{"id":205,"date":"2026-04-27T17:24:09","date_gmt":"2026-04-27T16:24:09","guid":{"rendered":"https:\/\/www.cardonet.co.uk\/insights\/?p=205"},"modified":"2026-04-27T17:24:13","modified_gmt":"2026-04-27T16:24:13","slug":"cyber-security-product-of-operational-excellence","status":"publish","type":"post","link":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/","title":{"rendered":"Cybersecurity: operational excellence, not tools, ensure protection"},"content":{"rendered":"\n<p>If security were simply about fancy tools, UK organisations would be immune to high levels of disruption from relatively routine cyber incidents. Spending on security technology is on the rise but so (as the UK government\u2019s latest\u00a0<a href=\"https:\/\/www.gov.uk\/government\/statistics\/cyber-security-breaches-survey-2025\/cyber-security-breaches-survey-2025\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cyber Security Breaches Survey<\/a>\u00a0makes clear) is cybercrime. Data shows that just over four in ten UK businesses \u2013 and a substantially higher share of medium and large firms \u2013 experienced a cyber breach or attack in the last year despite widespread investment in controls.\u00a0<strong>The key differentiator is how the organisation runs around the tools, not the tools themselves.<\/strong><\/p>\n\n\n\n<p>Imagine doing the \u201cright thing\u201d and rolling out organization-wide endpoint protection, multi\u2011factor authentication, cloud backups, and alerts set up to monitor attempts. When an admin account is compromised, key systems can be encrypted within hours, stalling operations and wasting time and money.&nbsp;<\/p>\n\n\n\n<p>No tools can counteract the impact of a weak operating model around change, access, recovery, and decision\u2011making under pressure.<\/p>\n\n\n\n<p>Guidance from the National Cyber Security Centre (NCSC), such as its\u00a0<a href=\"https:\/\/www.ncsc.gov.uk\/collection\/cyber-assessment-framework\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cyber Assessment Framework<\/a>, highlights this. NCSC\u2019s guidance on preparing for severe threats emphasises maintaining operations and rebuilding IT at pace \u2013 an operational discipline as much as a security one \u2013 in documents like its guide on\u00a0<a href=\"https:\/\/www.ncsc.gov.uk\/collection\/how-to-prepare-and-plan-your-organisations-response-to-severe-cyber-threat-a-guide-for-cni\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">how to prepare for and plan your organisation\u2019s response to severe cyber threats<\/a>. When you read these alongside the UK government\u2019s proposed\u00a0<a href=\"https:\/\/www.gov.uk\/government\/publications\/cyber-governance-code-of-practice\/cyber-governance-code-of-practice\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cyber Governance Code of Practice<\/a>, a pattern emerges: operational excellence now sits at the heart of cyber resilience.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/operational-excellence-not-cyber-tools-ensure-protection-cardonet-1024x683.png\" alt=\"\" class=\"wp-image-208\" srcset=\"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/operational-excellence-not-cyber-tools-ensure-protection-cardonet-1024x683.png 1024w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/operational-excellence-not-cyber-tools-ensure-protection-cardonet-300x200.png 300w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/operational-excellence-not-cyber-tools-ensure-protection-cardonet-768x512.png 768w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/operational-excellence-not-cyber-tools-ensure-protection-cardonet-280x187.png 280w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/operational-excellence-not-cyber-tools-ensure-protection-cardonet-1170x780.png 1170w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/operational-excellence-not-cyber-tools-ensure-protection-cardonet.png 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Why cyber risk is really an operations problem<\/strong><\/h2>\n\n\n\n<p>Look again at the fictional organisation that \u201cdid everything right\u201d from a tooling perspective but still ended up being crippled. Looked at&nbsp;it&nbsp;through an operations lens, a different diagnosis can emerge. Perhaps there was no rehearsed incident response plan, maybe change freezes were informal and inconsistently followed or vendor access could have been granted quickly and revoked slowly, if at all.&nbsp;<\/p>\n\n\n\n<p>The security stack was working as designed \u2013 the way the organisation operated around it was not.<\/p>\n\n\n\n<p>The Cyber Security Breaches Survey highlights that cyber incidents often result in tangible operational disruption \u2013 loss of network access, systems being taken offline, and dependency on third\u2011party services that themselves have been compromised. Those are not \u201cIT problems\u201d; they are business continuity failures that are felt across logistics, customer service, finance, and supply chains.&nbsp;<\/p>\n\n\n\n<p>When nationally significant cyber attacks are being recorded on a regular basis, you can no longer ask whether you can prevent every breach but whether or not your organisation can continue to operate when one lands.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How weak operational discipline destroy cyber security<\/strong><\/h2>\n\n\n\n<p>When a breach investigation finishes, public statements often talk about \u201csophisticated attackers\u201d and \u201cunprecedented threats\u201d. The internal post\u2011mortem, if honest, usually tells a much more mundane story:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An unrevoked account from a departed employee.\u00a0<\/li>\n\n\n\n<li>A supplier with broader access than anyone realised.\u00a0<\/li>\n\n\n\n<li>A critical patch delayed because of worries about short\u2011term disruption.<\/li>\n<\/ul>\n\n\n\n<p>None of those are zero\u2011day exploits, they are operational gaps.<\/p>\n\n\n\n<p>Weak operations create blind spots where no one is clearly accountable for data flows, privileged access, or third\u2011party dependencies. They reward speed over discipline, making exceptions the norm and \u201ctemporary\u201d workarounds immortal. And they prevent learning \u2013 the same issues recur because there is no structured way for incidents, near misses, and audit findings to change how the organisation actually operates.<\/p>\n\n\n\n<p>Survey data backs this up. Too many organisations still lack formal incident response processes, do not exercise their plans regularly, and treat supplier governance as a contractual add\u2011on rather than an operational discipline. Cardonet\u2019s own guidance on\u00a0<a href=\"https:\/\/www.cardonet.com\/it-security-service-business.php\" target=\"_blank\" rel=\"noreferrer noopener\">IT security services<\/a>\u00a0and\u00a0<a href=\"https:\/\/www.cardonet.com\/it-audit-services-business.php\" target=\"_blank\" rel=\"noreferrer noopener\">IT audits<\/a>\u00a0emphasises that structured assessment, monitoring, and process improvement need to sit alongside tools if you want risk to fall in a measurable way.\u00a0<\/p>\n\n\n\n<p>In other words, \u201cmore security budget\u201d is an incomplete answer; without operational excellence, you are pouring money into a leaky process.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What operational excellence in cybersecurity looks like<\/strong><\/h2>\n\n\n\n<p>Operational excellence in cybersecurity is about how your organisation behaves on a daily basis.&nbsp;<\/p>\n\n\n\n<p>At a practical level, organisations that treat cyber security as a product of operations share a set of characteristics. They:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Have documented incident response plans tied directly to their essential business functions, and those plans are regularly exercised, as per NCSC\u2019s guidance on\u00a0<a href=\"https:\/\/www.ncsc.gov.uk\/collection\/cyber-assessment-framework\/caf-objective-d\/principle-d1-response-and-recovery-planning\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">response and recovery planning<\/a>.\u00a0<\/li>\n\n\n\n<li>Understand which systems and processes are truly mission\u2011critical and have engineered \u201csafe degradation\u201d paths so they can run in a reduced but controlled mode during an incident.\u00a0<\/li>\n\n\n\n<li>Manage supplier relationships on the assumption that third\u2011party failure is inevitable and design both contracts and technical integration accordingly.<\/li>\n<\/ul>\n\n\n\n<p>Seen through that lens,&nbsp;cyber&nbsp;security stops being a defensive tax on innovation and becomes a performance discipline. Habits that reduce cyber risk (ownership, processes, responses, and learning) also cut operational waste, downtime, and rework.&nbsp;<\/p>\n\n\n\n<p>If you drive operational excellence you will find your&nbsp;cyber&nbsp;security metrics&nbsp;improve&nbsp;as a side effect because they are simply another way of measuring how well you run the business.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Building a\u00a0cyber\u00a0security\u2011first operating model step by step<\/strong><\/h2>\n\n\n\n<p>If you accept that&nbsp;cyber&nbsp;security outcomes are shaped by operations, the natural question is what to change first. For most organisations, the answer is not a wholesale redesign of their operating model but a sequence of deliberate, executable steps that bring&nbsp;cyber&nbsp;security and operations closer together.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Align accountability.<\/strong>\u00a0Cyber\u00a0security and operations leaders should share responsibility for key resilience metrics rather than operating on parallel scorecards. Decisions to bypass a control for short\u2011term convenience must be recognised as a risk to both\u00a0cyber\u00a0security and operational performance.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step1-cardonet-1024x683.png\" alt=\"\" class=\"wp-image-212\" srcset=\"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step1-cardonet-1024x683.png 1024w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step1-cardonet-300x200.png 300w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step1-cardonet-768x512.png 768w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step1-cardonet-280x187.png 280w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step1-cardonet-1170x780.png 1170w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step1-cardonet.png 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>2. Industrialise incident preparation.<\/strong>\u00a0Use widely available guidance to build or refine a documented incident response plan that covers the full lifecycle (detection, containment, communication, recovery, and lessons learned) and then schedule realistic exercises, at least annually, which involve operations, communications, and supplier management teams, not just IT. These should be designed to stress manual workarounds and offline plans for when core systems are unavailable.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step2-cardonet-1-1024x683.png\" alt=\"\" class=\"wp-image-211\" srcset=\"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step2-cardonet-1-1024x683.png 1024w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step2-cardonet-1-300x200.png 300w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step2-cardonet-1-768x512.png 768w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step2-cardonet-1-280x187.png 280w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step2-cardonet-1-1170x780.png 1170w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step2-cardonet-1.png 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>3. <strong>Harden the high\u2011leverage routines.<\/strong>\u00a0Focus on the operational processes that most strongly influence risk: joiner\u2011mover\u2011leaver workflows, privileged access reviews, change approvals for critical systems, and the way you onboard and monitor third parties.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step3-cardonet-1024x683.png\" alt=\"\" class=\"wp-image-210\" srcset=\"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step3-cardonet-1024x683.png 1024w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step3-cardonet-300x200.png 300w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step3-cardonet-768x512.png 768w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step3-cardonet-280x187.png 280w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step3-cardonet-1170x780.png 1170w, https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/building-cyber-security-operating-model-step3-cardonet.png 1200w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>4. <strong>Embed learning into operations, not just\u00a0cyber\u00a0security.<\/strong>\u00a0After incidents and major near misses, run reviews that explicitly examine both technical and operational contributors \u2013 how decisions were made, how information flowed, where processes broke down \u2013 and then change how the organisation actually works. The NCSC\u2019s frameworks place as much emphasis on lessons learned as on initial response. Over time, this turns security from a project into a culture.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How to measure\u00a0cyber\u00a0security as an operational outcome<\/strong><\/h2>\n\n\n\n<p>If&nbsp;cyber&nbsp;security is a product of operational excellence, you need a scoreboard that reflects that reality. Traditional metrics like the number of blocked attacks or vulnerability counts have their place, but they do not tell you how well your organisation will survive the incident that gets through.&nbsp;<\/p>\n\n\n\n<p>Boards and leadership teams need a set of indicators that connect cyber resilience directly to operational performance.<\/p>\n\n\n\n<p>Some of these measures are straightforward.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>How long does it take you to detect and contain an incident, and how does that compare between exercises and real events.\u00a0<\/li>\n\n\n\n<li>How often do you rehearse your incident plans with the people who will actually be in the room on the day.\u00a0<\/li>\n\n\n\n<li>What proportion of high\u2011risk audit findings are closed on time, and how many trigger changes to operational procedures, not just technical configurations.\u00a0<\/li>\n<\/ul>\n\n\n\n<p>These are operational metrics wearing a&nbsp;cyber&nbsp;security badge.<\/p>\n\n\n\n<p>Others are explicitly business\u2011focused. The breaches survey notes that incidents frequently result in network downtime, compromised websites, and loss of access to third\u2011party services, all of which can be expressed as lost revenue, delayed deliveries, or reputational harm.&nbsp;<\/p>\n\n\n\n<p>Tracking the frequency, duration, and business impact of these disruptions over time, and tying improvements back to specific changes in operational practice, gives leaders a concrete way to see whether investment in operational excellence is paying off in resilience.<\/p>\n\n\n\n<p>From a services perspective, this is also where a partner like Cardonet can help you join the dots. By combining security assessments, managed monitoring, and\u00a0<a href=\"https:\/\/www.cardonet.com\/it-strategy-advice-business.php\" target=\"_blank\" rel=\"noreferrer noopener\">IT strategy advice<\/a>\u00a0into a coherent view of how technology, process, and operations interact in your business.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Why this matters for your business<\/strong><\/h2>\n\n\n\n<p>Treating&nbsp;cyber&nbsp;security as an operational outcome changes how you allocate energy, not just money.&nbsp;<\/p>\n\n\n\n<p>It moves difficult conversations out of the budget cycle and into the routines that shape culture and aligns you with where UK policy is heading.&nbsp;<\/p>\n\n\n\n<p>From the Cyber Governance Code of Practice to NCSC guidance on severe threats, the thread is consistent: regulators and policymakers expect cyber to be embedded into business continuity, supply\u2011chain management, and everyday decision\u2011making.&nbsp;<\/p>\n\n\n\n<p>Organisations that can demonstrate that integration, with evidence of rehearsed plans, clear ownership, and measurable improvements, will find it easier to build trust with customers, partners, and insurers.<\/p>\n\n\n\n<p>From where I sit, the most resilient organisations in the next few years will not necessarily be the ones with the most advanced tools. They will be the ones that have done the hard operational work, aligning leadership, rehearsing response, hardening key processes, and learning fast when things go wrong.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Next steps: Protecting your business<\/strong><\/h2>\n\n\n\n<p>If this has landed a little too close to home, resist the urge to buy another product first. Start by mapping one recent incident, near miss, or audit finding all the way back to the operational routines that made it possible, then change those routines and test them.<\/p>\n\n\n\n<p>A practical way to accelerate that work is to bring&nbsp;cyber&nbsp;security and operations leaders into the same room for a structured review.&nbsp;<\/p>\n\n\n\n<p>Ask Cardonet to run a joint security and operations review that maps your incident response, change management, and vendor processes against current UK cyber guidance. You will come away with a focused plan for strengthening resilience where it matters most.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If security were simply about fancy tools, UK organisations would be immune to high levels of disruption from relatively routine cyber incidents. Spending on security technology is on the rise but so (as the UK government\u2019s latest\u00a0Cyber Security Breaches Survey\u00a0makes clear) is cybercrime. Data shows that just over four in ten UK businesses \u2013 and<\/p>\n","protected":false},"author":7,"featured_media":209,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"class_list":["post-205","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-ssecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Why cyber security is a product of operational excellence<\/title>\n<meta name=\"description\" content=\"Treat cybersecurity as an outcome of operational excellence, improving resilience by fixing the processes that fail long before the tools do.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why cyber security is a product of operational excellence\" \/>\n<meta property=\"og:description\" content=\"Treat cybersecurity as an outcome of operational excellence, improving resilience by fixing the processes that fail long before the tools do.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/\" \/>\n<meta property=\"og:site_name\" content=\"Insight\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Cardonet\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-27T16:24:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-27T16:24:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/operational-excellence-creates-cyber-security-protection-cardonet.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"334\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Sagi Saltoun\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cardonetit\" \/>\n<meta name=\"twitter:site\" content=\"@cardonetit\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sagi Saltoun\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why cyber security is a product of operational excellence","description":"Treat cybersecurity as an outcome of operational excellence, improving resilience by fixing the processes that fail long before the tools do.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/","og_locale":"en_GB","og_type":"article","og_title":"Why cyber security is a product of operational excellence","og_description":"Treat cybersecurity as an outcome of operational excellence, improving resilience by fixing the processes that fail long before the tools do.","og_url":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/","og_site_name":"Insight","article_publisher":"https:\/\/www.facebook.com\/Cardonet","article_published_time":"2026-04-27T16:24:09+00:00","article_modified_time":"2026-04-27T16:24:13+00:00","og_image":[{"width":600,"height":334,"url":"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/operational-excellence-creates-cyber-security-protection-cardonet.png","type":"image\/png"}],"author":"Sagi Saltoun","twitter_card":"summary_large_image","twitter_creator":"@cardonetit","twitter_site":"@cardonetit","twitter_misc":{"Written by":"Sagi Saltoun","Estimated reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/#article","isPartOf":{"@id":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/"},"author":{"name":"Sagi Saltoun","@id":"https:\/\/www.cardonet.co.uk\/insights\/#\/schema\/person\/5c01d753196e749e64992a066f210d88"},"headline":"Cybersecurity: operational excellence, not tools, ensure protection","datePublished":"2026-04-27T16:24:09+00:00","dateModified":"2026-04-27T16:24:13+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/"},"wordCount":1691,"commentCount":0,"publisher":{"@id":"https:\/\/www.cardonet.co.uk\/insights\/#organization"},"image":{"@id":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/operational-excellence-creates-cyber-security-protection-cardonet.png","articleSection":["Cyber Security"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/","url":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/","name":"Why cyber security is a product of operational excellence","isPartOf":{"@id":"https:\/\/www.cardonet.co.uk\/insights\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/#primaryimage"},"image":{"@id":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/operational-excellence-creates-cyber-security-protection-cardonet.png","datePublished":"2026-04-27T16:24:09+00:00","dateModified":"2026-04-27T16:24:13+00:00","description":"Treat cybersecurity as an outcome of operational excellence, improving resilience by fixing the processes that fail long before the tools do.","breadcrumb":{"@id":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/#primaryimage","url":"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/operational-excellence-creates-cyber-security-protection-cardonet.png","contentUrl":"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2026\/04\/operational-excellence-creates-cyber-security-protection-cardonet.png","width":600,"height":334,"caption":"operational excellence creates cyber security protection"},{"@type":"BreadcrumbList","@id":"https:\/\/www.cardonet.co.uk\/insights\/cyber-security-product-of-operational-excellence\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cardonet.co.uk\/insights\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity: operational excellence, not tools, ensure protection"}]},{"@type":"WebSite","@id":"https:\/\/www.cardonet.co.uk\/insights\/#website","url":"https:\/\/www.cardonet.co.uk\/insights\/","name":"Insight","description":"IT Services from Cardonet","publisher":{"@id":"https:\/\/www.cardonet.co.uk\/insights\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cardonet.co.uk\/insights\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.cardonet.co.uk\/insights\/#organization","name":"Cardonet IT Support","url":"https:\/\/www.cardonet.co.uk\/insights\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.cardonet.co.uk\/insights\/#\/schema\/logo\/image\/","url":"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2022\/06\/cardonet-it-support-logo.svg","contentUrl":"https:\/\/www.cardonet.co.uk\/insights\/wp-content\/uploads\/2022\/06\/cardonet-it-support-logo.svg","width":1,"height":1,"caption":"Cardonet IT Support"},"image":{"@id":"https:\/\/www.cardonet.co.uk\/insights\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Cardonet","https:\/\/x.com\/cardonetit","https:\/\/www.linkedin.com\/company\/cardonet"]},{"@type":"Person","@id":"https:\/\/www.cardonet.co.uk\/insights\/#\/schema\/person\/5c01d753196e749e64992a066f210d88","name":"Sagi Saltoun","sameAs":["http:\/\/www.cardonet.com"]}]}},"_links":{"self":[{"href":"https:\/\/www.cardonet.co.uk\/insights\/wp-json\/wp\/v2\/posts\/205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cardonet.co.uk\/insights\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cardonet.co.uk\/insights\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cardonet.co.uk\/insights\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cardonet.co.uk\/insights\/wp-json\/wp\/v2\/comments?post=205"}],"version-history":[{"count":3,"href":"https:\/\/www.cardonet.co.uk\/insights\/wp-json\/wp\/v2\/posts\/205\/revisions"}],"predecessor-version":[{"id":215,"href":"https:\/\/www.cardonet.co.uk\/insights\/wp-json\/wp\/v2\/posts\/205\/revisions\/215"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cardonet.co.uk\/insights\/wp-json\/wp\/v2\/media\/209"}],"wp:attachment":[{"href":"https:\/\/www.cardonet.co.uk\/insights\/wp-json\/wp\/v2\/media?parent=205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cardonet.co.uk\/insights\/wp-json\/wp\/v2\/categories?post=205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}