Higher education faces a threat landscape that traditional compliance frameworks were never designed to withstand. Attackers no longer rely on sophisticated code-based intrusions — they exploit legitimate business processes such as procurement, supplier onboarding, and case management. In a sector that runs on SaaS, the central challenge has become trust: how do universities know their vendors are genuinely secure, and how do vendors prove it?

This session confronts an uncomfortable truth: certifications alone no longer demonstrate genuine resilience. Compliance is the floor, not the ceiling — and the gap between "certified" and "resilient" is exactly where today's attackers operate. That gap only grows as AI-enhanced attacks lower the barrier to exploiting vulnerabilities.

But the answer isn't more tick-boxes. It's partnership. When a breach at one vendor can cascade across the sector, your security posture is only as strong as the partnerships behind it.

Drawing on real-world experience, this session explores what a community-led model of shared cyber resilience looks like in practice — and how universities and their technology partners can move beyond compliance toward security that is transparent, tested, and defended together. Because resilience is a team sport, and our strongest defence is each other.