PEER TO PEER DINNERS

Steve Clarke was joined by Daniel Teacher and Phil Beavan from T-Tech and a select group of senior technology leaders for an insightful conversation centred on the real-world challenges to creating a secure future for a business. 

Several key themes emerged...

The threat is persistent, not just fast.

Cyber-attacks are not just smash-and-grab raids. Many intrusions sit quietly in your systems for months or even years before triggering. You won’t know until it’s too late.

"We’re too small to be a target"

No, you're not! Today's attackers don’t discriminate. Whether you're a global enterprise or a local legal firm, if your defences are weak, you're on the list.

CEOs can’t afford to sit this one out.

Cyber isn’t just an IT issue; it’s a board-level responsibility. CEOs who ignore 2FA, skip incident response planning, or avoid security briefings will put their reputation, or even their freedom, at risk. A tailored approach to CEO education is vital:

• Show them ICO incident reports from their industry

• Link cyber risk to brand, customer trust, & shareholder value

• Show how cyber security is now a competitive differentiator.

Many MSPs and mid-market partners are behind the curve.

Don’t expect your managed service provider to be fully conversant either. If you don’t have a own CIO asking strategic questions, focus on customer outcomes and don’t rest until they’re satisfied. Tools enterprises used are now affordable to the SME market, e.g. SOC-as-a-Service, behavioural detection & cloud-native protection.

Your staff are your weakest link. And your greatest opportunity.

AI has made phishing, spoofing, and deepfakes so easy. But employees don’t need to be experts; they just need to feel safe & confident in how they work. Training must be:

• Bite-sized

• Generationally aware

• About attitude, not just knowledge

• Supported with automation and behaviour-based alerts.

DR & BCP plans aren’t enough.

Cyber-attacks follow different rules to DR/BCP. You need:

• A tested cyber incident response plan

• A decision tree for “switch everything off” moments

• Clear delegation so nothing relies on one person

• Pre-approved comms plans for legal, PR, and regulators.

The insider threats are real.

Sometimes, the hacker doesn’t need to break in; they get a job. Good access

controls, robust onboarding/offboarding, and user monitoring are essential.

Cyber insurance is evolving, fast.

In the US, no 2FA = no cover. In the UK, that's coming. Policies are getting stricter and premiums higher for those that don’t comply.

Key tips:

• Be transparent

• Choose your insurer carefully

• Treat them like a partner, not a fallback

• Use CE+, SOCs, and even Fractional CIOs and CISOs to drive down premiums.

The final message?

Cyber security must not be treated as a cost centre or compliance tick-box. It’s:

• A brand issue

• A customer expectation

• A competitive edge

It’s a never-ending race, not just against hackers, but against your competitors, too.

Is your business truly ready?

Steve Clarke was joined by Mark Rotheram and Emma Portlock from BCN and a select group of senior technology leaders for an evening dinner and discussion at Hotel Gotham, Manchester. 

Is data the lifeblood of the business? 

The evening sparked powerful conversations on the real role of data in driving decision-making and growth.

From strategy to execution, it’s clear: Data isn’t just a resource; it’s a risk, a catalyst, and a culture problem.

Download Steve Clarke’s full reflection below...

Steve Clarke was joined by NormCyber’s CTO Paul Cragg and a select group of CIOs and CTOs from our Tech Leaders Connect community – each deeply focused on protecting their organisations against evolving cyber threats, especially in the current climate of constrained budgets.

Cyber Security: Still Treated Like an IT Problem. That Has to Change.

We had a very honest conversation about Cyber Security because, quite scarily, it still isn't landing with enough force at the top table. And I think we can all agree that cyber security is not just a tech issue. It’s a business-critical risk.

Ask yourself...

How is your organisation elevating cyber beyond IT?

Download Steve Clarke’s full reflection below...