By Mark Smith, Chief Information Officer

In today’s tech-enabled world, we can get complacent about safety. Cars automatically stop us from hitting that fox that jumped out in front of us, smartwatches warn us to take a rest and our house alarm detects the sound of breaking glass outside. These advancements are amazing, genuinely saving lives and making our lives easier, allowing us to spend more time doing what we enjoy.

Most of us use this technology for its intended purpose, there are however people out there who see it as an opportunity to commit cybercrime and cause massive disruption or misery for others. There have been incidents where baby monitors were hacked and used to spy on families to facilitate extortion, or a smart fish tank heater being compromised to steal thousands of megabytes of personal data from a casino. Both happened simply because people didn’t run the update they were prompted to install.

It’s easy to forget that anything and anyone can be targeted, but that doesn’t mean we need to fear new technologies. We just need to be more aware of the risks around cybersecurity, both at work and at home with our friends and family. I am a firm believer that good cyber awareness starts at home. If you make sure your parents, your children and yourself update iPhones, Android phones and laptops when prompted, use a strong unique password for emails and set up multi-factor authentication, it makes you, your friends, family and colleagues more cyber-aware both at home and at work.

So, why does this matter anyway? Cybersecurity used to be just an IT issue, but now it’s everyone’s issue and a business-critical priority. While technology plays a vital role in defending against attacks, the human factor often remains the weakest link. Of course, your IT team still needs to invest in modern email scanning, advanced malware protection and either have the skills in-house or a managed security team to help when (and I do mean when, not if) someone tries to get in. However, if we all just rely on technology to protect us, we are still risking reception giving someone that front door key.

Creating a cyber-aware culture starts with education. Staff need to understand not only the “how” but also the “why” behind cybersecurity practices. Regular education on identifying malicious emails, using strong passwords and reporting suspicious activity is essential. There’s a reason why you constantly hear the “See it. Say it. Sorted” message from the British Transport Police when on the train. The earlier threats are identified, the quicker they can be stopped and the damage limited.

Over the last decade, we have seen a shift in how cyber-attacks often start. Now they are often more opportunistic, trying to work their way up the food chain until they can catch a big fish. Of course, the large, targeted attacks still regularly happen, but most of us are far less likely to be a victim of one of these. That’s why attackers are often now just after our passwords to try to get into a system and work their way up, either inside the organisation or higher up the supply chain. That’s why it is so important to protect our security identity as much as we possibly can.

Education plays a huge part in this, but technology can help a lot these days. There are multiple suppliers who can monitor who is using your login to access your email, your files, or third-party systems and look for suspicious activity. They can automatically identify anomalies in how your login is being used and block access even before an attack has happened. Were you logging into your email from Bristol 2 minutes ago, but now you are in China trying to access secure files and starting to upload information to an external sharing site? These tools proactively monitor your systems 24/7 and respond automatically, keeping you safe while your friendly IT team is fast asleep.

We are now seeing that cybersecurity isn’t just being seen as a cost, but an investment in business continuity and client trust. The reputational damage from a breach can be far more costly than any security measure and the mental toll of dealing with identify fraud and personal financial loss can be far reaching. As the M&S incident demonstrates, the financial impact can be catastrophic, but the erosion of customer confidence can have even longer-lasting consequences.

In an age where technology shields us from physical harm and streamlines daily life, it’s easy to overlook the growing threat of cybercrime. Just as we diversify investments and monitor financial risks to protect our wealth, we must treat cybersecurity as a form of digital asset management. After all, safeguarding your identity and data is not just about IT—it’s about preserving trust, continuity and long-term financial health.