Kao Data has appointed Spencer Lamb as Chief Executive Officer, completing a change in the company’s leadership structure.

Lamb, who joined the data centre operator in 2020, steps up from his previous role as managing director and chief commercial officer. He will oversee day-to-day operations and growth across the group’s UK sites, while founder and executive chairman David Bloom continues to focus on financing, partnerships, acquisitions and government engagement.

The appointment comes as demand for artificial intelligence-related computing infrastructure continues to reshape Britain’s data centre market. Operators are seeking larger sites, more electricity and closer coordination with grid and energy planning as customers deploy denser computing systems.

Kao Data has built a portfolio spanning Harlow, Slough, Northolt, Park Royal in west London and Greater Manchester, with additional sites under development. Lamb has played a central role in expanding that footprint as a member of the senior management team.

Before taking the top job, he led the company’s go-to-market efforts and helped secure customers in cloud, artificial intelligence, enterprise, financial services and scientific computing. He also helped develop its Harlow campus into a major location for high-performance computing, AI, research and life sciences workloads.

Leadership shift

The reshuffle formalises a division of responsibilities already taking shape inside the business. Under the new structure, Lamb will run operations and execution, while Bloom remains closely involved in strategic direction and capital planning.

The split reflects broader pressures across the sector, where data centre groups are balancing the need to bring new capacity online quickly with the demands of securing funding, land and power. For companies aiming to serve AI customers, those questions have become more pressing as infrastructure projects grow larger and more complex.

Lamb has also become a prominent voice in discussions about the UK’s digital infrastructure and energy requirements. He has worked with local and central government on the role data centres play in the digital economy and the need to align computing infrastructure expansion with the national grid and wider energy plans.

Kao Data is positioning itself as a specialist provider of facilities for AI and advanced computing. Its portfolio amounts to more than 160MW of IT load that is operational, under development or planned, according to the company.

Backed by international investors, the business has sought to differentiate itself through sites designed for large-scale computing demand. Britain’s data centre market has attracted growing interest from investors and operators as cloud providers and AI developers seek more domestic capacity.

In that environment, executive appointments have taken on added significance, especially at privately backed infrastructure groups that must manage both commercial growth and long-term capital needs. Lamb’s promotion from within also points to continuity in strategy rather than a change in direction.

Lamb said: “I have loved my time at Kao Data, and I am excited to step up and lead the company as its CEO. One of the biggest strengths of Kao Data is our ‘player-manager’ mentality, recruiting from within to develop and grow our people, which is exactly what this role calls for. I am looking forward to ensuring Kao Data continues to play a strong and defining role in the UK’s AI infrastructure story, and that we keep delivering for our customers, our people and the communities we operate in.”

Bloom said: “Spencer’s appointment formalises what has been an increasingly natural evolution in how we lead this business. He has the DNA of this company and is, quite simply, a ‘Kao person’ through and through and an outstanding leader in this industry. As CEO, Spencer will drive Kao Data’s operations and day-to-day growth strategy, while I remain directly focused on the strategic priorities that will shape our next chapter: major financing, capital partnerships, M&A, and our ongoing engagement with government on the UK’s AI infrastructure agenda. This is a leadership structure built deliberately for scale, and I am excited about what we will build together.”

These days, it’s not good enough to get the alert. The speed and sophistication of today’s attackers along with the growing number of insider-driven and data-handling risks demand that we find issues even before traditional detections trigger. Modern threats increasingly blend into normal user behaviour, especially when the activity involves sensitive data moving across cloud apps, browsers, and collaboration tools.  

AI-powered attackers and AI-enabled users are forcing defenders to rethink their approach. As we “shift left,” even the acceptable timeframe for discovering potential data exposure is shrinking. By the time a detection triggers, the data may have already been copied or shared outside approved channels. 

This is why proactive threat hunting is evolving into an essential discipline. In many organisations, that means focusing on the early indicators of data misuse, not just system compromise. Advancements in AI and automation now make it far more practical for security teams to identify patterns of risky data movement long before they escalate into incidents. 

In this article, I’ll explore the growing need for proactive threat hunting, the risks of relying on reactive alerts in 2026, and how modern capabilities are helping organisations pivot from being the hunted to becoming the hunter when it comes to protecting their most sensitive information. 

Explaining the Industry Shift Towards Proactive Threat Hunting

Rapid, AI-powered attacks are getting increasingly buried within legitimate business workflows. By the time SOCs or security teams receive a rule-based alert, a user may have already synced classified files to an unmanaged cloud drive, copied sensitive content into an AI tool, or moved high-value data in a way that appears benign on the surface.

These types of low-and-slow actions often evade traditional detection because they mimic normal productivity. Insider misuse and subtle forms of data leakage rarely trigger the same type of signatures as malware or command-and-control traffic. Even AI-driven social engineering attacks now create downstream data risks without necessarily involving a malicious link or attachment. 

Catching these scenarios requires looking directly at data interactions, not just at system events. Proactive threat hunting shifts the focus to understanding how, where, and why sensitive data is being accessed or moved and whether that behaviour aligns with what is expected.

For that, you need a certain set of skills.

Threat Hunting: Skills Required

The role of threat hunter has always been a hybrid one, combining technical expertise with strong analytical instincts. In a data-centric context, that combination becomes even more important.

Threat hunters must know how to gather and interpret telemetry related to data handling, such as file access, classification tags, transfer paths, browser activity, cloud sync behaviour, and anomalies in user behaviour patterns. They need to understand not only the technology but also the organisation’s workflows, so they can distinguish legitimate use from subtle misuse.  

The best hunters pick up on patterns: unusual volumes of data movement, access outside normal working hours, files moving to new destinations, or slowly escalating behaviours that wouldn’t trigger a single alert on their own. There’s still a human element of gut instinct and puzzle-solving, but now it’s applied to data behaviour rather than purely system-level indicators.  

How Much Automation and Agentic AI in Threat Hunting?

A lot, and more every day. Fortunately, automation and AI are stepping in to close the skills gap and augment human analysts, especially within data protection workflows. 

AI-powered threat hunting doesn’t replace expertise; it amplifies it. Think of it as a mech suit for data security teams. Many of the foundational tasks like collecting telemetry, enriching events, and correlating user actions across applications are already automated. Agentic AI systems can now evaluate data movement patterns, identify anomalies, and highlight situations that warrant closer human review.

Advancements in analytics, machine learning and threat intelligence are accelerating this trend, further improving the execution of autonomous threat hunting and helping teams surface early indicators of risky data behaviour with greater speed and accuracy.

What we’ll see going forward is an even tighter pairing between AI and human judgement. AI handles scale and pattern recognition; humans bring context, business understanding, and the ability to make nuanced decisions about risk.

Weighing the Benefits of Threat Hunting for Your Team

For many companies, proactive threat hunting may seem like a luxury reserved for the largest and most mature security programs. But the benefits, especially in a data-centric world, increasingly outweigh the costs.

There are certainly up-front investments: gaining visibility into data movement, deploying AI-enhanced tools, and ensuring the right people can interpret the signals. There are operational costs as well, such as maintaining policies, managing alerts, and training analysts to understand data behaviour.  

But the benefits are substantial. Attackers, insiders, and even well-meaning employees are increasingly operating below the threshold of traditional detections. Proactive threat hunting helps uncover these subtle patterns early, before sensitive information is exposed or exfiltrated. Many organisations are adopting specialised email and cloud-security controls for exactly this reason: reactive tools simply cannot keep up with the sophistication and subtlety of modern data risks.

By identifying issues closer to their origin point, security teams can minimise the potential impact or even avoid harm altogether. 

Conclusion

Attackers and users are interacting with data in ways that continue to evade traditional detection tools. In some ways, this is a testament to how effective we’ve become at catching the obvious threats. But it also means our strategies must evolve to stay ahead of the quieter, more nuanced risks that centre on data. 

Proactive threat hunting supports this shift. Whether focused on system compromise or on the behaviours that place data at risk, the principle remains the same: the best defence is a good offence. Understanding how sensitive information is accessed and moved allows security teams to act earlier, faster, and with far greater clarity.

And in today’s environment, that difference is often what determines whether an incident becomes a headline or just another day of good defence.

KAREN JOY BACUDO

Finance Editor

Financial planning firms are increasing investment in technology, according to new research from Saltus Partnership Programme and L.E.K. Consulting. The study found 42% of firms are using technology investment to manage growth and regulatory demands.

That is up from 35% in the previous survey and reflects a broader shift in how firms allocate resources amid rising compliance pressures and day-to-day operational demands.

The Financial Planning Growth Index is based on a survey of 216 senior figures at financial planning firms of different sizes. Conducted before the recent escalation in geopolitical tensions, it also found broad confidence in business performance, with 74% of respondents saying they were confident about increasing revenues this year.

That confidence appears to be feeding into spending plans. A quarter of firms said improving operational efficiency was among their top three business priorities over the next one to three years, up from 22% in the previous survey, while 8% named digital transformation as a key priority.

The data suggest firms are focusing less on headline technology projects and more on practical changes to systems and workflows. Over the next one to three years, 34% said they planned to upgrade existing systems, while 24% intended to introduce new financial planning tools.

Smaller shares identified more specific areas for investment. Some 8% said they planned to invest in data analytics, and 7% were considering launching their own app or client portal.

The research also pointed to changes in how firms are organising work as they expand. Around 22% said they were spending less time on sector events, while 20% reported increasing their use of paraplanners.

These shifts suggest advisers are trying to devote more time to serving clients and managing business growth, rather than relying on traditional networking. They also show that firms are considering technology investment alongside changes to staffing and operating models, rather than in isolation.

Investment focus

For many firms, the emphasis appears to be on replacing or improving core systems already in place, rather than making large-scale bets on entirely new digital services. Upgrades to existing platforms were the most widely cited area of planned spending, pointing to a market still dealing with legacy processes and fragmented systems.

New planning tools ranked second, indicating that firms are also looking at software that could affect how advisers assess client needs, prepare recommendations and manage ongoing relationships. The lower figures for analytics and client-facing apps suggest that internal processes remain the more immediate concern for most respondents.

The findings come as financial planning firms face pressure to grow revenue while meeting tighter expectations around governance, documentation and oversight. Firms are increasingly presenting technology spending as a way to protect margins while handling those demands.

“Our research uncovers a clear direction of travel when it comes to investment in technology. We have seen first hand how modern technology can enhance the delivery of financial advice, to the benefit of firms and clients alike, and it is encouraging to see that so many firms are not only planning to increase their investment, but also have a clear strategy for doing so. This is testament to the resilience of the sector, which continues to demonstrate its ability to innovate and provide the best possible service to clients,” said Nick Heath, Head of Relationship Management at the Saltus Partnership Programme.

Strategic shift

The pattern of responses indicates that firms are becoming more deliberate about where and why they spend on technology. Instead of viewing digital tools as a separate workstream, many appear to tie investment decisions to profitability, workflow efficiency, and regulatory requirements.

That matters in a market where firms vary widely in size, ownership structure and operational maturity. Larger groups may have more room to fund upgrades or roll out new systems, while smaller firms often need to be selective about where spending will have the quickest operational effect.

“As the speed at which technology is advancing shows no sign of slowing, firms of all sizes cannot afford to be left behind. We are witnessing an important shift, however, where firms are treating investment in technology more strategically. By taking a long-term view, assessing the full suite of options available and setting clear guardrails, firms will be best placed to navigate the transition and unlock tangible value,” Bronswe Cheung, Partner at L.E.K. Consulting, said.