Secure by design: embedding protection before systems go live
Toro works with organisations to integrate Secure by Design principles across facilities, digital infrastructure, operational processes, and workforce environments.
Converged Security
Red Team engagements: seeing your organisation the way an attacker does
Rather than testing isolated controls, a red team engagement replicates how real adversaries combine cyber, physical and human attack vectors to achieve defined objectives.
Business continuity planning: preparing organisations to operate through disruption
At Toro, business continuity is treated as an operational capability rather than a compliance document.
If a black swan event happened tomorrow, would your organisation be ready?
At a Corps Security and Toro roundtable, industry leaders examined how organisations build resilience amid geopolitical tension, digital interconnectivity and misinformation and why real preparedness depends on people, communication and tested response plans, not just documented strategies.
Who actually owns risk in a converged world?
In this article, Katie Barnett, Director of Cyber Security, and Gavin Wilson, Director of Physical Security and Risk at Toro Solutions, warn that many organisations talk about convergence but stop short of true accountability.
While cyber, physical and people risks are increasingly connected, ownership of those risks often remains fragmented. Different teams manage different parts of the picture, with no single leader responsible for how those threats combine. The result is blurred accountability, slow decision-making and gaps that only become visible during an incident.
Barnett and Wilson argue that collaboration alone is not enough. Without clear authority, board-level visibility and a culture that supports joined-up thinking, risk continues to sit between functions rather than being actively managed. Convergence, they conclude, only works when someone is clearly accountable for the whole picture.
Security Without Borders – Rethinking Executive Protection in a Hyper-Exposed World
In this piece, Peter Connolly Security Without Borders: Rethinking Executive Protection in a Hyper-Exposed Worldexplores why executive protection has become a board-level issue.
With major technology firms spending tens of millions on personal security for senior leaders, Connolly argues that the threat landscape has shifted beyond the office perimeter. Today’s executives are exposed through their digital footprints, families, travel patterns and personal devices. AI-driven risks such as deepfakes, voice cloning and highly targeted phishing have made impersonation and reputational attacks far more convincing and far more damaging.
He makes the case that protection can no longer sit solely with IT. It must be converged, intelligence-led and embedded across the organisation, spanning physical security, cyber resilience, communications and culture. In a hyper-connected world, safeguarding leaders means safeguarding the business itself.
Cyber Insights 2026: Cyberwar and Rising Nation State ThreatsCyber Insights 2026: Cyberwar and Rising Nation State Threats
Peter Connolly, CEO of Toro Solutions, featured in SecurityWeek’s Cyber Insights 2026 report on cyberwar and rising nation state threats.
Quoted alongside global industry leaders, Connolly highlighted one of the biggest challenges facing organisations today: attribution. “Businesses may see the activity, but proving who is behind it often requires classified intelligence and corroboration from other sources that private firms simply do not have access to,” he said, underscoring the uncertainty that shapes response and accountability in an era of blurred lines between criminal and state-backed activity.
The piece explores how cyberwarfare is evolving, why attribution remains complex, and what this means for enterprise resilience in 2026.
Ecosystem is the biggest cyber risk
In this latest article, Toro Solutions CEO Peter Connolly argues that many organisations are investing heavily to protect systems that are no longer the most likely source of a breach.
The greatest cyber risk now sits in the wider ecosystem of suppliers, software platforms and digital partners that businesses depend on but do not control. Drawing on recent incidents and client experience, he explains how attackers increasingly exploit trusted connections between organisations, using smaller or less mature partners as entry points into much larger networks.
As digital supply chains become more complex, cyber security can no longer be managed in isolation. Connolly makes the case that boards focusing only on internal controls are overlooking their largest attack surface, and that real resilience depends on stronger standards, better information sharing and collective accountability across the ecosystem.
It’s 2026. Why are the basics still being missed?
In this latest article, Toro Solutions’ Directors of Cyber Security and Physical Security & Risk ask a simple but uncomfortable question: it’s 2026, so why are the basics still being missed?
Reflecting on high-profile failures, including the widely reported security lapse at the Louvre, they explore how weak passwords, inconsistent MFA, unmanaged access and overlooked physical controls continue to sit at the heart of major incidents. While organisations focus on AI, geopolitics and evolving threat actors, foundational disciplines such as access management, patching and third-party oversight are too often deferred, normalised or quietly accepted.
The piece argues that most breaches are not the result of unknown risks, but of known controls that were never fully enforced or revisited and that real progress in 2026 will depend less on chasing the next big threat and more on consistently getting the fundamentals right.
People not plans
In this recent press piece, Toro Solutions’ Directors of Cyber Security and Physical Security and Risk discuss why resilience is about people, not paperwork.
They argue that most organisations don’t fall short because they lack plans, but because their teams operate in silos. When cyber, physical and operational functions fail to share context early, warning signs are missed and response slows down. Convergence, they explain, isn’t about restructuring it’s about getting the right people talking before small issues turn into bigger problems.
Because when pressure hits, it’s not the plan that makes the difference, it’s how well your teams work together.
How to identify your organisation’s most critical third party risks
Explore third party risks and learn how to identify and manage the potential impact on your organisation’s security and operations.
Cyber security in 2026 – What security and risk leaders need to prepare for now
Cyber security in 2026 is shaped by AI-driven attacks, identity-based risk, deepfakes, and fragile supply chains. Discover what security and risk leaders must prioritise now to strengthen resilience and recovery.