A finance team is trying to finish the month-end payment run. Dave has a list of invoices open, a supplier has already chased twice, and the team wants to avoid holding up a project that depends on the payment being made. Nothing about the morning feels unusual. It is busy, but it is the kind […]
The Moment That Doesn’t Look Like Risk A message comes through on Teams. It appears to be from someone senior: short, direct, and straightforward. They need something sorted quickly. There is a sense of urgency, but nothing that feels unusual or out of character. Requests like this happen all the time, particularly when work is […]
The Reality of Workplace Decisions There’s an assumption built into most cybersecurity training. That when an employee is faced with something suspicious, they will recognise the moment, pause what they are doing, and apply what they have been taught. That they will step out of the flow of work, assess the situation, and make a […]
In our previous article, Why Knowledge Alone Isn’t Enough, we explored why traditional cybersecurity awareness training often fails to prevent real-world cyber incidents. Cybersecurity incidents are frequently attributed to human error. An employee clicked a malicious link, approved a fraudulent payment, or shared information with someone they believed to be legitimate. These explanations are common […]
Cybersecurity has become part of everyday conversation in modern organisations. Major ransomware attacks, data breaches, and online fraud incidents are now widely reported in the news, and most employees are well aware that cyber criminals regularly target businesses through phishing emails, fraudulent messages, and other forms of social engineering. In response, many organisations have introduced […]
Charities occupy a unique position within society. They exist to support communities, protect vulnerable individuals, and address challenges that many other organisations are not equipped to handle. From local community initiatives to large international organisations, charities are built on trust — trust from donors, volunteers, beneficiaries, and the public. People contribute their time, money, and […]
A finance assistant receives an email from a long-standing supplier. The tone is familiar. The branding is correct. The request is straightforward: bank details have changed, and future payments should be redirected to a new account. Nothing about the email feels dramatic. It does not look like a cyberattack. It looks like admin. In that […]
For a long time, cybersecurity awareness was treated as a reasonable endpoint. If staff had completed the training, clicked through the module, and acknowledged the policy, organisations could confidently say they had done what was required. Awareness was something you could evidence, report on, and move on from. That approach made sense in a world […]
Most cyber training is built on a quiet assumption: that when a security decision matters, people will have the time, focus, and mental space to make a good one. That assumption is rarely questioned, and it underpins everything from awareness sessions and policies to how incidents are later explained. Yet it sits uncomfortably with how […]
If you sit in enough meetings about risk, compliance, or “cyber”, you start to notice something interesting. The language changes, but the assumptions rarely do. Cybersecurity and information security are used as if they’re interchangeable. Different words, same meaning. Same budget line. Same responsibility. Most of the time, no one challenges that assumption. It feels […]
