Organisations in the education, public and third sectors are under growing pressure to govern data securely, respond to cyber threats, and implement technologies like AI in a way that’s responsible, ethical and legally sound. For many, this challenge is made harder by legacy systems, regulatory complexity, and limited in-house capability.

I’m Craig Clark, a cyber and information governance leader and Director of Clark & Company Information Governance Services.

With over a decade of experience helping universities, councils and national bodies navigate risk, achieve compliance, and build trust in how they manage data and digital services.

My approach is practical, risk-led and focused on measurable outcomes. Whether it’s recovering from a “no assurance” audit, resolving DSAR and breach backlogs, or embedding ethical AI governance frameworks, I bring clarity and calm under pressure — without jargon or hype.

Highlights include:

• Securing £5M+ in cyber investment across education and public services
• Training 13,500+ staff and students in cybersecurity, data protection and AI literacy
• Leading national advisory work on AI governance in education (Jisc, UCISA)
• Designing board-level KPIs, ARC reporting, and cyber risk appetite frameworks
• Transforming struggling privacy programmes under intense scrutiny and budget constraints

I’ve supported 25+ institutions with tailored, high-impact strategies across cyber maturity, compliance uplift, and culture change — acting as advisor, interim CISO/DPO, or embedded partner. I also lead Clark & Company, a sector-specialist consultancy delivering pragmatic, audit-ready solutions across the UK.

If your organisation needs support navigating complex regulatory demands, improving resilience, or adopting AI responsibly, I’d welcome a conversation.