Combat Cybercrime Before It’s Too Late -

lloyds insurance london pexels-panas-2467651

This piece is by Jonathan Sharp, CEO, Britannic Technologies

This year cybercrime has been like a tsunami taking down several well-known enterprises including Jaguar Land Rover, M&S, Harrods, Co-op, Renault and even a nursey, Kido. Costing companies billions, having to reduce staff and putting some suppliers out of business. Cybercrime is now a national emergency and the National Cyber Security Centre (NCSC) and the National Crime Agency announced they cannot fight cybercrime alone. Putting the onus on businesses and organisations to secure their systems and data, and prioritising cybersecurity as a critical agenda item, embedding it into every decision they make.

The frightening and alarming aspect is that cybercriminal groups like Scattered Spider and Scattered Laspus$ Hunters consist of teenage hackers, some from the UK. The cybercrime business model is successful and profitable, and the lure of making a lot of money and the kudos received is too tempting for some of the Gen Z to resist. But the crimes will NOT stop unless we educate young adults of the dangers of cybercrime, companies stop paying the ransoms and businesses ensure that its cybersecurity strategy is top of their agenda.

Don’t Pay Up

The National Cyber Security Centre (NCSC) and the National Crime Agency advise businesses not to pay the ransom because it encourages cybercrime and the criminal’s win. In January 2025 the government proposed a ban on the public sector organisations from making ransomware payments. However, this is a very grey area littered with loopholes especially if it is extended to the private sector.

Businesses that suffer from a cyber-attack demanding for ransomware often contact their insurance provider and/or the NCSC so they can negotiate a cheaper ransom. It’s a catch 22 if they don’t pay up and can’t operate then will the government support them to get back? If not, then they may have no option but to pay up.

Education is Key

Young people need to be educated about the dangers of cybercrime and taught cybersecurity and ethical hacking. Talking about the dangers of cybercrime and showing them case studies of the perpetrators that got caught and went to prison. This needs to be actioned now with secondary schools, colleges and universities working together with government organisations such as the National Cyber Security Centre and the National Crime Agency. Making cybersecurity jobs cool, glamorous and exciting informing the young people they can have well paid careers as spies for nationally recognised organisations. The 007s of the cyber world.

Education institutes can work with the government and industry to create competitions, work experience and apprenticeships. The National Cyber Security Centre have started an initiative called CyberFirst a programme creating opportunities to help young people explore their passion for cyber and emerging tech.

These measures are critical to close the digital skills gap which is significant regarding cybersecurity. In 2024 the Government issued a report stating that 32% of businesses and 40% of charities lacked confidence in dealing with cyber security breaches or attacks and had not outsourced this function.

Thinking and Operating Differently

To fight cybersecurity, we all must change the way we think and operate in everything we do online and with technology. We need to be agile, flexible and have an open mind on learning new methods of operating and working, and we can never sit still. It has been suggested that supply models such as ‘Just in Time’ may have to change to leaner models because if a company is hacked then the disruption to the supply chain is massive, resulting in the companies not being able to get stock.

Act Before and Not After

Companies and organisations need to secure their technology, people and processes from cybercrime before it happens by implementing a secure IT network and business continuity strategy. So, if a cyber-attack does occur, they can act either before it happens or immediately when it does and carry on as business as usual without facing massive consequences.

Top Tips for How Business Can Secure Against Cybercrime

Cybersecurity is not an optional spend for businesses it is now a critical matter of survival protecting your business, people and reputation of a cyber breach. It is no longer the sole remit of the IT department, everyone in the company from the CEO down should be accountable for cybersecurity. Security needs to be embedded into the culture of the company and to ensure it is employees need to be educated on cybersecurity.

Education and Awareness

Human error accounts for a staggering 95% of cyber related incidents (Mimecast 2025) so it is imperative that employees are trained regularly on how to be cyber secure. Training them through workshops and courses using phishing simulations where companies send employees fake but realistic phishing emails to test their ability to recognise threats and how they respond to it. Teaching employees about not to click on links, input passwords from phishing emails and messages, creating weak passwords and overall poor security hygiene.

It is vital to build a culture where employees feel compelled but comfortable to report any suspicious activity.

Robust Passwords

The easiest way for cybercriminals to hack into your network is through weak or repeated passwords. Enforce a rule where all employees must use complex and unique passwords with a combination of upper and lower case letters, numbers and symbols to keep out the cybercriminals. Provide a password manager on your systems to avoid employees having to remember them and make them more secure.

Multi Factor Authentication (MFA)

For an additional security layer incorporate a multi facto authentication (MFA) for a second verification step, this could be a code that is sent to their mobile phone or an authenticator application. Research from Microsoft shows that an MFA can block more than 99.2% of cyber-attacks.

Secure Devices

It is also critical not to leave work devices unattended in a public place, use a public Wi-Fi connection and in the office, employees need to ensure screen locks are activated. Protect all devices with encryption and have the ability to wipe data if they are lost or stolen. If employees use their personal devices for work, then have robust BYOD policies in place.

Secure Wi-Fi Networks

The Office for National Statistics reported that over a quarter of the UK workforce were hybrid working at the start of 2025 and with the rise in cybercrime a secure network is vital. Remote and hybrid workers should use a Virtual Private Network (VPN) so employees can connect securely making it harder for hackers. Without a VPN you are exposing yourself to an attack.

Update Software and Devices

If your software and devices are not kept to up to date then the cyber criminals will detect weaknesses in aged unpatched systems and devices. Businesses should run strict patch management policies, turn on automatic updates and implement reputable malware and anti-virus software.

Business Continuity Plan

Back up your data and follow the 321 rules where you have three copies of your data, stored on two different types of storage, one online and other offsite. Conduct tests regularly to ensure they can be restored and recovered should a disaster occur. A cybersecurity plan is evolutionary that requires constant updating, maintenance and changing.

AI for Good

Investing in layered security with perimeters, secure endpoints and AI monitoring that can detect threats and anomalies in real time. Providing protection for employees and customers that can be actioned before an attack happens.

AI can also be used to detect deepfakes which are used by criminals in social engineering so deploying a solution that can identify these irregularities can stop a cyberattack in advance. It is vital that employees are trained on spotting these in links and emails etc.

Building Trust

Customers, suppliers and partners want to do business with a company that is secure and resilient, someone who they can trust will look after their data and their affairs. This is also a legal requirement for GDPR requirements and Directors’ fiduciary duty. Solutions such as call and messaging branding build trust because customers see the call or text message are from you therefore know it is not a scam call or text and will answer it.

It is also paramount to have the latest and up to date security standard certifications such as ISO027001 and Cyber Essentials Plus certifications to build trust with all stakeholders.

Stake Holder Chain

The supply chain and customer environments are often one of the weakest links in cyber resilience. It is critical to perform rigorous audits and ongoing compliance monitoring to ensure they are safe and do not expose your business to a cyber-attack.

Protect Yourselves

Beating cybercrime requires a collective collaboration between education institutions, parents, the government and businesses which will take time. But you don’t have time, so it

is up to you to protect your business from an cyberattack ensuring you have the latest AI real-time cybersecurity network and solutions in place to protect your business, people and technology. Don’t be a victim to cybercrime and act now before it’s too late for your business and your reputation. Some recover but some don’t!