19 articles
Noel left us unsupervised, two bottles of Prosecco, and a microphone. What followed was a serious conversation about the security vulnerability nobody likes to name: overconfidence. The kind that sounds completely reasonable in a meeting — and has preceded some very expensive afternoons.
Read more →
The acting head of America's cybersecurity agency just uploaded government secrets to ChatGPT. Meanwhile, a Dublin IT manager discovered £18,000 worth of unused incident response services sitting in his cyber insurance policy. Passkeys can eliminate phishing attacks completely. And those viral Trump cloud cartoons? They're exposing the infrastructure dependency crisis threatening UK businesses. Four critical cybersecurity stories. Three expert guests. 45 minutes that could transform how your bus
Read more →
Graham Falkner told me before recording that small businesses don't need formal cyber risk registers. By the end of Episode 31, he'd completely changed his mind. UK government data shows only 27% of businesses have board-level cyber security responsibility, down from 38% in 2021. Meanwhile, 43% got breached and 28% of SMEs say a single attack could put them out of business. The evidence is overwhelming. Risk registers aren't bureaucracy - they're systematic thinking applied to survival. This epi
Read more →
What if I told you the biggest cyber threat to your business isn't hackers, but your office printer? Sounds mad, right? That's what a 30-person marketing agency thought before someone accessed their client files for weeks through an HP printer with factory default credentials. Episode 30 reveals the devices everyone forgets are computers: printers storing documents, CCTV systems livestreaming your premises, thermostats providing network access. Currently Top 12 in Apple Podcasts Management categ
Read more →
Most people copy what the big players do and call it a cyber strategy. That works for them. It probably kills you. This episode flips the script. Instead of worshipping best practice, we dissect the car crashes. Target, Equifax, Colonial Pipeline and SolarWinds. We ask one question. What actually went wrong and have you quietly made the same mistakes in your own business. If you run a UK small or mid sized firm and feel lost in security buzzwords, this is your shortcut. Learn from other peoples
Read more →
Yes, you read that correctly. Prison time for directors who allow catastrophic cybersecurity failures. Before you close this tab in horror, hear me out. We already send directors to prison for health and safety failures. Workplace fatalities dropped 85% after the Health and Safety Executive got proper enforcement powers. The ICO? They send sternly worded letters whilst breaches affecting millions go unpunished. Today, Mauven and I lay out exactly what a proper UK cybersecurity enforcement regime
Read more →
This week, we established why directors should face criminal prosecution for gross cybersecurity negligence. We examined the Synnovis case where a patient died because free MFA was not enabled. We provided technical analysis, psychological examination, and practical implementation guides. Saturday's opinion piece argued forcefully for criminal liability. Next week, we move from "why" to "how." What would a Corporate Cyber Negligence Act actually say? What are the thresholds between bad luck and
Read more →
On 3 June 2024, a patient arrived at a London hospital A&E feeling unwell. A blood test was ordered. The patient waited. The medics waited. They all waited some more. The patient died. Why? Ransomware had shut down blood testing at Synnovis, the NHS pathology provider. The security control that would have stopped it? Multi-factor authentication. Completely free. Built into every platform. The consequences for executives who chose not to enable it? Nothing. In this episode, we ask the uncomfo
Read more →
Ofcom admits it is monitoring VPN use across Britain with a secret AI tool and unnamed data sources. That should worry any small business that relies on encrypted links for daily work. The tool cannot tell a secure office connection from someone dodging age checks. Section 121 still sits in law, ready to force scanning of encrypted chats. Does that sound like a free internet to you? Document your use. Keep your controls tight. Ask your MP why this is acceptable. Do you want regulators watching y
Read more →
Why do smart people keep making the same catastrophic mistake? Cut security spending, congratulate themselves on efficiency, watch everything fall apart, spend vastly more recovering. It's not ignorance. It's psychology. Measurable costs are visible, politically defensible, easy to justify cutting. Invisible value is theoretical until it disappears. CFOs get promoted for cutting £50,000 from budgets. Nobody gets promoted for preventing breaches that don't happen. This asymmetry creates systemati
Read more →
Manchester marketing agency, 28 staff, £2.4M revenue. CFO proposed cutting security training: "£12,000 annually for slides nobody watches." Board agreed. Six months later, junior account manager clicked phishing link in fake client brief. No training meant she didn't recognise warning signs. Credentials stolen, ransomware deployed, three weeks offline. Recovery costs: £190,000. ICO investigation: inadequate training documented. They saved £12,000 and spent £190,000 learning what training actuall
Read more →
Stop cutting security costs based on gut feel and budget pressure. Start using actual frameworks that calculate downside risk. This practical guide walks you through evaluating any security spending decision: What's the notional function versus actual value? What's the cost of being wrong? What's the expected cost multiplied by probability? What invisible value disappears when you cut this? Includes checklists, decision trees, and real cost calculations for training, MFA, insurance, IT staff, an
Read more →
I've watched businesses make the same catastrophic mistake for 40 years. They look at security costs through a narrow efficiency lens, define roles by their obvious function, cut them to save money, and completely miss the invisible value. Until it's gone. Then they spend 10 times more fixing what they broke. The doorman fallacy explains every stupid IT decision I've ever seen: training cuts that cost millions in breaches, MFA removal that gifts credentials to attackers, insurance cancellation t
Read more →
What's the most expensive cost-saving decision you can make? Firing your hotel doorman and replacing him with an automatic door. Saves you £35,000 a year in salary, costs you £200,000 in lost revenue because your hotel just became ordinary. This isn't about hotels. It's about every IT budget cut I've seen in the last 40 years. New episode drops today: The Doorman Fallacy, or How to Accidentally Destroy Your Business Whilst Congratulating Yourself on Efficiency Gains. Featuring examples that will
Read more →
Security vendors are playing you for fools, and they're getting rich doing it. Every week I watch UK business owners waste £20,000 on "comprehensive cybersecurity platforms" when they needed £5,000 of basic IT security. The industry deliberately muddies the difference between InfoSec, CyberSec, and IT Security because confused customers pay premium prices for inappropriate solutions. Meanwhile, 50% of small businesses were breached in 2025, proving that expensive confusion doesn't equal protecti
Read more →
Security vendors are playing you for fools, and they're getting rich doing it. Every week I watch UK business owners waste £20,000 on "comprehensive cybersecurity platforms" when they needed £5,000 of basic IT security. The industry deliberately muddies the difference between InfoSec, CyberSec, and IT Security because confused customers pay premium prices for inappropriate solutions. Meanwhile, 50% of small businesses were breached in 2025, proving that expensive confusion doesn't equal protecti
Read more →
Every week I talk to UK business owners who've just spent £20,000 on "comprehensive cybersecurity platforms" when they needed £5,000 worth of basic IT security. Or they've paid consultants to develop "enterprise information security frameworks" for 15-person companies that can't keep Windows updated. The security industry profits from keeping you confused about InfoSec versus CyberSec versus IT Security. This week's episode cuts through the bollocks to explain what each term actually means, what
Read more →
Manchester marketing agency hemorrhaged £800 monthly on cloud storage chaos. Four different platforms, zero coordination, Dave from IT drowning in strategic decisions while fixing printers. Classic small business approach: solve today's problem with today's solution. Six months after engaging fractional CIO services: single integrated platform costing £450 monthly, unified data governance, actual strategic roadmap. Annual savings of £4,200 paid for strategic guidance while delivering competitive
Read more →
Too many UK small businesses still believe they’re “too small to hack.” It’s the most dangerous myth in business today. With 96% of cyberattacks targeting SMEs and 60% of victims closing within six months, denial is a death sentence. This article pulls apart the excuses business owners use, exposes the real-world costs of breaches, and explains why simple, affordable steps like Cyber Essentials, MFA, patching, and staff training are the difference between survival and closure. Think you’re too s
Read more →