Membership bodies, charities, and sports clubs sit on a gold mine of data that criminals can use. The question is no longer whether your organisation is big enough to matter but rather whether your systems, accounts, devices, and suppliers are vulnerable to exploitation. The UK position is clear: the Information Commissioner’s Office (ICO) expects organisations

If you run a multi-site restaurant group, you already know where most of your real risk lives. It is not in a rack of kit in a comms room. It is on the floor, in the middle of service, when a manager under pressure opens a message that looks routine enough and clicks before they

Why trustee accountability has changed Picture a membership body that has just discovered a data breach. The systems are back up, but the first questions from regulators are for the trustees: Those questions capture how far trustee accountability in the digital age has moved beyond “did we buy the right software”. For membership bodies, accountability

If security were simply about fancy tools, UK organisations would be immune to high levels of disruption from relatively routine cyber incidents. Spending on security technology is on the rise but so (as the UK government’s latest Cyber Security Breaches Survey makes clear) is cybercrime. Data shows that just over four in ten UK businesses – and

What’s the point in spending tens of thousands on security infrastructure, getting it all configured properly, running penetration tests which come back clean only to have, three months later, someone in accounts clicking on a fake invoice and compromising the entire network.  I’ve been thinking about why this keeps happening, and I don’t think it’s actually