Business
How AI is turning IoT data into actionable insights in the public sector

By Mark Gannon, Director of Client Solutions at Netcall
The use of IoT devices within the public sector is growing rapidly, presenting opportunities for greater efficiency, cost savings, and vast service improvements among a plethora of other benefits. From transportation, infrastructure and even waste management, the ability to monitor and capture data in a range of critical areas has the power to transform organisations across the sector.
Health and Social Care is one setting where IoT devices can drive real impact by significantly improving the day-to-day lives of vulnerable people. In fact, late last year, it was announced that the Glasgow City Region would receive over £3 million to deliver a Health and Social Care-focused project driven by IoT technologies, as part of wider 5G connectivity funding to make public services better. Remote sensors can be used within social housing to detect and control factors such as damp and mould whilst motion sensors can alert emergency services if a vulnerable resident has fallen – not only helping to provide better care, but enabling care to be delivered more efficiently and rapidly to those that need it.
With public sector spending under constant scrutiny, and wider budget cuts increasingly forcing those operating in the sector to achieve more with less, technology that can easily connect and exchange data from device to system, removing a number of manual workflows and processes, is proving invaluable. Taking that one step further, being able to leverage that data and turn it into actionable insights in the future is fast becoming an exciting reality.
So, what’s holding the public sector back from leveraging IoT devices in this way?
The short answer: Data.

Managing IoT-associated data adds a layer of complexity to those responsible for it. With IoT devices typically uploading data multiple times a day, analysing, and actioning the torrents of data can soon become a mammoth task.
IoT and AI: a winning combination
The application of AI alongside IoT is rapidly being recognised as a key solution to this rising data deluge. Not only can it ease the administrative burden by ensuring the IoT devices and any associated workflows are working effectively, but it can also be used to spot any trends and patterns within the device data. Insights such as these can inform longer-term solutions and decisions whilst also acting as predictive analytics to anticipate the likelihood of certain events occurring in the future.
In the case of Health and Social Care, this could mean predicting the probability of a vulnerable resident having a fall based on previous data gathered and putting preventative measures in place to reduce this. IoT wearables are another rising trend in the healthcare setting and can be used to track vital signs and detect anomalies that may need urgent attention. Meanwhile for social housing, using smart solutions including intelligent automation and IoT can help housing providers significantly reduce their risk management burden. For example, the data gained from IoT sensors in tenant homes can be used to proactively identify damp and mold risks and automate alerts.
Looking at the public sector more broadly, we could also see the combination of AI and IoT optimised services such as traffic management, waste management right through to public safety and even managing air quality. By using AI to analyse and draw insights from IoT devices, the concept of the smart city is much closer than we think. AI can use IoT sensor data alongside cameras already in position to adjust traffic signals, optimise routes and even detect incidents and alert public services. It is also expected to play a key role in managing and reducing public service energy consumption, by monitoring and controlling street lighting and other public infrastructures.
Turning insight into action
Whilst AI can take care of the initial analysis, to truly extract the value from IoT data, public sector organisations must ensure these insights are fed into the right systems and married up with the correct workflows to turn them into action.
Fortunately, with the use of application development tools such as low-code application platforms, organisations can rapidly create processes that utilise IoT and AI-driven data, connecting it to internal as well as third-party systems. These solutions move away from traditional development, which can be costly and time-consuming, and can empower broader teams to rapidly build and develop their own applications using a visual drag-and-drop interface. By doing so, organisations can quickly integrate systems and technologies to access actionable data.
As AI and IoT technology continue to advance, we can expect to see more innovative and impactful use cases in the future. Unlocking the benefits, however, will hinge on having the systems and processes in place to trigger next steps. By leveraging the tools that enable this, public sector organisations can use the data from connected devices to create powerful, proactive and dynamic services that fulfil the growing needs of its customers.
You may like
Business
Adapting compliance in a fragmented regulatory world

Rasha Abdel Jalil, Director of Financial Crime & Compliance at Eastnets, discusses the operational and strategic shifts needed to stay ahead of regulatory compliance in 2025 and beyond.
As we move through 2025, financial institutions face an unprecedented wave of regulatory change. From the EU’s Digital Operational Resilience Act (DORA) to the UK’s Basel 3.1 rollout and upcoming PSD3, the volume and velocity of new requirements are constantly reshaping how banks operate.
But it’s not just the sheer number of regulations that’s creating pressure. It’s the fragmentation and unpredictability. Jurisdictions are moving at different speeds, with overlapping deadlines and shifting expectations. Regulators are tightening controls, accelerating timelines and increasing penalties for non-compliance. And for financial compliance teams, it means navigating a landscape where the goalposts are constantly shifting.
Financial institutions must now strike a delicate balance: staying agile enough to respond to rapid regulatory shifts, while making sure their compliance frameworks are robust, scalable and future-ready.
The new regulatory compliance reality
By October of this year, financial institutions will have to navigate a dense cluster of regulatory compliance deadlines, each with its own scope, jurisdictional nuance and operational impact. From updated Common Reporting Standard (CRS) obligations, which applies to over 100 countries around the world, to Australia’s new Prudential Standard (CPS) 230 on operational risk, the scope of change is both global and granular.
Layered on top are sweeping EU regulations like the AI Act and the Instant Payments Regulation, the latter coming into force in October. These frameworks introduce new rules and redefine how institutions must manage data, risk and operational resilience, forcing financial compliance teams to juggle multiple reporting and governance requirements. A notable development is Verification of Payee (VOP), which adds a crucial layer of fraud protection for instant payments. This directly aligns with the regulator’s focus on instant payment security and compliance.
The result is a compliance environment that’s increasingly fragmented and unforgiving. In fact, 75% of compliance decision makers in Europe’s financial services sector agree that regulatory demands on their compliance teams have significantly increased over the past year. To put it simply, many are struggling to keep pace with regulatory change.
But why is it so difficult for teams to adapt?
The answer lies in a perfect storm of structural and operational challenges. In many organisations, compliance data is trapped in silos spread across departments, jurisdictions and legacy platforms. Traditional approaches – built around periodic reviews, static controls and manual processes – are no longer fit for purpose. Yet despite mounting pressure, many teams face internal resistance to changing established ways of working, which further slows progress and reinforces outdated models. Meanwhile, the pace of regulatory change continues to accelerate, customer expectations are rising and geopolitical uncertainty adds further complexity.
At the same time, institutions are facing a growing compliance talent gap. As regulatory expectations become more complex, the skills required to manage them are evolving. Yet many firms are struggling to find and retain professionals with the right mix of legal, technical and operational expertise. Experienced professionals are retiring en-masse, while nearly half of the new entrants lack the right experience needed to step into these roles effectively. And as AI tools become more central to investigative and decision-making processes, the need for technical fluency within compliance teams is growing faster than organisations can upskill. This shortage is leaving compliance teams overstretched, under-resourced and increasingly reliant on outdated tools and processes.
Therefore, in this changing environment, the question suddenly becomes how can institutions adapt?
Staying compliant in a shifting landscape
The pressure to adapt is real, but so is the opportunity. Institutions that reframe compliance as a proactive, technology-driven capability can build a more resilient and responsive foundation that’s now essential to staying ahead of regulatory change.
This begins with real-time visibility. As regulatory timelines change and expectations rise, institutions need systems that can surface compliance risks as they emerge, not weeks or months later. This means adopting tools that provide continuous monitoring, automated alerts and dynamic reporting.
But visibility alone isn’t enough. To act on insights effectively, institutions also need interoperability – the ability to unify data from across departments, jurisdictions and platforms. A modern compliance architecture must consolidate inputs from siloed systems into a unified case manager to support cross-regulatory reporting and governance. This not only improves accuracy and efficiency but also allows for faster, more coordinated responses to regulatory change.
To manage growing complexity at scale, many institutions are now turning to AI-powered compliance tools. Traditional rules-based systems often struggle to distinguish between suspicious and benign activity, leading to high false positive rates and operational inefficiencies. AI, by contrast, can learn from historical data to detect subtle anomalies, adapt to evolving fraud tactics and prioritise high-risk alerts with greater precision.
When layered with alert triage capabilities, AI can intelligently suppress low-value alerts and false positives, freeing up human investigators to focus on genuinely suspicious activity. At the more advanced stages, deep learning models can detect behavioural changes and suspicious network clusters, providing a multi-dimensional view of risk that static systems simply can’t match.
Of course, transparency and explainability in AI models are crucial. With regulations like the EU AI Act mandating interpretability in AI-driven decisions, institutions must make sure that every alert or action taken by an AI system is auditable and understandable. This includes clear justifications, visual tools such as link analysis, and detailed logs that support human oversight.
Alongside AI, automation continues to play a key role in modern compliance strategies. Automated sanction screening tools and watchlist screening, for example, help institutions maintain consistency and accuracy across jurisdictions, especially as global lists evolve in response to geopolitical events.
Similarly, customisable regulatory reporting tools, powered by automation, allow compliance teams to adapt to shifting requirements under various frameworks. One example is the upcoming enforcement of ISO 20022, which introduces a global standard for payment messaging. Its structured data format demands upgraded systems and more precise compliance screening, making automation and data interoperability more critical than ever.
This is particularly important in light of the ongoing talent shortages across the sector. With newer entrants still building the necessary expertise, automation and AI can help bridge the gap and allow teams to focus on complex tasks instead.
The future of compliance
As the regulatory compliance landscape becomes more fragmented, compliance can no longer be treated as a tick-box exercise. It must evolve into a dynamic, intelligence-led capability, one that allows institutions to respond to change, manage risk proactively and operate with confidence across jurisdictions.
To achieve this, institutions must rethink how compliance is structured, resourced and embedded into the fabric of financial operations. Those that do, and use the right tools in the process, will be better positioned to meet the demands of regulators today and in the future.
Business
Why Shorter SSL/TLS Certificate Lifespans Are the Perfect Wake-Up Call for CIOs

By Tim Callan, Chief Compliance Officer at Sectigo and Vice-Chair of the CA/Browser Forum
Let’s be honest: AI has been the headline act this year. It’s the rockstar of boardroom conversations and LinkedIn thought leadership. But while AI commands the spotlight, quantum computing is quietly tuning its instruments backstage. And when it steps forward, it won’t be playing backup. For CIOs, the smart move isn’t just watching the main stage — it’s preparing proactively for the moment quantum takes center stage and rewrites the rules of data protection.
Quantum computing is no longer a distant science project. NIST has already published standards for quantum-resistant algorithms and set a clear deadline: RSA and ECC, the cryptographic algorithms that protect today’s data, must be deprecated by 2030. We’re no longer talking about “forecasts;” we are talking about actual directives from government organizations to implement change. And yet, many organizations are still treating this like a future problem. The reality is that threat actors aren’t waiting. They’re collecting encrypted data now, knowing they’ll be able to decrypt it later. If we wait until quantum machines are commercially viable, we’ll be too late. The time to prepare is before the clock runs out and, unfortunately, that clock is already ticking.
For CIOs, this is an infrastructure and risk management crisis in the making. If your organization’s cryptographic infrastructure isn’t agile enough to adapt, the integrity of your digital operations and the trust they rely on could very soon be compromised.
The Quantum Threat Is Already Here
Quantum computing’s potential to disrupt global systems and the data that runs through it is not hypothetical. Attackers are already engaging in “Harvest Now, Decrypt Later” (HNDL) strategies, intercepting encrypted data today with the intent to decrypt it once quantum capabilities mature.
Recent research found that an alarming 60% of organizations are very or extremely concerned about HNDL attacks, and 59% express similar concern about “Trust Now, Forge Later” threats, where adversaries steal digitally signed documents to forge them in the future.
Despite this awareness, only 14% of organizations have conducted a full assessment of systems vulnerable to quantum attacks. Nearly half (43%) of organizations are still in a “wait and see” mode. For CIOs, this gap highlights the need for leadership: it’s not
enough to know the risks exist, you must identify which systems, applications, and data flows will still be sensitive in ten or twenty years and prioritize them for PQC migration.
Crypto Agility Is a Data Leadership Imperative
Crypto agility (the ability to rapidly identify, manage, and replace cryptographic assets) is now a core competency for IT leaders to ensure business continuity, compliance, and trust. The most immediate pressure point is SSL/TLS certificates. These certificates authenticate digital identities and secure communications across data pipelines, APIs, and partner integrations.
The CA/Browser Forum has mandated a phased reduction in certificate lifespans from 398 days today to just 47 days by 2029. The first milestone arrives in March 2026, when certificates must be renewed every six months, shrinking to near-monthly by 2029.
For CIOs, it’s not just an operational housekeeping issue. Every expired or mismanaged certificate is a potential data outage. That means application downtimes, broken integration, failed transactions and compliance violations. With less than 1 in 5 organizations prepared for monthly renewals, and only 5% fully automating their certificate management processes currently, most enterprises face serious continuity and trust risks.
The upside? Preparing for shortened certificate lifespans directly supports quantum readiness. Ninety percent of organizations recognize the overlap between certificate agility and post-quantum cryptography preparedness. By investing in automation now, CIOs can ensure uninterrupted operations today while laying a scalable foundation for future-proof cryptographic governance.
The Strategic Imperative of PQC Migration
Migrating to quantum-safe algorithms is not a plug-and-play upgrade. It’s a full-scale transformation. Ninety-eight percent of organizations expect challenges, with top barriers including system complexity, lack of expertise, and cross-team coordination. Legacy systems (many with hardcoded cryptographic functions) make this even harder.
That’s why establishing a Center of Cryptographic Excellence (CryptoCOE) is a critical first step. A CryptoCOE centralizes governance, aligns stakeholders, and drives execution. According to Gartner, by 2028 organizations with a CryptoCOE will save 50% of costs in their PQC transition compared to those without.
For CIOs, this is a natural extension of your role. Cryptography touches every layer of enterprise infrastructure. A CryptoCOE ensures that cryptographic decisions are made with full visibility into system dependencies, risk profiles and regulatory obligations.
By championing crypto agility as an infrastructure priority, CIOs can transform PQC migration from a technical project into a strategic initiative that protects the organization’s most critical assets.
The Road Ahead
The shift to 47-day certificates is a wake-up call. It marks the end of static cryptography and the beginning of a dynamic, agile era. Organizations that embrace this change will not only avoid outages and compliance failures, but they’ll be also prepared for the quantum future.
Crypto agility is both a technical capability and a leadership mandate. For CIOs, the path forward to quantum-resistant infrastructure can be clear: invest in automation, build cross-functional alignment, and treat cryptographic governance as a core pillar of enterprise resilience.
Business
The Security Talent Gap is a Red Herring: It’s Really an Automation and Context Gap

by Tom Gol, Senior Product Manager Armis
We constantly hear about a cybersecurity staffing crisis, but perhaps the real challenge isn’t a lack of people. It might just be a critical shortage of intelligent automation and actionable context for the talented teams we already have.
The Lingering Shadow of the “Talent Gap” Narrative
It’s almost a mantra in cybersecurity circles: “There’s a massive talent gap!” Conferences echo it, reports reinforce it, and CISOs often feel it acutely. This widely accepted idea suggests we simply don’t have enough skilled professionals, leading to overworked teams, burnout, and, most critically, persistent organizational risk. The default response often becomes a relentless cycle of “buy more tools, tune more tools, and staff more teams”—a cycle that feels increasingly unsustainable and inefficient.
But what if this pervasive “talent gap” is actually a clever red herring, distracting us from a more fundamental issue? We’ve grown so accustomed to the narrative of a human deficit that we often overlook a crucial truth: current technology is already capable of significantly narrowing this very gap. My strong conviction is this: the true underlying problem isn’t a shortage of available talent, but a profound and crippling gap in intelligent automation and actionable context that prevents our existing cybersecurity professionals from operating at their full potential. What’s more, advancing on the technology side now presents a demonstrably better return on investment than simply trying to out-hire the problem. Fill that gap with smarter tech, and watch the perceived talent shortage shrink.
Misdiagnosis: When More People Isn’t the Answer
For too long, the cybersecurity industry’s knee-jerk reaction to mounting threats has been to throw more human resources at the problem. Yet, the attack surface continues its relentless expansion. Threat actors become more sophisticated. And our SOCs are constantly drowning in an unfiltered deluge of alerts. This creates an overwhelming workload that even the most seasoned experts find impossible to manage effectively, often resulting in burnout and, ironically, talent attrition rather than retention.
The issue isn’t that a lack of bright minds are joining the field. It’s that those brilliant minds often find themselves mired in monotonous, low-value tasks. They’re forced to operate in a thick fog of incomplete information, constantly sifting through noise. When security teams lack clarity on exactly what assets they own, how those assets connect, what their true business criticality is, and which threats are genuinely active, even the most experienced professional struggles. Their effectiveness diminishes, not from a lack of inherent skill, but from a fundamental absence of visibility and intelligent support.
Automation and AI: The True Force Multiplier for Human Talent
The real power move against the overwhelming tide of cyber threats lies not in endless recruitment, but in the intelligent application of automation and AI. Leading industry discussions increasingly highlight that the purpose of AI in cybersecurity isn’t about wholesale human replacement. Instead, it’s about augmenting our existing staff, turning them into a far more potent force. This approach fundamentally allows organizations to scale their expertise and impact without being shackled to proportional headcount increases. Let’s unpack how this transformation plays out.
Freeing Up Human Capital from the Mundane
Imagine a security analyst whose day is consumed by hours of manual investigation, enriching alerts, triaging false positives, responding to routine questionnaires, or laboriously transitioning tickets. These are precisely the kinds of non-human, deterministic, and highly repetitive tasks ripe for intelligent automation. AI agents can seamlessly take on this soul-crushing burden, liberating human analysts. They are then free to pivot towards higher-value, creative, judgment-based, and genuinely strategic work. This transforms security teams from reactive task-runners into proactive problem-solvers. Projections suggest that common SOC tasks could become significantly more cost-efficient in the coming years due to automation—a shift that’s not merely about saving money, but about amplifying human potential.
Supercharging Productivity and Experience
Modern AI, particularly multi-agent AI and generative AI, can proactively offer smart advice on configurations, predict the root causes of complex issues, and integrate effortlessly with existing automated frameworks. This empowers security professionals, making their work not just more efficient but also more engaging and less prone to drudgery.
The Indispensable Power of Context: Lowering the “Expertise Bar”
While automation tackles the sheer volume of work, context provides the vital clarity that fundamentally reduces the need for constant, deep-seated expertise in every single scenario. When security professionals have immediate, rich, and actionable context about a vulnerability or an emerging threat, the path to intelligent prioritization and decisive action becomes remarkably clearer.
Consider the profound difference this context makes:
- Asset Context: Knowing not just that a vulnerability exists, but precisely which specific device it resides on—is it a critical production server, or an isolated, deprecated test machine?
- Business Application Context: Understanding the exact business function tied to that asset, and the tangible financial or operational impact if it were to be compromised.
- Network Context: Seeing the asset’s intricate network connections, its precise exposure level, and every potential path an attacker could take for lateral movement.
- Compensating Controls Context: Having a clear, real-time picture of which existing security controls (like network segmentation, EDRs, or Intrusion Prevention Systems) are actually in place and effectively working to mitigate the vulnerability’s risk.
- Threat Intelligence Context: Possessing real-time, “active exploit” intelligence that doesn’t just theorize, but tells you if a vulnerability is actively being exploited in the wild, or is part of a known attack campaign targeting your industry.
With this deep, multidimensional context, a significant portion of the exposure management workload can be automated. Crucially, for the tasks that still require human intervention, the “expertise bar” is dramatically lowered. My take is that for a vast majority of cases—perhaps 90% of scenarios—a security professional who isn’t a battle-hardened, 20-year veteran can still make incredibly effective decisions and significantly improve an organization’s cyber posture. This is because they are presented with clear, actionable context that naturally guides prioritization and even recommends precise actions. The result? A drastic reduction in alert noise, faster detection and response times, and a palpable easing of the burden on the entire security team.
Navigating the Human Element: Skills Evolution and Burnout
This powerful shift towards automation and AI naturally brings legitimate questions about skills erosion. Some experts prudently point out a valid risk: a significant portion of SOC teams might experience a regression in foundational analysis skills due to an over-reliance on automation. This underscores a critical truth: we must keep humans firmly in the loop. For highly autonomous SOCs, a “human-on-the-loop” approach is recommended, reserving human intervention for complex edge cases and critical exceptions.
CISOs, therefore, face an evolving mandate:
- Future-Proofing Skills: It’s less about filling historical roles and more about nurturing new competencies like prompt engineering, sophisticated AI oversight, advanced critical thinking, and strategic problem-solving.
- Combating Burnout: Beyond just tools, effective talent retention demands proactive measures to address burnout. This includes intelligent workload monitoring, smart task delegation, and genuine wellness initiatives. The ultimate goal isn’t just to fill empty seats; it’s to ensure that the people in those seats are effective, sustainable, and thriving.
A New Mindset for CISOs: Embracing the “Chief Innovation Security Officer” Role
The ongoing “talent gap” discussion should be a catalyst for CISOs to adopt a fundamentally new mindset. Instead of simply focusing on cost-cutting or the perpetual struggle of recruitment, they must evolve into “Chief Innovation Security Officers.” This means daring to rethink how work gets done, leveraging AI and automation not merely as tactical tools but as strategic enablers for scaling cybersecurity capabilities and unlocking the full potential of their existing talent. This strategic investment in technology, driven by an understanding of context, offers a superior ROI in bridging the cybersecurity “gap” compared to the increasingly futile effort to simply hire more people.
Building robust AI governance frameworks and achieving crystal-clear visibility into existing AI implementations and technical debt are crucial foundational steps. Ultimately, solving the perceived talent gap isn’t about endlessly hiring more people into an unsustainable system. It’s about empowering the talented individuals we do have—making them more efficient, more effective, and more strategically focused—through the intelligent application of automation and unparalleled context. It’s time to stop chasing a phantom gap and start truly empowering our digital defenders.

Adapting compliance in a fragmented regulatory world

Why Shorter SSL/TLS Certificate Lifespans Are the Perfect Wake-Up Call for CIOs

The Security Talent Gap is a Red Herring: It’s Really an Automation and Context Gap

How 5G and AI are shaping the future of eHealth

Combating Cyber Fraud in the Aviation Industry
