Cybersecurity leaders aren’t struggling with visibility as much as they are with prioritisation.

With cloud-native apps, identity, SaaS, OT, and more, the attack surface today is much broader than the one traditional programs were designed to address. The consequence is all too familiar: thousands of alerts, disjointed insights, and still, no clear answer to what should be an obvious question: what matters most to the business today?

This is where exposure management and AI-driven exposure assessment enter the picture, with the operational model being Continuous Threat Exposure Management (CTEM).

Why CTEM matters

What problem is CTEM solving?

Traditional security tools are very good at identifying vulnerabilities, but not as good at identifying those vulnerabilities that are actually exploitable and have a significant impact. This issue has become more pronounced as the environment becomes more distributed and interconnected.

CTEM provides a new approach that is continuous and risk-based. It changes the paradigm from detection to exposure. Rather than relying on regular scans and scores that do not change over time, it’s all about the process of discovery, analysis, validation, and action.

At a high level, the benefits of CTEM are:

• The ability to focus on what is actually reachable and exploitable
• A way to focus on business risk rather than technical severity
• Having continuous risk assessments as environments change

The fundamental shift is from “what is vulnerable?” to “what could actually be used against us?”

The five stages of a CTEM program

How do you operationalise exposure management?

CTEM is more of a lifecycle than a tool. Like any good lifecycle, it is iterative.

It begins with scoping. Here, businesses identify what matters most. What are critical assets? What are key business services? What are systems with financial or regulatory implications? Without scoping, prioritisation is soon noise.

Discovery is next, and it is far more complicated than it is made out to be. Environments are in motion. Assets are spinning up and down. Identities are changing. And new risks are emerging every day. Maintaining an inventory of what is in IT, in the cloud, and beyond is foundational.

Once exposures have been defined, prioritisation is the key challenge. This is where context is important. Prioritisation that is effective takes into account:

• Exploit availability and attacker activity
• Asset criticality and business function
• Network exposure and identity access paths

This is where companies go beyond general severity ratings and into something much more actionable.

The fourth stage is validation. This is where realism is introduced. It answers whether this exposure is actually exploitable. This is done by examining attack paths and simulating attacks.

Lastly, there is mobilisation. This is where action is taken. It is where there is integration with workflows, assigning action items, and tracking progress in a measurable way.

Building unified exposure visibility across the attack surface

Why is visibility still such a challenge?

Most organisations have made significant investments in various tools, and the problem is that the visibility is fragmented. Cloud security, identity security, endpoint security, and network security are usually implemented in parallel and generate their own data and priorities.

The problem is that risks don’t exist in silos. Risks are the result of interactions.

Exposure visibility gives the ability to bring these domains together.

• How are the vulnerabilities related between the environments
• How does the identity and access provide unintended pathways
• How does the combination of the weaknesses create real attack opportunities

For example, the configuration of the workload in the cloud could be considered low risk. However, when the permissions are excessive and the workload is exposed, the risk is more obvious.

The connections between the risks are not always obvious unless the cross-domain exposure is considered.

Continuous discovery across a dynamic attack surface

Why isn’t periodic scanning enough anymore?

Because the environment doesn’t sit still.

The nature of cloud-based workloads is ephemeral. Applications are constantly being updated. User roles and permissions are in constant flux. In this environment, periodic assessment is plagued by blind spots, where snapshots are obsolete almost as soon as they’re taken.

Continuous discovery solves this problem by providing real-time visibility into your environment. This is because we recognise that your attack surface is constantly changing, and your risk assessment must follow.

This is particularly critical in:

• Cloud-native environments
• Hybrid infrastructures
• Businesses that are adopting risk-based cloud security models

With no continuous insight, entities are making decisions based on incomplete data.

Prioritising cyber risk with business context

How do you decide what to fix first?

It is in this area that security software often falls short, as the sheer number of vulnerabilities far outweighs the number of ways to address them.

It is in this area that organisations are increasingly turning to AI to help address the problem. It is able to do so by correlating data from different domains, to:

• Identify potential paths of attack
• Uncover vulnerabilities that are actively being exploited
• Correlate technical risks to business risks

This is where the real value of such an approach comes in – not only is it more efficient, but it is also more understandable.

From vulnerability scans to continuous, contextualised exposure insight

What is the role of traditional vulnerability management today?

Vulnerability scanning is still a fundamental technique. Tools like Nessus are very good at finding known weaknesses, misconfigurations, and patch problems.

Scanning, however, is no longer sufficient on its own.

A scanner, by itself, will tell you what you have. It won’t tell you:

• Is the vulnerability reachable?
• How does it get exploited?
• What are the business implications?

As part of a CTEM-based approach, vulnerability information becomes part of a larger model of exposure. It’s augmented, validated against “real world” scenarios, and weighted by relevance.

This is the evolution from simple data collection to decision support.

Integrating CTEM with existing security workflows

How do you make CTEM actionable?

Insight is useless if action is not taken. This is the biggest pitfall in the implementation of cybersecurity initiatives.

The operationalisation of CTEM is the integration of CTEM into existing workflows. This includes:

• Integrating CTEM findings into existing IT and DevOps ticketing systems
• Aligning remediation activities with business priorities and ownership
• Measuring the effectiveness of remediation activities over time

Additionally, there is a need to change the way we communicate CTEM findings. This is so that the findings are communicated in a way that the business can understand.

The most successful organisations in the implementation of CTEM are those that treat the process as a shared responsibility.

The bigger shift: from reactive security to exposure reduction

Exposure management and AI-driven exposure assessment are a result of a larger shift in the world of Cybersecurity. They represent a shift from:

• Alerts to insights
• Volume to context
• Technical severity to business risk
• Periodic review to continuous assessment

This goes beyond a change in tools, to altering how we think about cyber risk.

Prioritisation will be the key differentiator

The attack surface will carry on expanding, and complexity will continue to rise. Therefore, in this environment, the ability to prioritise is going to be the key differentiator.

As organisations continue to mature their CTEM programs, they are no longer just trying to find problems. They are trying to gain a better understanding of their risk and be more proactive.

The key to success is not how many problems are discovered, but how well the risk is reduced.

This year’s Cavell Summit Europe provided us with an agenda that reflected the real pressures service providers are now facing today. Senior leaders within the cloud communications ecosystem are now tasked with adapting to structural changes in 2026 and beyond.

What’s key to remember is that these aren’t theoretical futures. Practical shifts are already underway, and the disruption that follows is structural, not cyclical.

Matt Townend’s keynote address established the framework for everything that followed. The focus was on how factors such as pricing pressure, changing buyer behaviour, AI, security, and sovereignty are no longer temporary challenges.

Instead, they form a permanent operating environment for service providers trying to protect margin, while continuing to grow.

It resonates with the wider conversations being held in the wider service provider space. The reality is that nobody is asking whether the market is changing. Now, it’s how to effectively adapt to conditions without increasing complexity or risk.

Global platforms and marketplaces are also reshaping buying journeys. There’s now extra attention being paid to these areas, especially as communications services are no longer sold in isolation. Solutions are now being embedded into CRM, CX, and productivity ecosystems.

Platforms, such as HubSpot, are beginning to act as commercial entry points for telco services. Salesforce’s own move into digitally purchased contact centre capabilities also signals a wider shift in how voice and CX are both packaged and consumed.

What does this mean for service providers? It’s a material change, where customers increasingly expect communications to ‘fit’ into existing platforms. Buying journeys are becoming shorter, more digital, and less telco‑centric, and differentiation is shifting away from features toward integration and enablement.

All this change is being accompanied with the ever-present issues of sovereignty and regulation. Data sovereignty, especially in the current geopolitical climate, is now a key topic of discussion among service providers. A fragmented European market only makes the challenge more pressing.

Service providers, however, need to have a pragmatic mindset, rather than an alarmist one.

SMBs don’t see sovereignty as a primary buying driver. The use of a large hyperscaler cloud is far more relevant to these smaller businesses, and sovereignty is materially relevant to only a handful of enterprises. If these businesses operate in a highly regulated environment like government or defence, data sovereignty is far more important to them.

The growing tension between emerging European guidance and existing frameworks, such as the US CLOUD Act of 2018, is also creating confusion. When operating across jurisdictions, providers must navigate between contradicting regulations.

So, what should service providers do? The key thing is not to over‑rotate on sovereignty as a sales message. They must understand which customer segments genuinely require it and design their propositions accordingly.

For anyone who attended this year’s Summit, they would already know that the most valuable insights always come from conversations throughout the day.

A recurring theme was how quickly global ambition exposes operational friction. Selling voice internationally involves far more than coverage, such as local licencing requirements and numbering regulations.

It’s something Gamma Communications has seen with the recent expansion into APAC. Providers, for example, must hold specific licences simply to issue local numbers. It’s both a cost and complexity burden that many service providers underestimate, until they attempt to scale.

This is exactly where global enablement models become commercially important. Those foundations allow service providers to extend reach without taking on disproportionate, unnecessary regulatory or operational risk.

Complexity around global regulations is giving service providers more to think about. In Singapore, for example, regulators are now getting tougher on sub-allocation and whether numbers are being provided without a licence. Providers need an SBO licence or at least work with a vendor that already has one.

Gamma’s own tri-party model in the APAC region helps to remove those obligations. What’s vital to remember is that no single provider can solve global communications alone. There are numerous factors providers need to consider when it comes to long-term growth.

Through strong partner ecosystems, shared operational responsibility, and models that allow international scalability, a foundation can be established. It reinforces a broader industry shift from transactional resale models towards a partnership that builds towards success.

The priorities service providers need to focus on all gravitate around building sustainable growth in 2026 and beyond. That can only be achieved by reducing friction for both partners and customers and avoiding any needless complexity.

Disruption will happen at the baseline – it’s never just a phase. If models are designed for platform-led buying, and there’s clear guidelines around sovereignty, then global growth will follow.

When a trusting partnership is combined with shared infrastructure, this becomes a reality rather than just another pipe dream.

If you’re ready to take your communications further, find out more about Gamma Communications’ service provider proposition.

Enterprise Oxfordshire is launching the High Street Summit to champion town centre businesses across the county.

The event takes place on April 16 at the Cornerstone Arts Centre in Didcot and runs from 10am to 2.30pm.

The event will include a keynote speaker on ‘The High Street is Human’, business stories, an open mic opportunity and a dedicated afternoon session to turn insight into action.

It will also feature a networking lunch to encourage collaboration among attendees.

Sarah Beal, growth hub manager at Enterprise Oxfordshire, said: “High streets remain the heartbeat of our communities, and the Helping High Streets programme has been about helping businesses adapt, grow and remain vibrant in a changing economic landscape.

“The High Street Summit event is the first of its kind for Oxfordshire, putting high street businesses at the centre, with councils and partners in a supporting role.

“Nationally, there have been a small number of high street branded gatherings, but most have focussed heavily on big structural and infrastructure issues – the Oxfordshire High Street Summit is uniquely business centred and collaboration-led in its design and content.”

The summit is open to all high street businesses in Oxfordshire, regardless of whether they have previously engaged with Enterprise Oxfordshire’s support programmes.

It marks the conclusion of the ‘Helping High Streets’ programme, a government-funded initiative to boost the prospects of businesses in high-footfall, town and city centre areas.

Although programme-specific support ended at the end of March, the summit will be a final event to bring together businesses from across the county.

Growth hubs across the wider region – of which Enterprise Oxfordshire Business is one – have also been under the spotlight following the publication of the Growth Hub Cluster Impact Report.

Covering the period from April 2020 to March 2025, the report shows the collective impact of hubs in Oxfordshire, the South Midlands, Buckinghamshire, Cambridgeshire and Peterborough, and New Anglia.

Over five years, the hubs supported 92,719 businesses, delivered 178,563 hours of support, enabled 3,934 business start-ups, and helped create 6,970 jobs while safeguarding 6,093.

They also attracted an additional £24 of funding for every £1 of core government investment and delivered £35 of economic and social value.

March also saw the launch of Enterprise Oxfordshire’s Marketplace and Celebration Event 2026, with the prestigious marketplace and awards evening set to take place on Wednesday, November 4.

Open to all eligible businesses in Oxfordshire, the awards will highlight the achievements of SMEs, innovators, and leaders who have engaged with Enterprise Oxfordshire Business since April 2022.

There are six free-to-enter categories, with an overall winner revealed on the night.

Businesses interested in attending the High Street Summit or entering the awards can find more details at www.enterpriseoxfordshirebusiness.com.