Cybersecurity Workshop & Networking Social - DiSH - Manchester- 01/04/26

We'll discuss common threats, best practices and the importance of a security culture. An opportunity to take away some crucial tips that can safeguard you or your business while networking with like minded people.

Cybersecurity Workshop - Oldham College - 27/02/26

Join us to discuss some high profile UK cyber attacks and how you can safeguard yourself or your business from similar attacks. We'll also discuss the cyber resilience bill and what it means for you. 

Free Cybersecurity Workshop for businesses in The North West

This is a free two hour cybersecurity fundamentals workshop delivered in partnership with Oldham College for businesses across the North West. The session will take place at the Oldham College Innovation Hub on 27 January 2026 from 10am to 12pm.

Click below to secure your free ticket.

Palantir and the NHS: Who Really Controls the Data

A US company built for intelligence and battlefield decision making is now shaping NHS data systems. Are the safeguards enough?

20/12/25 - written by Sham Chohan

Palantir is not an unfamiliar name in government circles. In the United States, the company is best known for providing data platforms to defence, intelligence and law enforcement agencies. Its technology has supported military operations, logistics and intelligence analysis in environments where speed, advantage and control of information are critical.

That background matters.

Because Palantir is now operating inside the UK public sector, most notably through its involvement in the NHS Federated Data Platform. A system intended to connect and analyse health data across the NHS at national scale.

The official assurances are clear. NHS England states that the platform is designed by the NHS, that Palantir acts only as a data processor, and that patient data remains under UK control and UK law. Safeguards, audits and exit clauses are cited as protections.

On the surface, this sounds reassuring.

But cybersecurity is not just about stated policy. It is about incentives, leverage and who ultimately holds power when systems become embedded.

Palantir Technologies is a US headquartered, publicly traded company. It operates under US jurisdiction and answers to shareholders. Its core capabilities were developed in national security and military contexts, not public healthcare. That does not imply malicious intent, but it does shape how systems are designed, optimised and scaled.

A reasonable question is whether platforms built for intelligence and battlefield decision making translate cleanly into civilian healthcare environments. Systems designed to surface insights quickly and correlate large datasets inevitably influence how decisions are made, even when the data itself remains protected.

Trust, in this context, is not about believing a company will behave responsibly. It is about whether governance structures are strong enough to constrain capability over time, particularly once dependency forms.

There is also a less discussed issue around influence.

Palantir’s growth in government markets has involved recruiting individuals with deep experience inside public institutions. People who understand procurement processes, policy language and internal decision making. This approach is not unique to Palantir and it is not inherently unlawful. But it is precisely why many public sector roles include post employment restrictions.

Institutional knowledge carries weight.
When that knowledge moves into the private sector, it can quietly shape outcomes without breaching any formal rules.

If this strategy has been effective elsewhere, it is fair to ask what safeguards exist to ensure the same dynamics do not emerge in the UK public sector over time.

At its core, this is about incentives.

Palantir is not a public service. It is a private company whose legal duty is to generate value for shareholders. Long term contracts, deep integration and operational dependency are commercially attractive outcomes. That does not mean data will be misused. It does mean that exit becomes harder the longer systems are embedded.

The question is not whether Palantir can be trusted today.

The question is whether the UK has built sufficient oversight, control and independence to remain in charge if trust is ever tested.

That distinction matters.

Why Being in the UK Makes You a Cyber Target

 

The UK’s services led economy makes everyday people part of the cyber attack surface.

20/12/25 - written by Sham Chohan

 

The UK is widely regarded as one of the world’s most important financial and professional services hubs. That position brings influence and economic strength, but it also creates a form of exposure that is rarely discussed outside specialist circles.

The UK does not generate the majority of its revenue by manufacturing goods at scale anymore. That era ended a long time ago. Today, much of the country’s economic value comes from services such as finance, insurance, legal work, consulting, digital platforms, and outsourced operations. These sectors are built around information rather than physical production.

As a result, the UK holds large volumes of high value data across multiple industries. Financial information, legal and commercial intelligence, healthcare records, research data, intellectual property, identity information, and access to global systems are all concentrated within UK organisations. Much of this data is interconnected, shared across partners, and relied upon beyond national borders.

From a global perspective, that makes the UK an attractive target.

This exposure is not limited to criminal groups seeking financial gain. Foreign states also have a long standing interest in accessing data and systems in services driven economies. The objective is not always disruption. In many cases it is visibility, leverage, or sustained access over time.

Modern cyber operations rarely focus on direct attacks against heavily protected government systems. Those routes are noisy and difficult to maintain. Instead, attackers look for indirect access points. Employees, contractors, suppliers, and third parties often provide easier paths into larger environments.

This is where ordinary people become relevant.

Anyone living and working in the UK who uses digital services or has access to business systems forms part of that wider ecosystem. Not because they are individually important, but because their access may connect to something else. A compromised account does not need to hold sensitive information itself to be useful. It only needs to provide a route closer to more valuable systems or data.

This approach relies on probability rather than precision. Large numbers of low effort attempts are made in the expectation that some will succeed. Most fail. A small number do not. Over time, those successes accumulate into meaningful access.

That is why many cyber attacks appear basic or repetitive. Generic emails, simple scams, and repeated contact are not signs of poor capability. They are signs of scale. Coverage matters more than sophistication.

For foreign states, the UK is particularly attractive because access gained here often extends beyond a single organisation. UK businesses sit at the centre of global finance, professional services, and international supply chains. Entry into one environment can offer insight across many others.

This is not about alarmism or assigning blame. It is about recognising how the UK’s economic model has reshaped where risk now sits.

In a country built on services, information, and connectivity, cyber risk is no longer confined to secure buildings or specialist teams. It exists wherever access exists. That includes ordinary people going about their working lives.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.