Leading managed services provider Espria warns that traditional security measures are slowing down workforces and failing to stop lateral movement attacks.
With businesses grappling with the “productivity lag” of legacy security - lost employee time, operational inefficiencies and disrupted workflows - the current approach to employee protection is only continuing to create dangerous friction that compromises operations. Cyber threats have evolved from simple data theft to sophisticated business continuity disruption, leaving organisations with a paradox of addressing both their greatest asset and most significant vulnerability; its workforce.
Only a strategic pivot to Zero Trust architecture can enable organisations to secure modern hybrid workplaces and make security invisible but uncompromising. This is argued by Brian Sibley, Virtual CTO at Espria.
"Let’s not forget that the National Cyber Security Centre has recently updated its 'Demystifying Zero Trust' guidance within the Zero Trust Architecture collection, reaffirming eight core principles for enterprise adoption, a clear signal that addressing this issue is now a matter of urgency. The C-suite leadership challenge for 2026 is not just about locking down your network but protecting employees without slowing down operations. Clunky VPNs, endless password resets and intrusive authentication steps are leading to mass user fatigue and corners being cut entirely. This friction is not just a mild inconvenience, but a security flaw that attackers are actively aiming to exploit. Today’s boardrooms need to shift their security approach. Too many organisations are continuing to operate on the outdated model of 'trust but verify.’ This is creating massive barriers for employees simply trying to do their jobs.”
Sibley continues by outlining the need to flip the script and build confidence through a Zero Trust approach.
“Zero Trust is about building confidence rather than additional hurdles for employees. When we remove the friction and allow employees to work remotely yet securely – without needing to jump through extensive hoops – we’re not just improving their working experience but creating stronger business security. Behind the scenes, every login is verified and every device assessed. If a credential looks compromised or a location appears anomalous, the system can react instantly, isolating risk before it spreads. This allows employees to focus on performance, rather than worrying if their next click could cost the company millions.”
Sibley continues,
“Modern cybercriminals are focusing on lateral movement attacks, transforming a single compromised account quickly into a systemic failure. High-profile breaches throughout 2025 have demonstrated that even the most sophisticated organisations can be undone by implicit trust within business networks. A Zero Trust approach mitigates this by transforming security from a reactive firefight into proactive resilience. By segmenting networks and automating responses, businesses can limit the "blast radius" of any potential intrusion.”
Sibley concludes by addressing the strategic payoff for C-suites across UK businesses.
“For CEOs and CFOs, the move to Zero Trust offers benefits that extend far beyond the IT department. By stopping lateral movement, companies significantly lower the risk of financial shocks and reputational crises, and proactive, auditable security measures keep regulators satisfied and penalties at bay. Robust security measures can then become a competitive differentiator rather than a backend necessity. Zero Trust is not just about technology, but also a leadership mindset. In choosing to build a more robust security approach, CEOs and their senior leaders have the power to make their business security a growth enabler, not a constraint, lest they risk becoming the next big cyberattack headline in the new year.”
