Introduction

At our recent TrustLayer x NetUtils roundtable, we brought together senior leaders from across sectors to discuss how organisations are thinking about trust, cyber risk, AI, compliance and resilience in a fast-changing environment.

What stood out immediately was this:

Different industries, same journey.

Different constraints, but remarkably similar challenges.

Trust is no longer about control

One of the strongest themes from the discussion was a shift in how trust is understood.

It’s no longer about confidently stating that controls are in place.

Threats are evolving too quickly for any single control framework to keep up.

Instead, organisations are recognising the importance of:

Transparency.

Acknowledging what cannot be controlled.

Open conversations about residual risk.

Trust is built through openness, evidence and honest conversations about risk, not overconfidence.

The shift from systems to behaviour

Another critical shift is where trust sits, and a recurring theme was that cyber incidents are rarely just technical failures.

Most major incidents are not caused by missing technology, but by:

People being impersonated.

Social engineering.

Human decision-making under pressure.

Policies and controls remain essential, but they are only a part of the picture.

The way people behave, escalate concerns and respond to uncertainty is increasingly central to resilience.

Technology can reduce and mitigate risk, but behaviour often determines the outcome.

AI: moving faster than Governance

AI continues to reshape the landscape.

Across the group, organisations are:

Restricting usage to approved tools (e.g. Copilot, Gemini).

Allowing controlled experimentation (ChatGPT, Claude).

Expanding enterprise controls.

But one point was consistent:

AI strategy is constantly evolving, because the technology itself is evolving.

AI is not waiting for governance to mature, so organisations need practical guardrails that can evolve quickly.

Zero Trust: powerful, but not absolute

The principle of Zero Trust: trust nothing, verify everything, remains widely accepted:

However, the reality is more nuanced.

Organisations are finding:

Implementation is complex.

Full adoption is difficult.

Trade-offs between usability and control are unavoidable.

Zero Trust is a direction, not a fixed destination. It’s powerful, but must be applied pragmatically.

Governance creates trust

In fast-moving environments, particularly with AI, governance plays a critical role.

Trust increases when ownership is visible, accountability is understood, and risk decisions are made openly.

By contrast, uncertainty grows when responsibility is unclear or when risk is treated purely as a compliance exercise.

Strong governance doesn’t slow innovation: it enables it by creating clarity and the conditions for trust.

Compliance: it’s about evidence

A particularly strong viewpoint emerged around compliance:

It’s not about which framework you adopt.

It’s about whether you can demonstrate that your controls actually work.

Across industries, organisations face:

Audit pressure.

Legacy systems.

Overlapping requirements.

But the expectation is increasingly the same:

prove it works in practice.

Culture is the differentiator

Perhaps the most human insight of the day:

When risk is treated as compliance (or a box-ticking exercise) → it gets hidden

When risk is part of decision-making → issues surface early and can be addressed more effectively

Culture determines whether organisations:

React late.

Or learn quickly.

A Shared Reality

The biggest takeaway?

Everyone is dealing with the same core issues:

AI acceleration.

Third-party and supply chain risk.

Compliance complexity.

Data sovereignty and infrastructure control.

Budgets and resource constraints.

The need for greater resilience and accountability.

Different industries. Different scales.

But the same underlying pressures.

Closing Thought

The roundtable was a reminder that trust is not a static concept. It is built through transparency, evidence, clear ownership, and the way organisations behave when uncertainty is unavoidable.

If these challenges resonate with your organisation, we’d welcome the conversation. Book a demo with our team now, and see how TrustLayer helps organisations evidence trust, manage third-party risk and strengthen cyber governance.