“The threat is getting more complex – and faster.” That’s the stark assessment from Chris Parker MBE, director of government strategy at Fortinet and vice chair of techUK’s Cyber Resilience Committee.
Across a wide-ranging conversation, Parker paints a picture of a public sector that is simultaneously awakening to the realities of a new cyber era, while at the same time grappling with deep-rooted structural and cultural constraints that compound the challenge of responding with adequate speed and dexterity.
Having spent nearly five years at Fortinet shaping engagement with national agencies and public-sector clients, Parker speaks from both strategic and operational vantage points. His remit includes managing relationships with central government, contributing to regulatory and policy dialogues, and supporting public-sector organisations as they navigate an increasingly complex digital landscape.
At the heart of that journey is the move away from reactive cybersecurity – patching, firefighting, and chasing down incidents – into what Parker refers to as “the continuous threat exposure management era”. This shift acknowledges that adversaries no longer wait for the right moment. They scan, breach, and exploit at speed and scale.
“We’re now in an era of automation and integrated response,” Parker explains. “We have to accept that the threat is not just evolving, it’s accelerating.”
He insists the UK government has made significant progress, pointing to the National Cyber Security Centre (NCSC) providing “strong expert guidance” across departments, and praising the guiding principles of the Government Cyber Security Strategy. But the operational reality is more fragmented. With 24 ministerial departments operating independently – each with their own budgets, priorities, and tech stacks – the government often resembles a collection of siloed enterprises rather than a unified organisation.
“If the UK government were a business, it would have a CISO and a centralised plan,” Parker explains. “Instead, you’ve got departments making separate purchasing decisions, using different technologies, and often operating on legacy systems. That makes coherence incredibly hard.”
This fragmentation creates hurdles, not just for internal coordination, but also for collaboration with industry partners. Procurement processes, a lack of standardisation, and mistrust between public bodies and private enterprise have all, at times, slowed progress. Yet here too, Parker detects positive momentum. “There are green shoots,” he says. “Some departments are collaborating exceptionally well and saving taxpayer money by consolidating systems and reducing complexity.”
That spirit of collaboration is something Parker champions at every opportunity. Fortinet has long advocated for a “defend as one” model, which sees industry and government working side-by-side. “It’s not just about products or platforms. It’s about building trusted relationships,” he says. “At the strategic level, we’re seeing real success – especially through initiatives like the World Economic Forum’s Partnership Against Cybercrime, and the Cyber Threat Alliance, of which Fortinet was a founding member.”
But for this model to flourish, cultural change is essential. “Too often, people see asking for help as a weakness. We need to move past that,” Parker argues. “Cybersecurity isn’t just a technology issue—it’s a question of people and processes. And confidence only comes with education and practice.”
Parker is especially vocal about the need to embed cyber awareness across the entire workforce, not just among IT specialists. “We must create a generation of human firewalls,” he says, advocating for mandatory, ongoing training for all public-sector employees. “It’s like fire safety: there cannot be an opt-out.” The Fortinet executive points to his own company’s commitment to provide free training to one million people in cybersecurity by the end of next year – a target he says they are well on the way to hitting.
Such training and education becomes more pressing with the rise of AI. While Parker doesn’t believe AI necessarily alters the nature of the threats, he does see it as an accelerant. “Bad actors can now use generative tools to create social engineering campaigns or malware at scale,” he warns. “It lowers the barrier to entry for cybercrime.” On the flip side, Fortinet and others are using AI to constantly enhance defences to anticipate new attack vectors.
Still, Parker cautions that AI also presents internal risks. Public servants using tools like ChatGPT and Copilot must understand the implications of outsourcing sensitive data to third-party platforms. “It’s about education again,” he says. “People need to realise that what feels convenient may not be safe.”
Looking ahead, Parker is cautiously optimistic. He acknowledges the structural and cultural hurdles faced by the public sector but sees a growing recognition – across government and industry – of the shared responsibility to build resilience. “The technology is there,” he says. “Now it’s about people, leadership, and mindset.”
With UK policymakers in the process of drafting new legislation aimed at codifying cyber resilience requirements, Parker believes the balance between voluntary improvement and mandatory compliance is shifting. “There will be more compulsion and less option in future,” he says. “And that’s not a bad thing. We’ve changed public behaviour at scale on seatbelts, on smoking. We can do the same for cyber, if we work together.”
Related
