It’s 2026. Why are the basics still being missed?
In this latest article, Toro Solutions’ Directors of Cyber Security and Physical Security & Risk ask a simple but uncomfortable question: it’s 2026, so why are the basics still being missed?
Reflecting on high-profile failures, including the widely reported security lapse at the Louvre, they explore how weak passwords, inconsistent MFA, unmanaged access and overlooked physical controls continue to sit at the heart of major incidents. While organisations focus on AI, geopolitics and evolving threat actors, foundational disciplines such as access management, patching and third-party oversight are too often deferred, normalised or quietly accepted.
The piece argues that most breaches are not the result of unknown risks, but of known controls that were never fully enforced or revisited and that real progress in 2026 will depend less on chasing the next big threat and more on consistently getting the fundamentals right.
