A vision for secure and resilient housing
John Fay MBE doesn’t deal in jargon. He speaks clearly about systems, culture and what happens when they fail. When I met him, I expected a ‘deep dive’ into cyber-security. What I received instead was a masterclass in leadership, resilience and the hidden vulnerabilities inside the organisations that house millions of people across the UK.
His credentials span defence, government, energy and now housing. Through his work with XypherSecurity and DeltaV Partners, he’s helping organisations rethink their approach to cyber-security and operational resilience. His message? Technology is part of the solution, but without strong leadership and the right culture, it’s not enough.
Fay said, “Cyber-security isn’t just about the server room, it’s also about the boardroom. If leaders don’t understand the risk, the entire organisation is exposed.”
Building fortresses
Fay believes that too many housing providers still rely on outdated, reactive models; after all, firewalls are just barriers. What is now needed are fortresses – structures built to withstand evolving threats through vigilance, clarity of purpose and cross-functional teamwork.
It starts at the top. Boards must understand that cyber-risk is a business risk. They don’t need to be technical experts, but they do need to know which questions to ask, what red flags to look for and how to build accountability into every layer of the organisation.
From there, it’s about shifting mindset. IT should not be siloed. Staff should be trained to recognise threats. Supply chains must be tested and verified. Security becomes an organisational habit, not an annual project.
Zero-trust frameworks
Fay champions the concept of a zero-trust architecture – a practical, proven framework that assumes no user, system or device should be trusted by default. He extends that philosophy beyond technology. He said, “Zero trust is about never making assumptions. It’s about always verifying processes, people and behaviours.”
Guardians of sensitive data
This shift is especially urgent in our sector. Housing providers hold sensitive data on vulnerable people so a breach isn’t just a reputational issue. It can erode trust, disrupt lives and trigger legal, reputational and financial consequences.
Despite this, Fay remains optimistic. He said, “The housing sector is full of committed professionals. What’s needed is clarity, not complexity. And that starts with senior leadership teams who treat resilience not as an IT issue but as a strategic pillar of their organisation.
In his view, cyber-security is no longer a technical niche. It’s a leadership discipline and a culture, and it’s fundamental to the social contract that housing providers have with their tenants.
The firewall era is ending; the future belongs to fortresses.
Operational questions
For boards and operational leaders seeking to assess their current posture, start by asking:
- Do we have clear, board-level accountability for cyber-security and operational resilience?
- Are our people trained to recognise and respond to threats?
- Do we understand the risks in our vendor and data ecosystems?
- Are we applying the principles of zero trust beyond our IT systems?
Fay’s approach isn’t about fear, it’s about readiness. And for the UK social housing sector, that readiness might be the difference between disruption and resilience.
George Grant is the CEO, publisher and co-founder of Housing Technology.
