2025 was the year that exposed the gap between cyber strategy and operational reality. For UK security leaders, the lesson learned was that resilience, sustainability, and judgement mattered more than volume. Now, the challenge is responding to threats with clarity until one inevitably succeeds.

By the end of 2025, it became clear that cyber resilience was no longer a theoretical ambition. Now, it’s an operational reality being tested under sustained pressure.

Last year exposed the limits of security models built for a different pace, a different scale, and a different kind of attacker. Familiar access techniques, such as phishing and credential compromise, continued to dominate, but the damage came later. Attacks moved quietly, used trusted access, and blended into normal behaviour for long enough to evade traditional detection.

For many organisations, this can be classed as a failure of assumptions, as opposed to a tooling failure.

Once attackers were inside, security strategies built for prevention struggled. SOC teams were overwhelmed by volume, and they found it harder to identify the signals that mattered. Operating models stretched by skills shortages and alert fatigue began to show signs of strain.

2025 forced a shift in mindset. Rather than asking ‘How do we stop everything?’, the question became something more honest and useful. Now, it was ‘How prepared are we when something inevitably gets through?’

That shift will define cyber resilience in 2026.

Resilience replaces perfection

Resilience has long been discussed as a strategic goal. In 2025, it was seen as a practical measure of effectiveness.

The organisations that coped the best were those that could detect, contain, and recover with confidence. Having the largest number of controls didn’t determine success. They understood that incidents were sequences of behaviour unfolding over time.

Early visibility, clear escalation paths, and disciplined response mattered more than flawless prevention.

In environments where attackers relied on legitimate credentials and lateral movement, rather than malware, that was evident. When malicious behaviour looks like normal activity, resilience depends on context and judgement, not volume-based alerting.

The lesson we should take is uncomfortable, but important. Security programmes designed around perfection break under pressure. Those designed around preparedness adapt and thrive.

SOC sustainability became a leadership issue

Another defining theme of 2025 was the growing strain on security operations centres.

Alert volumes continued to rise as environments expanded across identity, cloud, network, and SaaS platforms. Analyst burnout, skills shortages, and cost pressures all became structural challenges rather than short-term issues. Decisions around data ingestion, retention, and prioritisation were now directly affecting visibility and response capability.

What many organisations discovered was that SOC sustainability is a leadership concern. When analysts spend most of their time validating low-value signals, the risks become hidden. Once teams are stretched thin, the ability to respond decisively degrades long before dashboards reflect a serious problem.

SOC effectiveness will be judged less by activity and more by focus. The ability to prioritise the right signals, at the right time, with the right context will matter more than the number of alerts processed.

AI: Accelerating outcomes, exposing weak operating models

AI featured prominently in security discussions throughout 2025, often framed as a solution to scale and skills challenges. In practice, it acted more like a stress test.

Where operating models were disciplined, AI helped reduce noise, accelerate investigation, and preserve analyst time for judgement. Where processes were unclear or poorly governed, AI amplified inconsistency and introduced new risk.

AI isn’t an immature solution. Instead, AI just doesn’t compensate for weak foundations.

Over-automation, particularly in areas that require explainability and accountability, proved risky. The most effective applications of AI were those that supported prioritisation and context. They shouldn’t be used as an attempt to replace human decision-making altogether.

As a result, the conversation is more grounded. AI is being increasingly understood as an augmentation layer that must operate within clearly defined guardrails.

Architecture and visibility shaped outcomes

One of the quieter but most consequential lessons from 2025 was the role of architecture in resilience outcomes. Applications are distributed, users are mobile, and identity has become the primary control plane.

Security controls that sit outside the network struggle to deliver the visibility and speed required. Attacks don’t respect tool boundaries. They move wherever identity, network, or cloud visibility are weakest.

Organisations that aligned networking and security more closely were better positioned to detect anomalous behaviour early and respond with confidence. This was less about adopting a specific framework, and more about reducing fragmentation and blind spots.

Architecture decisions will now increasingly be recognised as security decisions. Visibility, policy enforcement, and response speed are now tightly coupled to how environments are designed and operated.

What this means going forward

If 2025 was the year resilience was tested, 2026 will be the year it’s measured.

Boards and executives will ask harder questions about preparedness, rather than just focusing on coverage. CISOs will be expected to demonstrate how attacks are prevented and how incidents are handled when prevention fails. Security leaders will need to articulate how their operating models scale sustainably under intense pressure.

The organisations that succeed will be those that stop treating resilience as a set of controls. They need to treat it as a capability that spans people, process, technology, and partnerships.

Cyber resilience is no longer about stopping every attack. It’s about responding with clarity when one succeeds.

Security hasn’t become an impossible task. It’s just become more honest. Noise is easy to generate, and signal is hard to find. Resilience is built long before an incident ever occurs.

Which organisations will be rewarded? It’ll be the ones that have learned the lesson and acted on it.

To see these insights in more detail, read the full breakdown in Gamma Communications’ Cyber Resilience Report: Cyber Resilience for UK Enterprises – Gamma

Dropbox and ALSO have expanded their partnership to the UK through the ALSO Cloud Marketplace, adding the market to a wider rollout across six additional EMEA countries.

UK resellers can now sell the full Dropbox portfolio through the marketplace, including core file storage and collaboration products, Dropbox Sign, Replay and Dropbox Dash. The arrangement includes local billing, support and partner enablement.

The expansion builds on momentum in Germany, Austria, Switzerland and the Nordic region. Alongside the UK, the broader rollout covers France, Spain, Portugal, Benelux and Italy.

For channel partners, the agreement expands the range of Dropbox products available through a single procurement route. It also gives ALSO a broader software and productivity portfolio in markets where distributors and cloud marketplaces are competing for reseller attention.

Partner Support

Support for partners in the newly added markets includes attractive margins and performance-based incentives, tailored onboarding programmes, multilingual sales, marketing and technical support, market development funds and partner community programmes.

The aim is to help resellers sell more to existing customers while expanding into adjacent areas such as workflow tools and AI-based productivity software. This reflects a wider shift in the channel, as distributors seek to package collaboration, document handling and search tools together rather than sell storage products in isolation.

Through ALSO, Dropbox is offering its main collaboration and content products as well as newer workflow and search tools. The company describes Dash as a context-aware AI product that connects across work applications to help users find content more quickly.

ALSO, which describes itself as Europe’s largest technology provider for the ICT sector, brings a large reseller network to the partnership. Its ecosystem has a potential reach of more than 140,000 resellers and spans hardware, software and IT services from more than 800 vendors.

That scale matters in the UK market, where software vendors continue to rely on distributors and marketplaces to reach small and mid-sized business customers through managed service providers and resellers. A marketplace model can simplify billing and provisioning while reducing the number of separate vendor relationships partners need to manage.

Artjoms Krūmiņš, Group Lead CoC Software & Cybersecurity at ALSO, commented on the broader rollout: “We are pleased to further strengthen our strategic partnership with Dropbox by extending our collaboration into additional regions. Building on a strong foundation, this expansion broadens our market reach, strengthens ALSO’s portfolio and further enhances the value we deliver to partners and customers across EMEA.

“Together with Dropbox, we are well positioned to support the evolving needs of the market and help partners capture new growth opportunities.”

Channel Focus

Dropbox framed the agreement as part of its channel strategy, focused on giving partners more products to take into customer accounts. The company has been working to expand beyond file synchronisation and sharing into search, e-signature and workflow tools.

David Keogh, Global Head of Channel at Dropbox, said the latest expansion is intended to create more routes to revenue for partners. “This expansion with ALSO is an important step for our partner ecosystem. By combining ALSO’s reach with Dropbox’s portfolio, we’re opening up new opportunities for partners to grow, build new revenue streams, and deliver more value to customers.

“Customers benefit from secure, productivity-focused solutions that are increasingly powered by AI to help teams work more efficiently. Together, this is a strategic partnership built to scale and support long-term growth across the channel.

“Partners are looking for practical solutions they can introduce into existing customer environments. With products like Dash, we’re supporting resellers looking to expand beyond storage and collaboration into AI-powered productivity, creating new opportunities for growth.”

The Blewbury Bread Co was launched to immediate success six years ago from the garage of its founder, Jack O’Nolan, where every loaf and treat has been baked since then.

Since then, the bakers have expanded to stock the Bread Shed at Savages Garden Centre in Blewbury, Root One Garden Centre near Didcot Mr & Mrs Park’s Butchers in Cholsey and Brightwell Village Stores.

READ MORE: Oxfordshire pub crowned UK Greene King Pub of the Year 2026

They’re now preparing for their biggest expansion yet, into their very own bakery and shop in St Peter’s Place, Wallingford.

Jack O’Nolan (centre) and team at the old bakery premises (Image: Blewbury Bread Co)

With their final bake in Blewbury finished off on Saturday, April 18, the new opening is imminent.

A statement from head baker said: “I can’t lie, it was a bit of a moment – almost bang on six years to the day when we started, the first loaf being baked in our domestic ovens in April 2020.

“It was sadly time to say goodbye to the garage bakery, as we look to move forward onto our next step, on St. Peter’s Street in Wallingford.

“While the baking is moving to our new premises, I want to reassure you that will keep our site at Savages Blewbury going.

The Blewbury Bread Co bakers (Image: Blewbury Bread Co)

READ MORE: Prince William in Oxfordshire today on royal visit

“We couldn’t have made it this far without the support of our Blewbury customers, and we’d very much like to continue to serve you from the village it all started in.

“This journey has also certainly been a team effort, with a lot of support from family and friends, helping with baking, shaping, market stalls and all the team we’ve had over the last few years.

The new shop in St Peter’s Place, Wallingford (Image: Blewbury Bread Co)

“We look forward to seeing you all very soon in Wallingford, and to continue to serve you in Blewbury too.”

The Wallingford premises will now become the independent business’ only baking space, and will offer loaves, pastries, savouries, sweet treats and more over the counter, too.

A proposal to refit and refurbish the ground floor retail unit, on the corner with Wood Street, was submitted to South Oxfordshire District Council in March.

READ MORE: Wantage arrest for ‘weapons and drugs’ after police chase

New signage and branding has now gone up at the shop with a teaser that it is ‘opening soon’.

Mr O’Nolan added that the first-ever brick and mortar site has come at the right time for the business, from its humble beginnings delivering loaves during the pandemic, selling flour for charity and hosting pop ups at pubs and garden centres.

No official opening date has yet been announced but customers are advised to ‘watch this space’.