At a Corps Security and Toro roundtable, industry leaders examined how organisations build resilience amid geopolitical tension, digital interconnectivity and misinformation and why real preparedness depends on people, communication and tested response plans, not just documented strategies.
In this latest article, Toro Solutions CEO Peter Connolly argues that many organisations are investing heavily to protect systems that are no longer the most likely source of a breach.
The greatest cyber risk now sits in the wider ecosystem of suppliers, software platforms and digital partners that businesses depend on but do not control. Drawing on recent incidents and client experience, he explains how attackers increasingly exploit trusted connections between organisations, using smaller or less mature partners as entry points into much larger networks.
As digital supply chains become more complex, cyber security can no longer be managed in isolation. Connolly makes the case that boards focusing only on internal controls are overlooking their largest attack surface, and that real resilience depends on stronger standards, better information sharing and collective accountability across the ecosystem.
In this latest article, Toro Solutions’ Directors of Cyber Security and Physical Security & Risk ask a simple but uncomfortable question: it’s 2026, so why are the basics still being missed?
Reflecting on high-profile failures, including the widely reported security lapse at the Louvre, they explore how weak passwords, inconsistent MFA, unmanaged access and overlooked physical controls continue to sit at the heart of major incidents. While organisations focus on AI, geopolitics and evolving threat actors, foundational disciplines such as access management, patching and third-party oversight are too often deferred, normalised or quietly accepted.
The piece argues that most breaches are not the result of unknown risks, but of known controls that were never fully enforced or revisited and that real progress in 2026 will depend less on chasing the next big threat and more on consistently getting the fundamentals right.
Explore third party risks and learn how to identify and manage the potential impact on your organisation’s security and operations.
Cyber security in 2026 is shaped by AI-driven attacks, identity-based risk, deepfakes, and fragile supply chains. Discover what security and risk leaders must prioritise now to strengthen resilience and recovery.
If one supplier experiences a security breach or operational failure, the impact can spread quickly through your business. That is why third party risk management is now a critical part of building organisational resilience.
