The woman who oversees America's spies used the same piss-weak password across multiple accounts for years. If Tulsi Gabbard, the bloody Director of National Intelligence, can't manage basic password security, what hope do the rest of us have? This isn't just government incompetence, it's a wake-up call. When the person responsible for protecting national secrets treats cybersecurity like a Sunday crossword, every business owner needs to ask themselves: are my security practices any better? The answer will probably make you sick to your stomach.

Your board meeting was spectacular. "Cloud transformation complete! 40% cost reduction!" The CEO used "digital excellence" without irony. Three days later, 590 million Ticketmaster records were for sale.

The Snowflake breach wasn't sophisticated hacking—attackers used 2020 passwords from contractor gaming PCs that nobody changed. AT&T lost "nearly all" wireless customer data. Santander: 30 million records including account balances. None had basic multifactor authentication. While executives celebrated digital transformation, cybercriminals exploited the fundamental misunderstanding that cloud security is someone else's problem. The shared responsibility model? Perfect excuse for everyone to assume the other guy handles security.

It's 2025. You're reviewing quarterly security metrics, feeling pleased with zero phishing attempts. Meanwhile, the developer who pushed code yesterday is funnelling his salary to Kim Jong Un's nuclear programme.

One facilitator helped infiltrate 300+ US companies, generating $6.8 million for weapons development. Google found them applying to Google. Cybersecurity vendors accidentally hired them.

If the experts are getting played, your HR department doesn't stand a chance. They're not just collecting paycheques—they're systematically funding WMDs while your compliance team ticks boxes about background checks.

Pull up a chair. We need to talk about something that's going to make your skin crawl.

While your sales team struggles to get prospects to return a bloody phone call, Iranian threat actors are convincing your employees to hand over the keys to your digital kingdom with the kind of charm and persistence that would make a used car salesman weep with envy. These aren't basement dwellers sending "Nigerian prince" emails—they're sophisticated operations turning social engineering into an art form while most organisations treat it like a compliance checkbox.

When fake job offers become delivery mechanisms and your "cybersecurity awareness" training is more obviously fake than actual attacks, you've got a problem that technical controls can't solve.

In one of 2025’s most disgraceful breaches, Lawcover — the indemnity insurer for thousands of lawyers — exposed the personal and financial data of judges and solicitors through an unencrypted SharePoint backup. It’s not a sophisticated hack; it’s old-school negligence.

Five-year-old legal records, sensitive case data, and passport numbers were all left to rot in the cloud. The incident highlights just how dangerously out of touch the legal sector is when it comes to basic cyber hygiene. In this brutally honest breakdown, we unpack what went wrong, why it matters for the UK, and why your supply chain is now your attack surface.

Your IT provider just became your biggest security threat. The DragonForce ransomware gang didn't break down your front door – they got handed the keys by exploiting the very tools meant to protect you. While you've been worrying about suspicious emails, criminals turned SimpleHelp and other RMM software into weapons of mass destruction.

One compromised MSP means hundreds of businesses infected in minutes. The attack already happened. The vulnerabilities were known.

The warnings were ignored. And right now, your business is probably running the same vulnerable tools. The only question is: are you next, or are you prepared?

Cybersecurity isn’t IT’s job anymore, it’s yours. Ransomware doesn’t spread because hackers are clever. It spreads because leadership keeps treating security like plumbing: fix it when it breaks.

This final part in our trilogy calls out the boardroom silence, the risk registers no one updates, and the plans that never get tested.

If your business is still relying on hope, luck, or “that one guy in IT,” you’re not secure you’re surviving on borrowed time. This isn’t fear-mongering. It’s your final warning.

Cyber insurance isn’t a silver bullet and claim denials are rising fast across the UK. Whether it’s poor security hygiene, policy exclusions, or failure to meet basic requirements, many businesses are learning the hard way that they’re not actually covered when disaster strikes.

This guide breaks down why insurers are rejecting claims, what Cyber Essentials (and Plus) have to do with your insurability, and why your MSP might be part of the problem.

If you’re relying on a policy you haven’t read, or assuming “we’re covered” because someone said so once in a meeting, you’re playing a dangerous game.

Cyber insurance only works if you do too and most businesses simply aren’t. Find out how to change that before it’s too late.

Every UK business has a fire plan. Most have flood plans. Some even worry about theft. But ask what happens when ransomware encrypts every file and locks you out of your own systems? Silence. No plan. I just crossed my fingers and am praying to the cyber gods. While you’ve invested in fire extinguishers and insurance policies, attackers have invested in your network.

Your business isn't ready without a tested, documented, and rehearsed cyber recovery plan. You’re vulnerable. And no, your MSP’s vague promise of "we’ve got it covered" won’t hold up in front of the ICO, insurers, or customers. It’s time to face the truth.

You’ve prepared for everything, except the thing most likely to ruin you.