Organisations are spending more on cyber security than ever before, yet successful breaches continue to rise. This paradox took centre stage at ITC’s Cyber Summit 2025, where industry leaders gathered to confront an uncomfortable truth: our approach to security fundamentals needs radical redefinition.
The annual summit, held at London’s historic RSA House, brought together world-class experts from military intelligence, global technology, and international law enforcement to explore how organisations can strengthen their security foundations in the face of evolving threats.
The wake-up call
“If you want peace, prepare for war,” declared Lt. Gen. Sir Graeme Lamb, former director of UK Special Forces, setting the tone for the day. His military experience brought sharp focus to a critical reality: while organisations have become utterly dependent on digital systems, many remain dangerously complacent about their security.
“We are totally and utterly hanging off our digital systems,” Lamb warned, “yet through our carelessness, unwise decisions, and good nature, we risk allowing the wicked to re-arm.” This warning would prove prophetic as subsequent speakers revealed the scale of today’s threat landscape.
Understanding the battlefield
The summit revealed how traditional approaches to security are failing to match evolving threats. ITC’s Senior Presales Consultant Peter Weller challenged conventional thinking: “Are we deploying solutions before we actually understand the problem?”
Weller introduced a methodical approach to threat profiling that became a cornerstone theme throughout the day. “You can’t protect what you don’t know exists,” he emphasised, advocating for organisations to thoroughly map their digital landscape before implementing security measures.
This knowledge-first approach proved crucial when considering the next challenge: data security in an era where 90% of the world’s data has been generated in just the past two years, with volumes doubling every four years.
The data protection challenge
ITC’s Senior Cloud Security Architect Julien Seld and Chief Revenue Officer Mark Weait built on Weller’s foundation, addressing the challenge of tool proliferation in security. “Data security is not just an IT expense on the budget anymore,” Seld explained. “It’s actually an integral part of risk management and business continuity.”
They introduced a unified approach through Microsoft Purview that addresses the core challenge: gaining visibility and control over sensitive data across complex environments.
The AI evolution
Microsoft’s Chief Security Advisor Sarah Armstrong-Smith connected these themes to the next frontier: artificial intelligence. Her presentation revealed that Microsoft processes 78 trillion signals daily from across their global network, with this number growing daily with identity-based attacks now surpassing endpoints as the primary attack vector—Microsoft tracks 350 million such attacks daily, 99% involving password sprays.
“The attacks are going to get harder and harder to detect,” Armstrong-Smith warned, revealing how nation-state actors are already using AI to enhance their operations. However, she also demonstrated how Microsoft is harnessing AI defensively, reducing vulnerability patch deployment times from 90 to 45 days—a crucial advantage in an accelerating threat landscape.
The supply chain vulnerability
Building on these insights, Europol EC3 advisor Rik Ferguson illustrated how this evolution in threats is playing out in real-world attacks. The Change Healthcare breach, impacting 94% of US hospitals affecting approximately 190 million people in America, demonstrated how supply chain vulnerabilities can cascade through entire sectors. Edge devices, often overlooked in security planning, have become prime targets for attackers seeking privileged network access.
A framework for the future
Ferguson synthesized the day’s insights into five fundamental “knows” for modern cyber security:
- Know your threat model – mapping your digital landscape
- Know your enemy – understanding who targets your sector
- Know your risk appetite – making informed decisions about security investments
- Know your security posture – measuring effectiveness against threats
- Know your limits – recognising when to seek partnerships and support
The human element
As ITC marked its 30th anniversary, CEO Arno Robbertse brought the discussion full circle. “Our most valuable intelligence is not artificial,” he reminded attendees, emphasising that while technology evolves, human expertise remains crucial for interpreting threats and protecting organisations.
Securing tomorrow’s digital landscape
The summit’s message was unequivocal: the fundamentals of cyber security haven’t changed, but they must be redefined for today’s AI-powered world. This means moving beyond tool-focused approaches to develop deep understanding of our digital landscape, implementing unified protection strategies, and maintaining the crucial balance between human expertise and technological advancement.
As Lt. Gen. Lamb noted, the price of complacency in cyber security could be as devastating as it was in previous conflicts. The time to redefine and strengthen our security foundations is now.
To view the 2025 ITC Cyber Summit highlights video, click here.
For more information about ITC’s cyber security services and solutions, visit itcsecure.com.
