning network automation into something that’s measurable, governed and trusted. At CACI, we help organisations align automation with business goals, reduce operational risk and create real clarity around performance and compliance. 

We bring proven architectures, practical operating models and clear measurement frameworks, so teams can track success rates, reduce configuration drift and improve incident response. We also help teams build simple, outcome focused scorecards that connect day-to-day network activity to executive priorities. 

If you’d like support establishing a metrics baseline or shaping an automation roadmap around the principles in this blog, visit our Network Automation page to learn more or get in touch with our specialists. 

You can also download my Network Automation in 2026 eBook for a deeper look at the frameworks and metrics that high performing organisations are using today. 

In the next blog in this series, I’ll explore how assurance, observability and lifecycle management work together to make every network change safe. 

CACI Ltd is delighted to announce it has been selected by Amazon Web Services (AWS) as an official launch partner for the AWS European Sovereign Cloud (ESC), a major AWS initiative designed to help organisations meet stringent European digital sovereignty, security, and compliance requirements.

This appointment further reinforces CACI – a global AWS Premier Tier Partner – as a trusted advisor for organisations looking to adopt sovereign cloud solutions while leveraging the scale, resilience and innovation of AWS.

The European Sovereign Cloud is purpose-built to ensure the highest levels of governance and assurance, making it particularly suited for mission-critical and highly regulated sectors such as public services, national security, defence, financial services, healthcare, and critical infrastructure. This is also essential in supporting large commercial organisations navigate regulatory landscapes, protect sensitive data, and maintain customer trust at scale.

Why are the AWS ESC Principles Important?

The AWS ESC applies the principles above in the European context, giving organisations absolute confidence that their data and operations remain under tight European control, while enabling innovation without compromise.

Key capabilities include:

• EU-only operations: managed exclusively by EU-based personnel, ensuring governance and operational independence.

• EU data residency: all customer data – including metadata – remains within the EU, supported by isolated service environments.

• Independent European infrastructure: physically EU-based facilities with separate control systems including independent billing, security, and multiple Availability Zones for resilience.

What Being an AWS ESC Launch Partner Means for CACI Clients

CACI brings proven expertise in cloud transformation, security, and compliance. Becoming an ESC launch partner further enables CACI to:

• Guide organisations through sovereign cloud adoption using AWS best practices.

• Deliver secure and compliant solutions tailored to EU regulatory requirements.

• Enable innovation without compromise, by combining sovereignty with AWS scalability and resilience.

To prepare for this milestone, CACI has invested in advanced training for its teams on AWS Digital Sovereignty competency and principles, ensuring clients receive expert guidance in planning, migrating to, and operating sovereign cloud environments.

Tracy Weir, Chief Executive of CACI Ltd, comments: “We’re proud to be named an AWS launch partner for the European Sovereign Cloud. This partnership reinforces our dedication to helping organisations across public and private sectors meet stringent sovereignty requirements, whilst leveraging the power of AWS. It also underlines our commitment to delivering excellence and best practice across every stage of AWS cloud adoption.”

CACI AWS Credentials and Sovereign Cloud Expertise

CACI pairs deep AWS expertise with secure cloud delivery experience across defence, public services, finance, healthcare, and critical infrastructure. Our powerful capabilities include:

• First AWS Trusted Secure Enclave Vetted Partner the UK providing trusted National Security & Defence sensitive solutions

• Other AWS Competencies including Migration, DevOps and Government Consulting

• A partner ecosystem of 36+ strategic partners across all verticals

• Jezero Landing Zone Accelerator: AWS validated secure cloud LZA enabling rapid deployment on AWS, and compliance with global security standards

• 400+ AWS certifications: held by expert CACI engineers.

AWS ESC launch timeline, locations, and investment

AWS ESC begins its roll out from January 2026, starting with its first region in the State of Brandenburg, Germany, expanding capabilities and coverage to additional regions over time. This phased approach reflects AWS’s commitment to supporting European organisations with scalable, sovereign cloud solutions.

AWS has also committed €7.8 billion in investment in Germany by 2040 as part of this initiative, reinforcing its long-term support for European digital sovereignty and innovation.

With over five decades of delivering complex programmes across commercial and public sectors including highly regulated, mission-critical industries, CACI is well-positioned to help organisations adopt secure, compliant cloud solutions on the AWS European Sovereign Cloud.

For help with ESC or any AWS or other cloud projects, get in touch today.

The anticipated cyber threats facing UK businesses in 2026 are evolving faster than security teams can adapt. Attackers are using AI to generate convincing phishing attacks, exploit software supply chains, compromise cloud identities and launch highly disruptive ransomware campaigns. 

Recent research highlights the severity of the issue: 

• The National Cyber Security Centre (NCSC) warns that ransomware remains the most dangerous threat to UK businesses, noting that attackers now use automation and AI to scale campaigns across thousands of victims. 

• The latest UK Government Cyber Security Breaches Survey shows 50% of UK businesses experienced a cyber incident in 2024, rising to 74% for medium businesses and 91% for large organisations. 

• Meanwhile, the IBM Cost of a Data Breach Report reports an average UK breach cost of £3.4 million, one of the highest globally. 

To effectively safeguard your organisation into 2026, understanding how these cyber threats are evolving will be paramount. The key threats to prepare for are expected to be: 

1. AI-powered phishing and social engineering 

Cyber criminals now use generative AI to produce highly convincing phishing emails, cloned voices and deepfake videos. 

According to the National Cyber Security Centre (NCSC), AI will likely continue to “make elements of cyber intrusion operations more effective and efficient, leading to an increase in frequency and intensity of cyber threats.”Approximately £100 million was lost to investment scams driven deepfake videos in the first half of 2025.

Why it matters:

AI removes spelling errors, improves targeting and creates believable voice calls, making phishing harder to detect.

Actions to take:

• Enable multi-factor authentication (MFA) across all accounts 
• Train staff using AI-simulated phishing exercises 
• Introduce payment verification with multi-person approval 
• Use real-time email threat scanning. 

2. Ransomware as a service targeting UK SMEs 

Ransomware continues to dominate the UK threat landscape. 

• Global ransomware attacks have increased by 56% over the last two years. 
• The average downtime after a ransomware incident exceeds 21 days. 

Why it matters:

Ransomware groups now target SMEs because they are less likely to have strong incident response capabilities.

Actions to take:

• Maintain offline backups 
• Implement zero-trust identity policies 
• Create and rehearse a ransomware response pla
• Block admin rights by default 

3. Software supply chain compromise 

Supply chain attacks are now a priority risk area. 

• ENISA reports that supply chain risks comprise 10.6% of threat distribution.
• These attacks impact thousands of organisations simultaneously by compromising trusted software components. 

Why it matters:

Compromising one supplier can affect thousands of UK organisations simultaneously.

Actions to take: 

• Maintain a third-party risk register 
• Request Software Bills of Materials (SBOMs) from critical suppliers 
• Apply continuous dependency scanning 
• Implement zero trust network segmentation. 

4. Cloud misconfiguration and identity-based attacks 

Cloud adoption has surged across UK organisations, but configuration drift and weak identity controls are leading causes of breaches. 

• Cloud security breaches have been on the rise in recent years, with as much as 75% reportedly caused by inadequate identity, access or privilege management. 
• Misconfigured storage services continue to expose millions of records annually. 

Why it matters:

Most cloud breaches are preventable with strong identity, configuration and policy controls. 

Actions to take:

• Adopt secure cloud landing zones 
• Enforce MFA and conditional access 
• Use policy-as-code to eliminate misconfigurations 
• Continuously scan cloud environments. 

5. Nation state threats to UK critical infrastructure 

Geopolitical tensions have increased targeting of critical national infrastructure (CNI). 

• The NCSC warns that hostile states present a persistent and realistic threat to UK CNI. 
• ENISA notes a 30% rise in targeted attacks on European infrastructure providers. 

Why it matters:

Healthcare, energy, transportation and public services remain key targets due to their societal impact.

Actions to take:

• Implement zero trust across operational technology 
• Segment networks between IT and OT 
• Improve visibility with 24/7 threat monitoring 
• Apply NCSC Cyber Assessment Framework controls. 

6. Deepfake enabled fraud and CEO impersonation

Deepfake technologies are enabling highly sophisticated financial fraud. 

• Deloitte reports deepfake incidents have increased as much as 700% in certain industries.  
• UK Finance warns that criminals are increasingly impersonating executives to initiate fraudulent transactions. 

Why it matters:

Deepfakes undermine trust in human-to-human verification processes.

Actions to take: 

• Introduce strict financial verification processes.
• Train staff to spot manipulated audio and video.
• Adopt secure communication channels for executive approvals. 

7. Zero-day exploitation of widely used platforms

Zero-day attacks are escalating in frequency and speed. 

•  Google’s Threat Analysis Group recorded a 50 percent increase in zero-day exploitation in 2024.
• Attackers now exploit vulnerabilities within days or hours of disclosure. 

Why it matters:

Complex estates with legacy systems are especially vulnerable.

Actions to take:

• Prioritise patching for high-risk assets.
• Monitor for exploitation evidence.
• Implement virtual patching where possible.
• Use threat intelligence feeds. 

8. IoT and OT vulnerabilities in connected environments

Manufacturers, utilities, healthcare providers and logistics operations increasingly rely on connected devices. 

• ENISA cites OT systems as being “high value targets across all types of threats”. 
• Many IoT devices still rely on outdated firmware or contain default credentials. 

Why it matters:

Compromised IoT devices can become pivot points into critical operational systems.

Actions to take:

• Replace unsupported devices.
• Apply network segmentation for OT.
• Block inbound internet access to IoT.
• Deploy device-level monitoring. 

9. Insider threats amplified by hybrid working

Hybrid and remote work models increase insider risk: 

• The Ponemon Institute states that insider incidents account for over 25% of data breaches. 
• Misconfigurations, accidental data sharing and shadow IT remain serious concerns. 

Why it matters:

Accidental insider threats are far more common than malicious actors. 

Actions to take:

• Enforce least privilege access.
• Use behavioural analytics.
• Implement secure file sharing and DLP.
• Train staff on emerging threats.

10. API exploitation and automated attacks 

APIs now underpin modern digital services. 

• Akamai observed a 137% increase in API attack traffic. 
• Poorly secured APIs expose sensitive data and authentication weaknesses. 

Why it matters:

APIs expose data, identity and business logic if not securely managed.

Actions to take:

• Authenticate and authorise every API.
• Implement rate limiting.
• Continuously test API endpoints.
• Apply zero trust principles to API gateways. 

What has changed in the last year? 

• Phishing is now AI-powered 
• Ransomware involves triple extortion and data auctions 
• Supply chain attacks now target trust models in AI systems 
• Cloud attacks increasingly abuse identity, APIs and automation 
• Deepfake fraud has moved from fringe to mainstream 
• The threat landscape is faster, smarter and more financially motivated. 

An actionable cyber checklist: What UK organisations should do now 

These are the most impactful security actions UK organisations can take in the next 30 days to reduce exposure to cyber threats in 2026: 

Week 1: Strengthen identity and access 

• Enforce MFA for all users 
• Audit all admin and privileged accounts 
• Enable conditional access across cloud platforms 
• Remove shared accounts where possible 
• Rotate any high-risk or stale credentials. 

Week 2: Reduce cloud and configuration risk 

• Run a cloud misconfiguration scan (AWS, Azure, GCP) 
• Apply baseline cloud landing zone guardrails 
• Review API authentication and rate limiting 
• Disable any unused cloud workloads or exposed endpoints 
• Validate backup integrity and ensure offline copies exist. 

Week 3: Improve ransomware and supply chain resilience 

• Conduct a ransomware tabletop exercise 
• Review supplier risk for your top 10 critical vendors 
• Update incident response playbooks 
• Request Software Bills of Materials (SBOMs) where relevant 
• Validate segmentation between IT and OT networks. 

Week 4: Prepare for AI-enabled and deepfake attacks 

• Deliver an AI phishing simulation across the organisation 
• Implement voice and video verification checks for senior leadership 
• Update payment verification and financial approval processes 
• Train staff to recognise deepfake and social engineering signs 
• Review your organisation’s readiness against the NCSC Cyber Assessment Framework. 

What your board needs to know in 2026 

• Cyber threats now represent a material business risk, not just IT risk. 
• AI increases threat volume and reduces detection time. 
• Cloud identity and configuration security are top failure points. 
• Regulatory pressure is rising under ICO expectations and NIS2/DORA impacts. 
• Investment in governance, resilience and people is essential. 

How CACI can help

CACI helps organisations strengthen controls and capabilities through its Network Security and Enterprise Architecture services. Our cloud engineering and implementation services also ensure these controls are embedded from day one.

FAQs around cyber threats facing UK businesses in 2026

What are the biggest cyber threats to UK businesses in 2026?

The biggest threats include AI powered phishing, ransomware, supply chain compromise, cloud misconfiguration, API exploitation and nation-state activity. These attacks are highly automated and increasingly difficult to detect.

Why are UK SMEs at high risk of cyber attacks?

SMEs often have fewer cyber resources, limited monitoring and weaker controls, making them easier targets for ransomware and phishing. Attackers know SMEs are more likely to pay ransoms or fall for social engineering.

How can UK organisations defend against ransomware?

Defence strategies include MFA everywhere, secure backups, endpoint protection, zero trust principles, patching and rehearsed incident response plans. Aligning cloud governance with best practice significantly reduces risk.

How does AI change cyber threats in 2026?

AI increases attack volume and accuracy. Threat actors use AI to generate phishing content, clone voices, create deepfakes and analyse vulnerabilities faster than before. This reduces detection time and increases breach likelihood.

What does the NCSC recommend for improving cyber resilience?

The NCSC recommends MFA, patching quickly, securing cloud identities, conducting supply chain checks, reviewing backups and following the Cyber Assessment Framework. Businesses should ensure governance, risk and controls are regularly tested.

When it comes to strengthening your network security posture, doing so is no longer a nice-to-have, but a strategic necessity. The notion of strengthening your network may sound time-intensive and lengthy, however, there are some immediate changes that can lead to quick wins. In this blog, we uncover four key steps IT leaders can take to strengthen network security posture and immediate quick wins that can be achieved upon doing so.  

Four steps to strengthen your network security posture

Security is no longer optional. These four foundational actions will help you reduce risk and build resilience: 

1. Adopt zero trust principles

Zero trust means “never trust, always verify.” Every user and device inside or outside the network must be authenticated and authorised. This approach limits the impact of breaches and is now recommended by the NCSC and leading global providers.  

• Implement strong authentication for all users and devices.  
• Segment networks to limit lateral movement.  
• Continuously monitor for unusual behaviour.  

2. Automate detection and response

Manual processes cannot keep pace with modern threats. Automation can reduce response times by up to 40%, demonstrating its ability to help defenders stay ahead. 

• Use AI-driven tools for threat detection and alert triage.  
• Automate patching, backup, and incident response workflows.
• Regularly test and updated automated playbooks.

3. Operational load

With many IT teams stretched thin, managed network services allow organisations to focus on strategy while experts handle day-to-day operations, monitoring and compliance. 

• Consider managed firewall, detection and response and vulnerability management services.  
• Ensure providers offer transparent reporting and clear SLAs.

4. Secure hybrid work

With two-thirds of UK employees working remotely at least part-time, endpoint protection and secure remote access are essential.  

• Enforce multi-factor authentication for all remote access.  
• Protect endpoints with up-to-date security software and policies.
• Educate staff on secure working practices. 

Quick wins: Immediate actions UK IT leaders should take 

Not every improvement requires a major investment or a long-term project. The following actions can quickly reduce risk and strengthen your security posture:  

Enable multi-factor authentication (MFA) 

Multi-factor authentication (MFA) is one of the most effective ways to prevent account compromise, blocking the majority of phishing and credential stuffing attacks.  

• Enforce MFA for all users, not just administrators.  
• Use app-based or hardware tokens for stronger protection. 
• Regularly review and test MFA coverage.  

Read NCSC guidance on MFA  

Patch the basics consistently and quickly

Most breaches exploit known vulnerabilities. Even delays in patching of a few days can be costly.  

• Maintain an up-to-date inventory of all assets, including cloud workloads and remote endpoints. 
• Apply critical patches within 14 days, as recommended by the NCSC.  
•  Automate patch deployment and monitor for failures.  

Back up critical data securely and test your restores

Ransomware is only effective if you cannot recover your data. Secure, tested backups are essential.  

• Use immutable, offsite or cloud-based backups.  
• Regularly test restores to ensure data integrity.  
• Protect backup credentials with MFA and restrict access.

Review firewall rules and access controls

Firewall policies can become cluttered over time with unused or overly permissive rules, creating hidden vulnerabilities.  

• Schedule regular firewall reviews to remove unused or risky rules.  
• Align policies with current business needs.  
• Use automated tools to analyse policies for overlaps and compliance gaps.   

Run a tabletop incident response exercise 

Plans are only effective if teams can execute them under pressure. Tabletop exercises simulate real-world incidents, allowing teams to rehearse roles and identify gaps.  

• Involve both technical and business stakeholders.  
• Use realistic scenarios tailored to your organisation.
• Capture lessons learned and update your incident response plan.  

See NCSC’s guidance on incident response exercises 

How CACI can help enhance your network security

CACI has helped UK businesses protect their networks for decades. From network security to data centre solutions and IT consulting, our expertise delivers secure-by-design architectures, automation, and incident readiness for robust network security.  

Download our 2026 Network Security Survival Guide today to learn more about how your organisation can set its network environments up for success. 

The demand for cloud-based offerings has surged following the uptake of hybrid working and evolving customer expectations and digital infrastructure. Businesses that fail to adapt run the risk of being left behind. Understanding the benefits to determine whether cloud adoption is right for you is therefore critical. 

In our previous blogs, we shared the key advantages of cloud adoption and challenges in cloud security. In our final blog of this series, we share integral steps to strengthen your organisation’s cloud security. 

As more businesses adopt cloud technology, primarily to support hybrid working, cybercriminals are focusing their tactics on exploiting vulnerable cloud environments. Over the last year, a report found that 80% of organisations experienced at least one cloud security breach. 

This issue has been exacerbated by soaring global demand for tech talent. On a global scale, the demand for cybersecurity professionals reaches well into the millions, which is far beyond the current number of working individuals as is. Hiring and training new talent at pace is impossible with this accelerating demand. 
 
It’s a vulnerable time for enterprise organisations, and cloud security is the top priority for IT leaders. Here we consider the critical steps you can take now to make your business safer. 

1. Understand your shared responsibility model

Defining and establishing the split of security responsibilities between an organisation and its CSP is one of the first steps in creating a successful cloud security strategy. Taking this action will provide more precise direction for your teams and mean that your apps, security, network and compliance teams all have a say in your security approach. This helps to ensure that your security approach considers all angles.

2. Create a data governance framework

Once you’ve defined responsibilities, it’s time to set the rules. Establishing a clear data governance framework that defines who controls data assets and how data is used will provide a streamlined approach to managing and protecting information. Setting the rules is one thing, however; ensuring they’re carefully followed is another. Employing content control tools and role-based access controls to enforce this framework will help safeguard company data. Ensure your framework is built on a solid foundation by engaging your senior management early in your policy planning. With their input, influence and understanding of the importance of cloud security, you’ll be better equipped to ensure compliance across your business. 

3. Opt to automate

In an increasingly hostile threat environment, in-house IT teams are under pressure to manage high numbers of security alerts. It doesn’t have to be this way though. Automating security processes such as cybersecurity monitoring, threat intelligence collection and vendor risk assessments means your team can spend less time analysing every potential threat, reducing admin errors and dedicating more time to innovation and growth activities. 

4. Assess and address your knowledge gaps

Your users can either provide a strong line of defence or open the door to cyber-attacks. Make sure it’s the former by equipping staff and stakeholders access to your cloud systems with the knowledge and tools they need to conduct safe practices, such as by providing training on identifying malware and phishing emails. For more advanced users of your cloud systems, take the time to review capability and experience gaps and consider where upskilling or outsourcing is required to keep your cloud environments safe. 

5. Consider adopting a Zero Trust model

Based on the principle of ‘Never Trust, Always Verify’, a Zero Trust approach removes the assumption of trust from the security architecture by requiring authentication for every action, user and device. Adopting a Zero Trust model means always assuming that there’s a breach and securing all access to systems using multi-factor authentication and least privilege. In addition to improving resilience and security posture, this approach can also benefit businesses by enhancing user experiences via Single Sign-On (SSO) enablement, allowing better collaboration between organisations and increased visibility of your user devices and services. However, not all organisations can accommodate a Zero Trust approach. Incompatibility with legacy systems, cost, disruption and vendor-lock-in must be balanced with the security advantages of Zero Trust adoption. #

6. Perform an in-depth cloud security assessment

Ultimately, the best way to bolster your cloud security is to perform a thorough cloud security audit. Having a clear view of your cloud environments, users, security capabilities and inadequacies will allow you to take the best course of action to protect your business. 

7. Bolster your defences

The most crucial principle of cloud security is that it’s an ongoing process and continuous monitoring is key to keeping your cloud secure. However, in an ever-evolving threat environment, IT and infosec professionals are under increasing pressure to stay ahead of cybercriminals’ sophisticated tactics. 

A robust threat monitoring solution can help ease this pressure and bolster your security defence. Threat monitoring works by continuously collecting, collating and evaluating security data from your network sensors, appliances and endpoint agents to identify patterns indicative of threats. Threat alerts are more accurate with threat monitoring analysing data alongside contextual factors such as IP addresses and URLs. Additionally, traditionally hard-to-detect threats such as unauthorised internal accounts can be identified. 

Businesses can employ myriad options for threat monitoring, from data protection platforms with threat monitoring capabilities to a dedicated threat monitoring solution. However, while implementing threat monitoring is a crucial and necessary step to securing your cloud environments, IT leaders must recognise that a robust security programme comprises a multi-layered approach utilising technology, tools, people and processes. 

Download our Cloud Security Assessment Checklist and discover proven strategies to strengthen your defences in our comprehensive guide.

The demand for cloud-based offerings and cloud adoption has accelerated, with the importance of flexibility and agility now being realised. Without adapting, businesses risk being left behind. What are the benefits, however, and how do you know if it’s the right solution for you? 

We shared the key advantages of cloud adoption in our previous blog. This time around, we identify the biggest challenges of cloud security. 

Cloud adoption has become increasingly important in recent years, with 64% of all enterprises now regarding cloud security as a pressing security discipline. Despite its integral role, more than half of all enterprises find securing cloud environments to be more complex than securing on-premises venues. 

As cybercriminals increasingly target cloud environments, the pressure is on for IT leaders to protect their businesses. Here, we explore the most pressing threats to cloud security you should take note of. 

Limited visibility

The traditionally used tools for gaining complete network visibility are ineffective for cloud environments as cloud-based resources are located outside the corporate network and run on infrastructure the company doesn’t own. Furthermore, most organisations lack a complete view of their cloud footprint. You can’t protect what you can’t see, so having a handle on the entirety of your cloud estate is crucial. 

Lack of cloud security architecture and strategy

The rush to migrate data and systems to the cloud meant that organisations were operational before thoroughly assessing and mitigating the new threats they’d been exposed to. The result is that robust security systems and strategies are not in place to protect infrastructure. 

Unclear accountability

Pre-cloud, security was firmly in the hands of security teams. In public and hybrid cloud settings, however, responsibility for cloud security is split between cloud service providers and users, with responsibility for security tasks differing depending on the cloud service model and provider. Without a standard shared responsibility model, addressing vulnerabilities effectively is challenging as businesses struggle to grapple with their responsibilities. This not only obfuscates incident response, but increases the likelihood of risks and misconfigurations. 

Misconfigured cloud services

Misconfiguration of cloud services can cause data to be publicly exposed, manipulated or even deleted. It occurs when a user or admin fails to set up a cloud platform’s security setting properly. For example, keeping default security and access management settings for sensitive data, giving unauthorised individuals access or leaving confidential data accessible without authorisation are all common misconfigurations. Human error is always a risk, but it can be easily mitigated with the right processes. 

Data loss

Data loss is one of the most complex risks to predict, so taking steps to protect against it is vital. The most common types of data loss are: 

• Data alteration – when data is changed and cannot be reverted to the previous state. 
• Storage outage – access to data is lost due to issues with your cloud service provider. 
• Loss of authorisation – when information is inaccessible due to a lack of encryption keys or other credentials. 
• Data deletion – data is accidentally or purposefully erased, and no backups are available to restore information. 

While regular back-ups will help avoid data loss, backing up large amounts of company data can be costly and complicated. Nonetheless, ransomware attacks swelled by 126% earlier this year, reiterating the necessity for businesses to conduct regular data backups.  

Malware

Malware can take many forms, including DoS (denial of service) attacks, hyperjacking, hypervisor infections and exploiting live migration. Left undetected, malware can rapidly spread through your system and open doors to even more serious threats. That’s why multiple security layers are required to protect your environment. 

Insider threats

While images of disgruntled employees may spring to mind, malicious intent is not the most common cause of insider threat security incidents. Worryingly, the frequency of insider-led incidents is on the rise. According to a report published this year, nearly half of the organisations surveyed noticed an increase in the frequency of their insider threats. The financial repercussions of this increase have led to costs increasing by 109% between 2018 to 2024, posing serious financial risks to affected organisations. 

Compliance concerns

While some industries are more regulated, you’ll likely need to know where your data is stored, who has access to it, how it’s being processed and what you’re doing to protect it. This can become more complicated in the cloud. Furthermore, your cloud provider may be required to hold specific compliance credentials. 

Failure to follow the regulations can result in substantial legal, financial and reputational repercussions. Therefore, it’s critical to handle your regulatory requirements, ensure good governance is in place and keep your business compliant. 

API vulnerabilities

Cloud applications typically interact via APIs (application programming interfaces). However, insecure external APIs can provide a gateway, allowing threat actors to launch DoS attacks and code injections to access company data. 

In 2020, Gartner predicted API attacks would become the most frequent attack vector by 2022. With over half of all enterprises reporting an increase in direct attacks to compromise infrastructure as of 2025, this prediction has become a reality. Addressing API vulnerabilities will therefore be a chief priority for IT leaders in 2025 and beyond. 

Check out our comprehensive guide to cloud security for more insights on overcoming these challenges and safeguarding your business against evolving threats.

Cloud adoption is no longer seen as a means for storage, but a foundation for intelligent business capabilities. Businesses that have adopted the cloud are able to reap benefits far beyond cost savings, enhancing operational flexibility, enabling faster disaster recovery and much more. In the first blog of our cloud security series, we explore the key advantages of cloud adoption. 

Flexibility

Cloud infrastructure is the key to operational agility, allowing you to scale up or down to suit your bandwidth needs. The pay-as-you-go model offered by most cloud service providers (CSPs) also means that you pay for usage rather than a set monthly fee, making IT spending a more manageable operational expense. The ability to scale resources according to demand also ensures performance will be optimal during peak times and eliminate waste during downtime. 

Reduced cost

Kind to your cash flow, cloud computing cuts out the high hardware cost. The availability of the aforementioned pay-as-you-go models can significantly cut costs. Not to mention the cost-savings of reduced resources, lower energy consumption and fewer delays.  

Disaster recovery

From natural disasters to power outages and software bugs, if your data is backed up in the cloud, it is at a reduced risk of system failure as the servers are typically far from your office locations. You can recover data anywhere to minimise downtime by logging into the internet’s cloud storage portal. 

Accessibility

We’ve all heard that the office is dead. Workers want the ability to work anytime, anywhere. With cloud (and an internet connection), they can. The cloud enables workforces to be distributed through secure access to data and applications from any location, which is critical in today’s hybrid working world. 

Greater collaboration

Cloud infrastructure makes collaboration a simple process, changing the parameters of how and where teams can work. The cloud can drastically improve workplace productivity, from online video calls to sharing files and co-authoring documents in real-time. It offers a centralised, secure and real-time working environment that bolsters communication and helps streamline workflows. These cloud-native applications are designed to make our lives more efficient through greater collaboration.  

Strategic value

Ultimately, businesses that have adopted the cloud typically experience greater cost efficiencies, faster speed to market and enhanced service levels. Adopting the cloud not only reimagines business models and builds resilience but also enables organisations to be agile and innovative. For example, adopting DevOps methodologies can be an essential element for businesses looking to get ahead of their competitors. 

But what about security? Earlier this year, a reported 61% of organisations felt security and compliance were their primary barriers to cloud adoption. Rushed application and the resulting lacklustre security have only intensified security concerns as cybercriminals increasingly target cloud environments. 

Download our comprehensive guide to cloud security and start securing your cloud today.

In my previous blog articles, I highlighted the most significant cybersecurity threats faced by businesses in 2023 and debunked five prevalent misconceptions surrounding threat management. Moreover, I emphasised that safeguarding against cyber threats demands an ongoing commitment rather than a singular investment. In this concluding blog post, I will outline the best practices to ensure the safety of your business.

Why is Threat Management so important?

Before we go into the best practice of Threat Management, let me explain its importance. The variety of threats has significantly increased and attack strategies have become more complex across the globe. Your Security Operations Centre (SOC) teams must prioritise cybersecurity capabilities and implement a practical Threat Management framework.

If a data breach can be detected sooner the blast radius can be significantly reduced, cutting the financial cost substantially and reducing any fines imposed. According to the data breach report published by IBM in 2022, companies can save more than £960K if they can detect a data breach in 200 days or less.

Therefore, an effective Threat Management plan is essential for your company to have the best chance of quickly detecting and responding to threats.

What’s the best practice for Threat Management?

Threat Management requires seamless integration between people, processes and technology to stay ahead of emerging threats and security risks. Here’s some advice on what you need for each element.

People – Establishing a cybersecurity culture

Your C-suite executives and Board members play a crucial role in establishing a cybersecurity culture. By formulating a governance structure and proactively communicating their expectations to the employees, leaders and managers can motivate them to learn the risks and cooperate with your company’s cybersecurity strategy.

Processes – NIST Cybersecurity Framework

I recommend the NIST Cybersecurity Framework (CSF 1.1) to help you effectively manage the threats. This is a set of guidelines published by the U.S. National Institute of Standards and Technology to mitigate cybersecurity risks for organisations. According to a survey in 2021, almost 48% of respondents said they were using this framework standard to map their control system. Furthermore, NIST will launch a new and more significant update to the Framework, CSF 2.0, in early 2024 to keep pace with technology and threat trends, integrate lessons learned and move the best practice to common practice.

CSF 1.1 comprises five primary functions: Identify, Protect, Detect, Respond and Recover. These functions are not intended to form a sequential path but are performed in parallel, forming an operational culture that addresses the dynamic cybersecurity risk.

Credit: N. Hanacek/NIST

Identify – This is the fundamental function for effectively using the Framework. Your SOC teams should thoroughly understand your business resources and risks. The activity categories include Asset Management, Business Environment, Governance, Risk Assessment and Risk Management Strategy.

Protect – Your SOC teams need to develop and implement appropriate safeguards to ensure the delivery of critical services. This function encompasses activities in Identity Management and Access Control, Awareness and Training, Data Security, Information Protection Processes and Procedures, Maintenance and Protective Technology.

Detect – This function refers to the activities to identify the occurrence of a cybersecurity event on a timely basis. The activities are categorised into Anomalies and Events, Security Continuous Monitoring and Detection Processes.

Respond – Make sure your SOC teams develop an action plan to respond to detected cyberattacks and other cybersecurity incidents. They can create activities around Response Planning, Communications, Analysis, Mitigation and Improvements.

Recover – This is a critical function to ensure business continuity in the event of a cyberattack. Your SOC teams can plan activities in Recovery Planning, Improvements and Communications for cyber resilience plans.

Technology – Leveraging different tools and new technology

Other than the threat management tools that I introduced in the last blog, your SOC teams can leverage various technologies such as Artificial Intelligence, Machine Learning, behavioural analysis, prediction tools and Internet of Things modules to automate parts of the Threat Management process. This can help ensure your data integrity and prevent any holes in your cybersecurity systems.

Conclusion

The success of a comprehensive Threat Management strategy hinges upon the active involvement of all your colleagues, beginning with your organisational leaders. By fostering a robust cybersecurity culture within your company, you can ensure that your colleagues receive thorough training and grasp the significance of cybersecurity. Through the seamless integration of streamlined processes and cutting-edge technology, your company will be able to swiftly identify threats and respond proactively, thereby fortifying information security and bolstering business continuity management.

How CACI can help

CACI has cybersecurity experts who can improve your business’s protection levels. Our capabilities include Zero Trust Network Architecture, Threat Analytics, Systems Hardening and Network Analytics. We can also perform a risk assessment to advise you on your cybersecurity needs. Find out more about our cybersecurity capabilities.

Notes:
[1] Cybersecurity standards usage control systems 2021 | Statista
[2] Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (nist.gov)
[3] Quick Start Guide | NIST
[4] Cost of a data breach 2022 | IBM