Contents:
When I speak to NHS cybersecurity staff, one particular issue comes up time and again: technology fragmentation.
IT staff at NHS trusts typically work with dozens of security point solutions to try and keep their environments secure. But using all these different tools often just causes further confusion. There are more tools to monitor, more alerts to analyse, and less clarity.
All this fragmentation leads to what I call ‘agent fatigue’.
So, what is agent fatigue, and how can NHS trusts avoid it?
What is agent fatigue?
‘Agent fatigue’ is an increasingly common issue that I see among cybersecurity professionals in most industries (not just the healthcare sector).
It is the idea that cybersecurity teams are deploying ever more security agents and tools to meet their growing security needs. Unfortunately, this results in slower systems, higher costs, and a bigger attack surface.
Agent fatigue happens when:
- Too many agents overload endpoints, resulting in performance problems
- Using loads of tools just gets time-consuming and confusing
- Security staff get conflicting alerts from different tools
The biggest issue with agent fatigue is that it can actually make you less secure. If IT staff are getting dozens of security alerts from multiple tools, they just cannot stay on top of everything. Psychologically, they start to check out, ignoring anything that doesn’t seem super urgent – and potentially letting something dangerous slip through.
NHS trusts are facing agent fatigue
A couple of years ago, I joint-hosted a webinar with Simon Sleightholm, NHS Northumbria’s cybersecurity lead. I’ll quote Simon at length here, because his experience is really illustrative of what I mean by ‘agent fatigue’:
I can only talk really about the frustrations we have where one tool comes up and suggests something’s going on with a device, and you’re basically going to cut and paste the IP address or the machine name out of that tool and paste it into another one to get that tool’s view of it and piece together the evidence… Building all that together from separate tools can be really time consuming, particularly when something looks like a massive threat in one tool but it takes you a couple of hours to establish from the other tools that actually it’s an anomaly.
Simon’s experience is so revealing – and so common. Agent fatigue comes from the time he has to spend using multiple tools from different vendors to try and get to the bottom of a single alert.
The stress of thinking you could be in the middle of a breach, only for it to turn out to be nothing. All that confusing context switching between security apps with different user interfaces. It’s tiring, stressful, and demotivating.
And Simon is definitely not alone here. At the March 2025 Convenzis event (NHS Cyber Security Conference: Future-proofing the NHS), I asked the audience of NHS IT leaders if the issue of too much tooling was a problem for them – and got a pretty resounding ‘yes’.
This all tallies up with a 2025 UK government review of digitalisation across the public sector. The report notes that “fragmentation is a feature of the system”.
Why do NHS trusts end up with too many cybersecurity solutions?
Now, NHS trusts aren’t buying dozens of cybersecurity tools for the sake of it. In fact, there are very good reasons for doing so:
Regulatory
Trusts have to invest in new tools to comply with regulations. For example, the newish CAF framework means most NHS trusts need to have security tooling for things like identity and access control, risk management, security monitoring, supply chain monitoring, and much more. If you don’t yet have tools to do all these things, you’re legally required to go out and source them from the market.
Hundreds of point solutions
There are literally hundreds of cybersecurity companies selling point solutions that help address specific security issues. These tools have often evolved to address new threats. It makes sense to use them, but this comes at a cost to simplicity.
Sunk costs
Many NHS trusts have already spent funds on multiple point solutions from different vendors. While it’s frustrating when these tools don’t talk to one another, it seems logical to keep using them if you’ve already invested in the tech.
Realities of the sector
Most NHS IT staff that I speak to know they have an issue with too many apps and tools. The reality, however, is that cybersecurity is always going to take a back seat in organisations where patient care is the top priority. Let’s be honest – funding is tight in the NHS today, and few trusts have the budget for a massive cybersecurity overhaul (even if it would save them money in the long term). Spare cash will almost always be invested in patient safety.
The solution: a unified cybersecurity platform
Agent fatigue is not an issue restricted to the NHS. It’s something we see with the tens of thousands of customers we work with around the world, in all sectors. Put simply, too many organisations are using too many security tools.
And that’s why we developed our unified cybersecurity platform.
Our platform gives you a single pane of glass view of your entire security posture. You can then add cybersecurity modules to the ‘central’ dashboard, depending on your particular needs. Rather than purchasing multiple tools from multiple vendors, we offer a core security platform. So, you’ll only pay for the additional tools you want and actually use.
While we believe we offer some of the best tools on the market, our platform is still relatively open. We don’t force our customers to drop all their existing tools. We can connect with many of your pre-existing cybersecurity apps to collect data and feed this into our central dashboard.
Our platform approach works in different ways for different organisations. Take Mid Cheshire Hospitals NHS Foundation Trust (MCHFT), for example.
When they first began working with us, they used our core product set, and extended it with our Application Control tools. Soon after, they added on a Remote Desktop functionality too, to securely operate in a world of hybrid work.
By comparison, Greater Manchester Mental Health NHS Foundation Trust (GMMH) use our core services but chose to extend it with our Patch & Asset Management for third-party patching.
The two trusts pick and choose the specific tools they need to extend the Heimdal platform. If they need to add or remove apps in future, it takes just a few clicks of a mouse to make the changes.
A platform approach reduces agent fatigue
I really believe our platform approach can solve the root cause of much agent fatigue, and offers tons of benefits:
Saves time
A platform approach means all your information, alerts and commands are managed in a single, central place. You don’t have to constantly switch between platforms to investigate what’s happening.
It’s less tiring
Managing thousands of cybersecurity alerts for an NHS trust is tiring and stressful work. I’m not going to pretend switching to Heimdal’s platform will make it a bed of roses! But it does make your work a lot smoother, less confusing, and means you can fix problems faster.
Improves morale
On a related note, having a unified security platform can improve employee morale. Rather than being overwhelmed with endless confusing notifications and having to jump around multiple tools, staff can just get on with what they do best: investigating possible breaches and closing them down. Dare I say it, but I think it can bring the ‘fun’ back into being a security analyst.
It’s more effective
Bringing your security tools into one place means you get a single view of threats, and can manage everything more seamlessly. This can make monitoring and responding to threats a lot more joined up and means your security function is more effective.
Saves money
I really believe that using a platform approach can save a lot of money for your trust’s IT budget. By rationalising your security spending and replacing multiple tools with a single vendor, you can really cut costs.
Time to end agent fatigue in NHS cybersecurity
Having spoken to dozens of NHS cybersecurity teams (Heimdal currently serves almost 30 NHS trusts in the UK), I really believe that agent fatigue is a big issue across the board. Time and again, we see the same issues: overstretched staff using multiple security tools feeling swamped and confused by a blizzard of notifications.
By using our unified platform approach, NHS trusts’ cybersecurity teams can become far more efficient and productive, and end agent fatigue. Want to see how it could help you? Contact us today for a demo.
Frequently asked questions
What savings and improvements can Heimdal’s unified platform offer to NHS trusts?
There are countless ways our unified security platform can help NHS trusts. For example, in a recent deployment with one trust in England, we deployed our PAM tool to around 7,000 devices. Within just a couple of hours, we’d rolled out more than 11,000 patches across their ecosystem.
What if an NHS trust has custom software?
Many NHS trusts we work with have built custom software for everything from clinical services to procurement tools to staff scheduling apps. Our unified platform can comfortably monitor all these apps for potential suspicious activity, help install patches to them and scan for threats – in the exact same way we do for apps from third party publishers.
What are Heimdal’s SLAs for NHS trusts?
We work with customers around the world and have a strong reputation for quality and reliability. SLAs depend somewhat on the tools and services you use. But to give you a taste, we offer a four-hour SLA for third-party patch testing and rollout and have a team monitoring and testing for patches 24/7, every day of the year.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube.