October marks Cybersecurity Awareness Month, a time to recognise the shared responsibility we all have in protecting the systems, data, and infrastructure that power our world. This year’s theme, “Building a Cyber Strong America,” highlights the importance of strengthening the digital foundations that support innovation, resilience, and trust.

At XPS, cybersecurity is embedded into every transformation we deliver, from developing secure cloud architectures to implementing robust data governance frameworks. To mark the occasion, we spoke with Scott Cook, Senior Director, Commercial, to explore how cybersecurity continues to evolve, the challenges organisations face, and how businesses can build secure foundations for confident growth.

How have you seen cybersecurity evolve as part of wider digital transformation projects?

Cybersecurity has changed completely in the last few years. It is no longer just about protecting systems or meeting compliance requirements. It is about protecting reputation, trust, and the confidence of customers, partners, and shareholders. When a public breach occurs, the technology can usually be repaired, but rebuilding trust takes far longer. As businesses become more connected and data-driven, cybersecurity has become a core part of how organisations demonstrate reliability and resilience. While not every company has yet acknowledged it, cyber is now a significant enterprise risk factor and should be treated accordingly.

What are some of the most common challenges organisations face when trying to strengthen their cybersecurity frameworks?

The biggest challenge is often underinvestment. Many organisations recognise the risk but struggle to prioritise funding until after an incident occurs. Cybersecurity can compete with other business priorities, which makes it harder to secure sustained investment in resilience. The second issue is the presence of silos between IT, operations, and leadership. When ownership of cyber risk is not clearly defined, visibility and accountability suffer. Finally, there is still too much focus on prevention and not enough on recovery. The reality is that breaches will happen, so the question becomes how quickly and effectively a business can respond and return to normal operations. The organisations that perform best treat recovery as a business continuity issue, not just a technical one.

Many organisations struggle to balance security with innovation. How does XPS work with clients to ensure cybersecurity becomes an enabler rather than a barrier to progress?

We help clients achieve that balance by providing independent assurance around their SecOps and cyber defence systems. Our focus is to strengthen what already exists through external assessment, offensive testing, and ongoing threat simulation. These measures often reveal vulnerabilities that busy internal teams simply do not have the capacity to find.

Technology is evolving quickly, and hackers are moving just as fast. With the growth of data, AI, and connected systems across IT, OT, and IoT, the attack surface keeps expanding. In this environment, cyber recovery acts as an insurance policy. The financial and reputational damage from a public breach can be far greater than the cost of being prepared.

We help clients build strategic recovery playbooks that enable them to respond decisively and return safely to minimum viable business operations. When resilience is built in from the start, cybersecurity becomes a foundation for progress rather than a barrier to it.

Why is it important for cybersecurity strategies to draw on lessons and experience from different industries?

Every industry faces similar threats but experiences them in different ways, which means the lessons learned in one sector often strengthen another. For example, the regulatory precision of life sciences, the operational complexity of manufacturing, and the data sensitivity of financial services each bring different perspectives on how to build resilience and control risk. Drawing from multiple sectors allows us to design security strategies that are both compliant and adaptable. It helps organisations stay ahead of emerging threats and ensures that protection extends beyond technology into the wider business model.

How can leadership teams strengthen a culture of cybersecurity that protects the business while still encouraging innovation and agility?

It starts with visible leadership and clear accountability. When executives treat cybersecurity as part of the company’s risk and reputation framework, it naturally becomes everyone’s responsibility. The most successful organisations make secure behaviour part of daily decision-making rather than a one-off awareness campaign. They invest in training, reward transparency, and create an environment where issues can be raised early without blame. This openness builds trust and confidence across teams, allowing innovation to move faster because people know the right guardrails are in place. In practice, a strong culture of cybersecurity protects creativity rather than limiting it, but it takes intentionality and direction from the top.