Global Component Shortage Bulletin: Providing regular updates on global component availability and supply chain conditions. Learn more.

XMA Logo

XMA Store

Search
X-twitter Linkedin Youtube
XMA Logo
Home » Public Sector

Archive

5 Realities of the Current UK IT Market

The UK IT market is currently a high-stakes environment where traditional demand signals have been replaced by supply-side volatility. For organisations planning their 2026 technology investments, understanding this shift is the only way to ensure project delivery and cost certainty.

As our Industry Expert notes, the market is no longer behaving in a traditional demand-led way:

“Availability, component mix, and cost coverage are increasingly the factors that determine what can be sold, when, and at what price.”

Here is how you should navigate this supply-led landscape to avoid order disruption and budget overruns.

  1. Distorted Demand Signals

Recent data suggests growth in the commercial PC sector, but true end-user demand is currently difficult to read. Several factors are creating “noise” in the market:

  • Pull-forward behaviour: Organisations are bringing purchases forward to bypass anticipated price hikes or supply risks.
  • Pricing volatility: Frequent changes make quarter-to-quarter comparisons difficult and blur the line between real incremental demand and simple timing effects.
  • Inventory positioning: Reported growth often reflects stock positioning by partners rather than actual sell-out to customers.

 

  1. Configuration is the Primary Driver of Cost

The operating environment is currently being shaped by component cost pressure, specifically in memory and storage. According to our Industry Expert:

“Pricing and lead times will continue to vary by configuration rather than by product family alone, and changes are often driven by factors outside of any single vendor’s direct control.”

Higher-spec configurations are the most exposed to these pressures. This means that two similar devices from the same technology partner may have vastly different delivery timelines based purely on their internal components.

 

  1. Predictability Requires Standardisation

Historical cycles of pricing stability are being replaced by a more reactive model.

  • Where stability exists: Pricing is most reliable where supply is broad and the component mix is standardised.
  • The risk of bespoke builds: Niche or high-performance configurations are highly exposed to late re-quotes and delays.
  • Alignment is key: Longer price holds are only possible when the configuration and availability are perfectly aligned from the start.

 

  1. Lead with Availability, Not Just Specification

The most effective way to manage your technology pipeline is to prioritise what can be delivered today. As our Industry Expert explains:

“Customers value clarity upfront more than locked pricing that cannot ultimately be honoured.”

We recommend starting procurement conversations with standard configurations that have a reliable supply chain. Being transparent about the risks associated with non-standard builds reduces surprises and allows for better long-term planning.

 

  1. The Outlook for the Rest of the Year

We expect continued variability in supply and cost through the end of October and the remainder of the calendar year. While availability is improving incrementally, it is not uniform across all builds. Our Industry Expert summarises the strategy for success:

“In a market shaped by supply, cost and OEM behaviour rather than clean demand, predictability comes from alignment, not rigidity.”

Secure Your Technology Pipeline

Navigating a changeable landscape requires a partner who prioritises transparency over rigid, unachievable promises. XMA’s agility as a privately-owned business and deep relationships with technology partners allow us to steer your requirements toward available supply, ensuring delivery confidence for your critical projects.

Contact your XMA Account Manager today to align your configurations with current market availability, or talk to us at enquiries@xma.co.uk.

The Browser is Now the Security Perimeter

85% of the workday now takes place inside a browser*. So why is your security infrastructure still anchored to a network edge that your employees have long since left behind? This isn’t just a technical misalignment, it could be leaving UK IT leaders completely blind to the risks of a modern workforce. While the way we work has evolved, the way we secure that work has remained static, creating a significant window of opportunity for modern threats. 

Standard browsers are not designed to protect against risks like Shadow AI, where proprietary data is pasted into unapproved LLMs, or visual leaks via smartphone photos. If your security doesn’t live where your employees actually work, how can you expect to see the danger coming? 

 

Cutting the “Legacy Tax” 

Many UK organisations remain tethered to expensive VPNs and resource-heavy VDI environments just to support one or two “heritage” Windows applications. This “Legacy Tax” results in high licensing and hardware costs for a fragmented environment that is notoriously difficult to secure. 

XMA provides a unified control plane that moves security directly to the browser tab. We partner with industry leaders like Google Chrome Enterprise Premium and Cameyo to deliver this solution, allowing legacy applications to run as individual tabs within a secure browser environment. It is time to stop supporting expensive legacy anchors and start securing the modern workspace. 

 

Tangible Outcomes for UK IT Leaders 

By shifting to a browser-based approach, you can implement context-aware actions and robust data loss prevention (DLP) policies: 

  • GenAI Guardrails: Use contextual prompts to block data transfers to unapproved AI tools. 
  • Visual DLP: Protect sensitive information with dynamic watermarking and screenshot blocking. 
  • Cost Efficiency: Access a complete security solution for £6 per user per month while extending the life of your current hardware. 
  • Zero-Provisioning: Remove the need for VPNs or client-side agents on endpoints entirely. 

 

Build Your Roadmap 

Modernising your security posture does not require a “big bang” migration. XMA recommends a phased approach, starting with a 60-day Proof of Value. 

This allows you to test premium features (including deep malware scanning and URL filtering) for up to 5,000 users. There is zero cost to begin, and crucially, there is no impact on end-user productivity during the testing phase. Why remain blind to your risks when you can see the solution for yourself? 

Download our eGuide Now

*https://start.paloaltonetworks.com/Omdia-state-of-workforce-security

XMA Awarded Key Position on New Welsh Government IT Framework

XMA has secured a place on the new Welsh Government Commercial Delivery (WGCD) – IT Products and Services Framework (iii). Commencing April 1, 2026, this framework provides all Welsh public sector organisations with a compliant and efficient route to procure essential Technology and Managed Print services.

Public sector procurement is often defined by the need to meet stringent security and value-for-money requirements. By using this framework, Welsh organisations can simplify their supply chain while ensuring adherence to government standards. 

 

Broad Capability Across Four Critical Lots

XMA are one of only three companies appointed to four of the five available lots. This position allows us to act as a consolidated provider for the entire IT stack alongside the provision of Managed Print services, reducing the administrative burden of managing multiple vendor contracts.

We have been awarded places on the following lots:

  • Lot 1 – Hardware:Provision of end-user devices, infrastructure, and peripheral equipment.
  • Lot 2 – Software:Licensing, management, and software-based solutions.
  • Lot 4 – MFDs / Print:Managed print services and multi-functional devices.
  • Lot 5 – Integrated Solutions:Delivery of complex, multi-technology projects.

All Lots do allow for Direct Award alongside quotation and tender requests

 

Supporting the Welsh Public Sector

This award reinforces XMA’s status as a Compliant Specialist within the public sector. Our focus remains on delivering value-for-money and operational resilience to schools, local authorities, and NHS bodies across Wales.

Instead of navigating fragmented procurement routes, Welsh public bodies can

utilise XMA’s proven track record to deliver secure, stable, and scalable technology.

For more information on how to access XMA via the WGCD framework from April 2026, please contact our dedicated teams at wales@xma.co.uk

TePAS2 Procurement: Moving Beyond the Hardware List

Public sector IT procurement is often characterised by complexity, fragmented frameworks, and the pressure to demonstrate value-for-money under strict regulatory oversight. While the Technology Products and Associated Services 2 (TePAS2) framework, was designed to simplify this process, many organisations still struggle to utilise its full potential beyond simple hardware acquisition. 

At XMA, we help you move past these hurdles. We provide the technical knowledge and framework expertise required to ensure your projects are delivered on time and within budget. 

 

Little-Known Opportunities Within TePAS2 

Most buyers use TePAS2 for standard laptops or servers, but the framework offers several overlooked services that can improve project efficiency: 

  • Lot 8 Direct Award: For low-value or low-complexity items, organisations can use the Purchasing Platform to buy directly from XMA without a lengthy bidding process, saving significant administrative time. 
  • Sustainability as a Service: Under Lot 7, you can procure refurbished and remanufactured hardware. This allows you to meet Environmental, Social, and Governance (ESG) targets while reducing the initial capital outlay for new equipment. 
  • Flexible Financial Models: TePAS2 supports leasing and “as-a-service” models. This moves IT spend from a large upfront capital expense (CapEx) to a predictable monthly operational expense (OpEx), which is often easier to secure within public sector budgets. 

 

The XMA Advantage: End-to-End Project Delivery 

A common mistake in public sector procurement is treating hardware acquisition as a separate event from implementation and long-term support. XMA’s position on over 40 public sector frameworks, including G-Cloud and various CCS agreements, allows us to handle every aspect of your project. 

  1. Consultancy & Design: We use our knowledge and expertise to provide clear technical assessments before you buy, ensuring the chosen technology aligns with your strategic goals. 
  1. Mult-Framework Integration: If a project requires cloud hosting (G-Cloud) alongside physical infrastructure (TePAS2), XMA can handle it all. This eliminates the need for you to manage multiple vendor contracts and SLAs. 
  1. Lifecycle Management: We can provide configuration, installation, and user training as part of the initial delivery, followed by UK-based support and responsible recycling (ITAD) at the end of the product’s life. 

 

By working with XMA, you are not just “buying boxes.” You are securing a partner with a proven track record of managing projects across the UK public sector. We handle the procurement intricacies so you can focus on delivering essential public services. 

 

For more information about our full range of frameworks we operate in, click here

To talk directly to our frameworks team, email us at frameworks@xma.co.uk 

Why Your Supply Chain is Your New Security Perimeter

Picture of Scott Wright

Scott Wright

Scott is XMA’s Head of Pre-Sales. An IT industry greybeard, he believes strongly that proper planning & preparation prevents disasters waiting to happen.

In my role heading up the Pre-Sales team here at XMA, I spend a lot of time looking at the “big picture” of IT security for our public sector clients. One trend is becoming impossible to ignore: the shift from internal network security to the complex, often opaque world of supply chain risk.

Historically, we focused on “locking the front door” of the organisation. But today, your operational resilience is only as strong as the least secure vendor in your ecosystem.

 

The Government’s Clear Signal on Supply Chain Risk

The UK government isn’t just suggesting we take this seriously, they are providing a direct mandate. The official guidance on tackling security risk in government supply chains identifies third-party vulnerabilities as a primary threat to national infrastructure.

For public sector bodies (from local authorities to the NHS) the message is clear: you are responsible for the security of the data you handle, regardless of which third party is processing or storing it.

 

The Evolution: From Cyber Essentials Plus to NIS

Most of you have (hopefully) already achieved Cyber Essentials Plus (CSE+). That is a vital baseline, but it is no longer the finish line. The government is now pushing for public sector verticals to align with the Network and Information Systems (NIS) Regulations.

Moving toward NIS compliance requires a move away from “point-in-time” security. You can’t just check a box once a year. You need:

  • Complete Visibility: A clear map of every entity that has access to your network or data.
  • Continuous Assessment: A way to monitor the security posture of your suppliers in real-time.
  • Proactive Mitigation: The ability to identify a supplier’s weakness before it becomes your breach.

 

The Legislative Hammer is Coming

We are tracking pending legislation that will make supply chain risk management mandatory for several public sector verticals. Far from just avoiding a fine, it centres around maintaining your ability to operate. Non-compliance could lead to exclusion from critical procurement frameworks like G-Cloud or the Crown Commercial Service (CCS).

 

How XMA and Risk Ledger Solve the Complexity Problem

Managing this manually via spreadsheets is a recipe for failure. It’s slow, inaccurate, and data is out of date the moment it’s saved.

XMA utilises partners such as Risk Ledger to replace that manual headache with a professionalised, automated platform. Instead of chasing suppliers for audits, Risk Ledger provides a “social network” of security data.

  • Defensible Compliance: We provide the evidence and data needed to prove your due diligence to auditors and your board.
  • Reduced Overhead: Automating the assessment process frees up your internal IT team to focus on strategic projects.
  • Real-Time Alerts: If a supplier’s security status changes, you know immediately – allowing you to take action before a risk turns into a crisis.

 

Let’s Secure Your Chain

Security is about resilience. In the public sector, it’s also about public trust. At XMA, we’re not interested in selling you products, we work with you to implement a compliant, scalable framework that protects your organisation and the citizens you serve.

Navigating the Memory Price Surge: Stability in a Volatile Market

The global IT hardware market is currently facing significant headwinds. With DRAM contract prices almost doubling in early 2026, organisations across the UK are re-evaluating their device procurement and refresh strategies.

To understand how XMA is helping customers maintain stability during this period of volatility, we sat down with our Commercial Director, Paul Hamilton. Paul shares insights into how we use our Tier-1 partnerships and UK-based logistics to provide certainty for Enterprise and Public Sector (CPS) organisations.

How XMA Is Supporting Enterprise and CPS Customers Amid Rising DRAM Costs

Paul Hamilton: “With DRAM contract prices almost doubling in early 2026, many organisations are understandably concerned about the impact on their device procurement and refresh strategies. At XMA, we are taking proactive and measurable steps to help our customers maintain stability, predictability and value during this period of market volatility.”

  • Strategic Engagement at Executive Level: “We are in active, ongoing C‑suite dialogue with the world’s largest PC manufacturers. These direct relationships ensure we have early visibility of market movements, production constraints and forthcoming allocation changes enabling us to advocate for our customers at the highest level.”
  • Tri‑Party Engagement for Transparency: “Where appropriate, we facilitate tri‑party conversations between customers and our tier 1 vendors. This gives organisations a clear, unfiltered view of the vendor’s position, supply outlook and pricing dynamics. It ensures decisions are informed by real time insights rather than assumptions or market noise.”

     

  • Maximising the Channel Ecosystem: “XMA works across the breadth of the channel ecosystem to secure the best possible availability and inventory positions for our customers. By leveraging our scale, partner status and long standing relationships, we ensure our customers benefit from priority access to the latest stock positions and market intelligence.”
  • Secured, Ring‑Fenced Inventory: “For strategic partner accounts, we are already securing and ring‑fencing dedicated inventory in advance. This provides our customers with more predictable planning cycles, reduced exposure to sudden price spikes and assurance that the devices they require will be available when they need them.”

Budget Resilience: Evidence-Based Advice for IT Directors

For IT Directors managing multi-year refresh cycles, what evidence-based advice are we giving to help them demonstrate the ROI of proceeding with upgrades now versus waiting for a price reversal that analysts suggest is unlikely before 2027?

Paul Hamilton: “This discussion extends beyond immediate cost pressures and moves into a broader strategic assessment of organisational resilience and value creation. While rising component prices will influence deployment budgets, the wider geopolitical landscape spanning security threats, productivity demands, and ongoing supply chain volatility means that delaying refresh cycles often introduces greater operational and financial risk.”

“To support IT Directors in demonstrating clear, evidence‑based ROI, XMA partners with customers through structured innovation workshops. These sessions provide up‑to‑date insight on advancements in security, AI‑driven productivity, endpoint performance, and professional services.”

Supply Chain Agility: Strengthening UK Logistics

What specific changes have we made to our UK-based fulfilment and logistics operations to ensure we can still meet “just-in-time” delivery requirements despite global component shortages?

Paul Hamilton: “XMA has taken a series of proactive steps to strengthen our UK‑based fulfilment and logistics operations, ensuring we can continue to meet “just‑in‑time” delivery expectations despite global component shortages.”

“We have worked closely with our Tier 1 vendors to analyse market demand patterns, forecast volatility, and secure forward‑looking inventory positions within our UK logistics facility. By committing to early allocation and ring‑fenced stock, we can protect customers from both sudden availability constraints and unpredictable price fluctuations.”

“In practical terms, this operational model allows us to:

  • Hold dedicated inventory locally, enabling reliable next‑day delivery across the UK.

     

  • Reduce the impact of global supply chain disruption, thanks to pre-secured and strategically stored stock.

     

  • Provide greater pricing stability, insulating customers from short-term spikes driven by component scarcity.

     

  • Streamline fulfilment workflows, ensuring devices can be configured, kitted and dispatched rapidly from within the UK.

     

  • Strengthen vendor collaboration, giving us early visibility of constraints and enabling smarter sourcing decisions.”

What Does This Mean For Our Customers?

Navigating market volatility requires more than just reactive purchasing, it demands a partner with the scale and relationships to provide stability. By prioritising forward-looking inventory and direct vendor engagement, XMA ensures your technology roadmaps remain on track despite global component pressures.

Get in touch with your XMA account manager to discuss your upcoming IT projects, or contact us directly at enquiries@xma.co.uk to learn how we can protect your hardware budget.

New White Paper: How Esports Facilities Impact University Recruitment and Student Success

The UK higher education sector is in a period of intense competition. To secure the best talent, institutions must offer facilities that deliver a tangible return on investment. For years, esports labs were viewed by many observers as expensive recreational add-ons. 

That view is now obsolete. 

A new survey conducted by XMA in partnership with Logitech provides the hard data to correct the record. We surveyed 1,000 current and prospective university students to separate anecdote from fact. The results are conclusive: advanced computing facilities are directly correlated to a university’s ability to attract students, support their wellbeing, and prepare them for the modern workplace. 

Here is the reality of the student demand. 

Read The Full Survey

A Deciding Factor in Recruitment 

For the majority of prospective students, a university’s digital infrastructure is a primary litmus test for the institution’s quality. 

The report reveals that 60% of respondents state that the presence of dedicated gaming facilities would encourage them to choose a specific university. Perhaps more importantly for risk-averse administrators, only 1.5% said it would discourage them. 

The rhetoric that gaming distracts from serious study holds no weight with the students themselves. Instead, a well-equipped lab signals that the university understands the technology and culture that defines their generation. It converts an IT investment directly into a recruitment asset. 

 

The Demographic Reality Check 

University administrators often view “gamers” as a niche male demographic. The data dismantles this stereotype entirely. 

88% of students surveyed play games at least once a week, with 50% playing daily. Furthermore, this is not a gender-specific activity. While 93% of male respondents play weekly, a massive 85% of female respondents do the same. 

Investing in esports and advanced computing does not serve a minority interest, it serves the vast majority of your student intake. If you ignore this demographic, you ignore nearly 9 out of 10 students walking onto your campus. 

 

More Than Just Gameplay: The Academic Link 

Students view these facilities as practical learning environments, not just arcades. They see a direct line between high-spec hardware and their professional futures. 

  • Career Preparation: 83.4% of students say that access to emerging technologies (like AI, VR, and high-spec computing) is important for their future careers. 
  • Skill Transfer: Students explicitly associate these facilities with developing marketable skills in game design (72%), programming (54%), and digital content creation (49%). 
  • Course Selection: 44% of respondents stated that access to gaming facilities would make them more likely to choose a technology-focused course. 

This data indicates that an esports lab functions as a “third space” on campus, a hub for skill acquisition and collaboration that students are actively seeking. 

 

The Hardware Requirement 

Students are clear about their expectations. Standard library PCs are insufficient for the workloads required by modern degrees. 

37% of students explicitly want high-performance computers to support their coursework. Furthermore, 33% require access to content creation tools. 

To meet this demand, universities must provide industry-standard equipment. This means high-performance workstations and peripherals, such as the Logitech G range, which offer the precision and durability required for both competitive esports and intensive creative workloads like 3D modelling and video production. 

 

XMA’s Proven Delivery 

Data is useful, but execution is what matters. Building these environments requires more than just buying PCs, it requires complex infrastructure planning, security compliance, and strategic procurement. 

XMA has a demonstrable history of delivering specialist facilities for UK universities. Our work with Teesside University to deliver their industry-leading gaming labs, and our engagement with the University of Lincoln to build their esports facility, showcase our capability. We manage the end-to-end process to create robust, high-performance environments that last. 

Discover More

The Verdict 

The argument is settled. Esports labs have a measurable, positive impact on student recruitment and academic outcomes. 

The question is no longer if a university should invest in advanced computing facilities, but when. If you are ready to discuss the design and delivery of a facility that aligns with your institution’s strategic goals, contact the XMA public sector team at enquiries@xma.co.uk today. 

Read The Full Report

Beyond the Hype: How HP and AMD are Delivering Practical AI and Security for UK Businesses

Today’s workplace demands constant adaptation. Hybrid work models require flexibility, security threats are more sophisticated than ever, and the arrival of Artificial Intelligence (AI) is shifting from a future concept to a daily productivity tool. 

Your organisation’s devices are the critical link in navigating these challenges. Sub-par hardware can lead to security vulnerabilities, poor performance in critical applications, and a frustrating experience for your staff. 

This is why we are taking a close look at the new generation of HP EliteBook laptops. Advanced by AMD processors, these devices are built to provide a practical, high-performance, and secure foundation for both public and private sector organisations. 

 

The AMD Processor: A Practical AI Engine 

Several of these new devices are “Next Gen AI PCs.” It means the AMD processors inside include a dedicated Neural Processing Unit (NPU)

In simple terms, an NPU is specialist hardware designed to run AI tasks efficiently. 

  • Instead of: Using the main processor (CPU) or graphics card (GPU) for an AI-driven task (like real-time background blur during a video call or running a local AI assistant). 
  • The NPU handles it: This frees up the CPU and GPU for the work you are actually trying to do. 

What this means for your business:  

  • Better Performance: Applications remain fast and responsive, even during demanding video conferences or when using new AI tools. 
  • Longer Battery Life: The NPU is highly efficient, drawing less power for these common tasks, which is critical for hybrid and mobile workers. 
  • Improved Security: By processing more AI tasks locally (right on the laptop) less sensitive data needs to be sent to the cloud, reducing your attack surface. 

 

Security: A Resilient Foundation 

For any IT leader, security is non-negotiable. For a business owner, a breach is a critical risk. The HP EliteBook series addresses this directly with a multi-layered security approach. 

Models like the HP EliteBook 8 G1a feature HP Wolf Pro Security. Far from being just antivirus software, it is a resilient, hardware-enforced security solution. It provides: 

  • Self-Healing BIOS: Can automatically recover from a firmware attack. 
  • Hardware-Based Isolation: Traps malware in a virtual container to prevent it from infecting the rest of the PC. 
  • Phishing Protection: Helps defend against credential theft from malicious websites. 

This provides the operational resilience required by enterprise and public sector organisations and the “peace of mind” that small business owners need to focus on their work. 

 

A Device for Every Role 

This new HP and AMD lineup provides choice, allowing you to standardise on a secure platform while equipping different users with the right tool for their job. 

  • HP EliteBook 8 G1a 14″ Notebook: This is the premium option for executives and mobile professionals who need top-tier security and AI performance in a portable format. Powered by the AMD Ryzen™ PRO processor, it utilises a dedicated NPU to manage AI workloads locally to extend battery life, while delivering silicon-level security features that mitigate firmware attacks and protect sensitive corporate data. 
  • HP EliteBook 6 G1a/G1ah 14″ Notebooks: These are the versatile workhorses of the fleet. They balance portability with robust performance, including options with the latest AMD Ryzen™ 5 processors and AI capabilities. 
  • HP EliteBook 6 G1ah 16″ Notebook: Ideal for users who need more screen real estate, such as finance teams, data analysts, or developers. It provides the same enterprise-grade features and AMD power on a larger display. 

 

The XMA View: Beyond the Box 

Choosing the right hardware is the first step. Integrating it successfully into your environment is the next. 

As a HP Amplify Power Partner, XMA helps organisations procure, configure, deploy, and manage HP devices at scale. Our specialists understand the specific compliance and security needs of public sector bodies and the efficiency and reliability drivers for private enterprises. 

We provide the tools and services to ensure your new HP devices deliver real business value from day one. 

 

Ready to build a more secure and productive hardware fleet? Contact your XMA Manager today or email enquiries@xma.co.uk to discuss your requirements 

The Multi-Framework Strategy: How to Procure a Complete IT Estate Without the Administrative Headache

University procurement teams are well-versed in the specific mechanisms of UKUPC frameworks. You understand the compliance requirements and the procurement vehicles available. The challenge is not about understanding the frameworks. It’s about the operational burden of managing them simultaneously to deliver a cohesive IT strategy. 

Trying to piece together an end-to-end solution (from data centre to desktop) often involves juggling multiple suppliers, conflicting delivery timelines, and disjointed administrative processes. This fragmentation creates unnecessary friction and increases the workload on your internal teams. 

XMA removes this complexity. We possess the regulatory expertise to navigate the entire framework landscape on your behalf. We do not just hold a position on these agreements, we understand the intricacies of the terms and procurement regulations for each, allowing us to build a compliant, integrated solution that spans your entire infrastructure. 

 

A Single Route for Complex Requirements  

We act as your strategic consolidation point. Instead of raising separate tenders for hardware, software, and infrastructure, you can leverage our position across the board: 

  • Compute & Devices (NDNA & Apple): We execute large-scale deployments of Windows and Apple devices under the NDNA terms you trust, ensuring standardisation across campus. 
  • Enterprise Infrastructure (SSSNA & NEUPC): We architect your backend using SSSNA for servers and storage, and NEUPC for the critical networking layer. We align these complex installs with your device rollout schedules. 
  • Software & Peripherals (SLRA & ITRAP): We handle the granular details (licensing compliance via SLRA and essential peripherals via ITRAP) ensuring no component is overlooked. 

 

Expertise That Reduces Risk  

Our public sector team dedicates itself to understanding the specific procurement rules of these bodies. We ensure that every transaction meets the strict governance and audit requirements you face. By entrusting the navigation of these frameworks to XMA, you release your procurement team from the “heavy lifting” of vendor coordination. 

We deliver the technology you need, strictly adhering to the frameworks you rely on, without the administrative hassle. Talk to your XMA Account Manager or contact us at enquiries@xma.co.uk to start a conversation. 

Frameworks Guide

Practicing What We Preach: A Candid Q&A on Cyber Resilience with XMA’s Head of IT Security & Compliance

In the IT channel, it is easy to talk about security in the abstract. But at XMA, we don’t just recommend security architectures, we live them. As a major IT solutions provider managing critical infrastructure for UK government bodies and large enterprises, we also must be on top of our cyber resilience.  

To be a true strategic Technology Partner, we must practice what we preach. We sat down with Charlotte King, XMA Group’s Head of IT Security & Compliance, to discuss the reality of defending a modern organisation. From the rise of AI-driven phishing to the dangers of the “silver bullet” mindset, here is the view from the inside. 

 

Section 1: The View from the Inside 

Q: As Head of InfoSec for a major IT solutions provider, you see a broad spectrum of threats. Moving beyond the buzzwords, what are the specific, high-risk trends keeping you up at night right now? 

Charlotte King: Firstly, our prevention controls – are they actually working? It’s not enough to have shiny tools, we need to constantly test and tune them to keep attackers out. This is not a “one and done” exercise. It keeps us on our toes every single day. 

Supply chain attacks are a real headache, and we have seen several big ones this year. We rely on suppliers for hardware and software, so if they’re compromised, so are we, and this affects our valued customers. Downtime or breaches in the supply chain can ripple right through our environment and soon become the critical task of the day. 

Phishing is relentless. Email remains a favourite attack vector, and the sophistication of these attacks is only increasing with AI. Finally, our staff – are we doing enough to train and support them? Are our technical teams prepared and well enough resourced to cope with the “business as usual” work and then the swerve balls that can come from suppliers, customers, or our industry partners? 

 

Q: We manage critical infrastructure for customers across the UK, including government bodies. How do we approach our own security to ensure we remain resilient against supply chain attacks? 

CK: We do a vast number of things to help with this. We certify and align to recognised security standards and frameworks. You can’t be an IT company these days without having these external validations of your policies and controls. We have just completed the re-cert for ISO 27001:2022 and have Cyber Essentials Plus next week. 

The audit cycle helps us to be continuously aware of possible weaknesses so we can fix and strengthen them. For us, security isn’t static, it’s not a goal or a destination, it’s our everyday. We’re always assessing our people, processes, and technology, reviewing how we can make it better, stronger, more resilient or efficient. We look at how these multiple layers of security can ensure that if one fails, others stand in the way. 

We have recently made big improvements to our supply chain onboarding. We don’t just trust our suppliers blindly, we vet them thoroughly. 

 

Section 2: The Human Firewall 

Q: Technology is only half the battle. How do you approach security culture at XMA to ensure staff are an active line of defence rather than a vulnerability? 

CK: Technology and processes are only half the battle. We have all sorts of people here at XMA, from technical teams to sales, and the usual back-office support staff too. We have robust staff security training, and we run ongoing simulated phishing campaigns and monthly bulletins to help keep security in everyone’s mind. 

This month our bulletin was for Black Friday and Christmas scams, helping keep our staff safe in and outside of work. I would like to think we also have an approachable security and compliance team. We make it easy for staff to ask questions and report issues. We are also looking at a Security Champions programme to help further embed security advocates in every department. 

 

Q: Phishing remains a primary trigger for security breaches. With the rise of AI-generated content, attacks are becoming harder to spot. What specific “tells” should organisations teach their staff to look for in 2026? 

CK: You’re right, and in fact, AI is making it easier for attackers to craft convincing messages. As a business, we have a strong online presence, so finding who works here isn’t difficult. So, it comes down to our staff to be careful with emails, whilst knowing much of it will be caught by our tools and filters. 

Check URLs and domains carefully. Hover before you click! Watch for odd language or tone. AI can mimic, but it’s not always colloquially perfect. Scam psychology is to provide a sense of Scarcity, Urgency, Authority, or FOMO (Fear Of Missing Out). If the email has that, you don’t recognise the sender, or it seems a bit off, use the easy reporting mechanisms we have at XMA which make it simple for staff to flag suspicious emails. 

 

Q: With the ease of using AI tools, Shadow IT is a growing governance nightmare. How can IT Directors and business owners identify unapproved applications without halting productivity? 

CK: This is always a balance: to permit staff to access tools or applications that allow them to innovate, whilst being secure and well-governed. We publish a clear applications catalogue for staff to use as a first point of call. 

If the application we already have doesn’t meet their needs, we make it easy for staff to find and request approved tools, which then goes through a due diligence process. This allows some flexibility for niche needs whilst meeting security standards. Admin rights are locked down so staff can’t install software without authorisation. 

 

Q: Many organisations have security policies that sit in a drawer and are rarely read. How can businesses create policies that employees actually follow, rather than work around? 

CK: At XMA we have one clear, concise user agreement, signed annually. Keeping it short, simple, and in plain language means staff are more likely to engage with it. We track compliance of this overarching policy, and it forms a key part of our security foundation. Generally, if a workflow is built into technology (perhaps the triage of a suspicious email) that’s better than a dusty process document. 

 

Section 3: Our Vendor-Agnostic Take 

Q: Vendors often promise a single tool will solve all security problems. Why is this mindset dangerous, and what is the reality of building a layered defence? 

CK: Every department has different needs. What works for procurement might not work for sales, so you have to create a layered defence to protect all systems, people, and physical assets. Single tools can fail. Relying on one solution is risky and not resilient. 

Layered defence is key. Using specialist tools that work together, supporting your people and processes, means you can protect your business even if one security system stops working. We’ve seen big security vendors hit by ransomware, configuration changes impacting uptime, and global hyperscalers suffering significant downtime. No security vendor is immune to some kind of failure, so we need to spread our bets insightfully across tools and technology to keep the wheels of commerce turning for our stakeholders. 

 

Q: If a customer (whether an SMB owner or a Public Sector compliance officer) could make one immediate change today to improve their security posture, what should it be? 

CK: Enable Multi-Factor Authentication (MFA) everywhere you can. It’s one of the simplest, most effective ways to block attackers. This is for all areas: social media, work applications, shopping portals. Call out suppliers that don’t have MFA on their applications. Oh, and mandate a corporate password manager too. 

 

 

Need a Strategic Partner who understands the reality of cyber threats? 

At XMA, we don’t just sell technology, we use it to secure our own business every day. Contact your XMA Account Manager or talk to us at enquiries@xma.co.uk to discuss how we can help you build a resilient, layered defence. 

XMA Store

Search
X-twitter Linkedin Youtube
  • EUC
  • AV & Collaboration
  • Infrastructure

Frameworks

Partners

ESG

Events

News & Blogs

XMA Careers

Drop Your Message

Fill in the Form to Download the Case Study

Fill in the Form to Download the Case Study

Fill in the Form to Download the Case Study

Skip to content
Monitoring by Hotjar Monitoring by Hotjar