Does my business really need Cyber Essentials?

18th November 2020

Cybersecurity issues are becoming a day-to-day struggle for businesses. Recent trends and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices. 

Despite this, most SMEs are at risk of being breached either through a lack of awareness or a lack of action. This is a concern for SMEs since the fines and costs associated with cyber-attacks can put them out of business. 


3rd November 2020


The railways are one of the four main industries within the transport sector, the other three being shipping, aviation, and road traffic.

Organisations within all these industries have plans to introduce new IT platforms and infrastructure to improve their operations and also make more services available to the public via apps.

Many of the plans involve innovative technologies that are only just emerging. The introduction of as yet untested technologies carries major IT security challenges, because new technology will always be a target for hackers.

Companies across most sectors have experienced attacks on their IT systems
over the last four decades. The rail industry is no exception. Our paper includes examples taken from the last ten years:

If you would like to read more you can download the full paper here.

How does a CISO budget & plan for 3 years’ time?

19th October 2020

When setting out their budgets for 3 years (in some organisations this can be 5 years or even up to 10), CISOs have a good idea of what to plan for in Year 1; some degree of certainty in Year 2; but as the planning cycle moves into Year 3 and beyond, they have less visibility on where they should be spending their money.
Therefore CISOs often put ‘placeholders’ in their budgets for Year 3, because if they don’t budget for them, they may see their budgets reduced.


To read our latest whitepaper which summarises our panel session we hosted over the summer. Click Here to download.

Supplier Assurance now in the front line against cybercrime

18th August 2020

The Covid-19 pandemic has had a dramatic impact on businesses and their supply chains.

Organisations have had to take important decisions to keep themselves alive not only in terms of sales revenue and production, but making it possible for employees to work remotely where their role allows. Some companies will have been set up for this from a technology stand-point but for many, it will have been a real headache and rush job to work around whatever technology they could get, or had available.

Supplier Assurance – FinTech’s route to well managed regulation

25th July 2020

The bar of entry to becoming an operator in the financial services industry is understandably high as it is necessarily heavily regulated.  The UK financial sector has evolved rapidly over the last five years with the growth of fintech businesses looking to drive innovation into the banking industry.  As well as developing technology, new entrants must pay great attention to meeting the requirements of the regulators as well as ensuring that a ‘privacy by design’ approach is taken from the outset.  There is a risk that founders might focus all of their energy into the development of innovative and cutting-edge technology offerings, but at the detriment of meeting the demands of the regulator and broader privacy requirements.


By Stuart Jubb, head of consulting at Crossword Cybersecurity, looks at how fintech start-ups can maintain their agility while reducing risk with supplier assurance

Working from Home Cybersecurity Guidance

26th March 2020

Working from home comes with a range of security risks, but employees need to be educated too – human behaviour is invariably the weakest link in a company’s cybersecurity posture. In the current environment, with many more employees working at home, cybercriminals are actively looking for opportunities to launch phishing attacks and compromise the IT infrastructure of businesses, large and small.

Guidance on Working from Home

All companies should start by reviewing the home working guidance available at the UK Government’s National Cyber Security Centre (NCSC). This resource helps companies prepare their employees and think about the best way to protect their systems. Crossword has been advising a number of its FTSE clients in a range of sectors, and below is a summary of the guidance given, in addition to that from the NCSC.