Painting the Forth Bridge and Cyber-Security

I recall marvelling as a child that painting the Forth Bridge was a job that never ended. When the team reached the far end it was time to begin again from the now peeling start. Then suddenly, in 2011, improvements in paint technology allowed this continuous effort to pause.

The endless cycles of security patching and updating software remind me of the Forth Bridge. How we all wish for a technology so good that we, like the painters, could take a 20 year break.

Clients often ask me to help them decide whether the security benefits of updating software outweighs the risk of outages caused by implementing the changes. This tradeoff is a real dilemma with no easy answer.

Fortunately the cyber-security world has a way out denied to bricks-and-mortar or steel-and-paint physical world. We can use automation to make updates easier and safer. Modest investments in inventory discovery, patch management, and canary systems take the sting out of continuous updating. This is important because, like rust, “software rot” is real and insidious.

AdDuplex’s(a) recent survey shows over 61% of Windows 10 users running a release over a year – two full releases – behind the latest. While those companies are reaping immediate ease by discounting the future, their more pro-active competitors are actively benefitting from the latest features and by replacing outdated applications, typically with cheaper and more flexible cloud alternatives.

The Forth Bridge will next need repainting in 2031. I hope that those currently responsible will have the wisdom to keep putting money aside for the eventual repainting, and that in 2031 they will have the courage to resist the temptation of “just” a few more years delay.


InsurTechnix’s CyberSentinel is a simple management information tool auditing and reporting to the C-suite on all aspects of cyber-hygiene. To learn more reach out to us at