Cyber security and mid-sized businesses: getting the basics right

In recent months we’ve seen a rash of cyberattacks against big organisations – Marks & Spencer, Harrods, and Co-op. The consequences are expensive and embarrassing.

And if giant organisations can get hacked, how does a mid-sized business protect itself? 

When we start with new clients, we talk about ‘getting the basics right’. A fundamental part of that is making sure the IT infrastructure and services are exactly what you need and up to date. If the basics aren’t right, then there’s no hope of looking at ways to use technology to grow the business and get ahead of the competition. 

To provide you with a head start in cyber security, here are the priorities from a CEO’s standpoint.: 

Analyse your risks and plan accordingly.

Create a risk-and-issue log that defines all the risks in the business. Subsequently, prioritise them by level of risk. Then, have a plan for each of them – even if that plan is ‘do nothing’.

Get insured.

Crime insurance covers the loss of money due to theft, fraud, or dishonesty. Additionally, it includes theft by hackers. Cyber insurance covers the losses resulting from a cyberattack. Add both to your portfolio as separate policies, not just add-ons to existing business insurance. 

Train your employees. 

Your people (which includes the CEO!) are the most vulnerable security point in your business. The more they understand what to look for, the better your chances of avoiding an attack. 

Don’t forget systems maintenance and physical security.

Your business won’t be safe if your offices aren’t secure, or your company devices are left sitting unattended outside the office. All systems and services – particularly those connected to the ‘outside world’ – must always have the latest software patches.  

Get certified.

A good place to start is Cyber Essentials Plus, which will prove to customers you take security seriously. You may also benefit from ISO27001, an international certification. 

The above priorities aren’t necessarily easy. But they’re not onerous, and they’re worth your time. Moreover, a mid-sized business doesn’t have the resources to bounce back from a cyberattack like M&S. However, with the right steps, you’ll greatly reduce the chance of a breach – and still have a viable business in the event of one.

You can get more details about the basics in our new report: Solving cyber security risks in 2025: six steps to a safer business. Or if you have got questions about any of these priorities, get in touch. We’re always up for a helpful, no-pressure chat – about cyber security or any other IT-related aspect of your mid-sized business.