Reflections on Our Cyber Executive Education Programme: Belfast & Edinburgh - Cyber and Fraud Centre

In recent weeks, the Cyber and Fraud Centre has hosted two successful events as part of our Cyber Executive Education Programme—one in Belfast and one in Edinburgh. These events brought together industry leaders, cybersecurity experts, and organisations across Scotland and Northern Ireland to explore critical trends in cyber resilience and address the unique threats faced by businesses and organisations in these regions. Both events provided participants with invaluable insights into the importance of strategic planning and the latest cyber trends affecting their respective geographic areas.

Key Areas Covered

Throughout both sessions, speakers stressed the importance of proactive security measures, board-level responsibility in cyber security, and fostering a culture of cyber awareness at every organisational level. Some of the core areas that generated significant discussion included:

Cyber Insurance: A key topic at both events was the growing necessity of cyber insurance. Speakers urged attendees to ensure their insurance policies align with their actual risks. Understanding the scope of coverage is essential, especially when dealing with increasingly sophisticated attacks. Simon Whittaker, Co-Founder and CEO of Vertical Structure emphasised the importance of integrating insurance with incident response planning, encouraging organisations to review their policies to avoid gaps in coverage that could be costly post-attack.
Incident Response Planning: An effective Incident Response Plan is vital to minimising damage during a cyber-attack. At the Belfast event, Alex Dowall, Head of Cyber and Fraud at the Cyber and Fraud Centre discussed the differences in response approaches between large and small organisations. Larger businesses often have the resources to maintain dedicated incident response teams, while smaller organisations typically rely on external partners and more simplified procedures. However, regardless of size, preparedness and clarity in roles are key. Testing plans regularly was another important takeaway, with speakers stressing that tabletop exercises can reveal hidden vulnerabilities. At both events, Alex spoke about the importance of preparedness, highlighting that cyber ignorance and neglect can lead to devastating consequences. Using Maslow’s Hierarchy of Needs, Alex narrated the importance of embedding cyber security into frameworks and culture to avoid risk.
Emerging Cyber Threats: Both events covered the latest threats, from ransomware and phishing attacks to more sophisticated and targeted hacking campaigns. With a focus on real-world examples, these discussions provided participants with an understanding of the landscape, underscoring the need for continued vigilance and up to date support.
The Importance of Cyber Awareness at Board Level: One of the standout points in both Belfast and Edinburgh was that cyber resilience is not just an IT issue but a boardroom issue as well. Jude McCorry, CEO of the Cyber and Fraud Centre, highlighted that executives and board members must understand the risks and take ownership of their organisation’s cybersecurity strategy. Cyber threats can jeopardise not only operations but reputation, making Board involvement crucial in creating a cyber aware organisational culture. Again, Jude and her esteemed panel highlighted the importance of integrating cyber resilience into an organisations culture.

Regional Cyber Trends: Scotland vs. Northern Ireland

One of the more fascinating insights from the programme was the variation in cyber threats and challenges between Scotland and Northern Ireland. In Northern Ireland, the conversation leaned heavily towards supply chain security. Northern Ireland’s large manufacturing sector, heavily dependent on third-party suppliers, is increasingly vulnerable to supply chain attacks. Ensuring that partners and vendors uphold the same security standards is becoming a critical issue for many businesses.

In Scotland, the discussions focused more on phishing and ransomware, especially in the financial services and healthcare sectors, which have seen an uptick in targeted attacks. At the Edinburgh event, two compelling case studies were presented, detailing real-life cyber-attacks on Scottish organisations. Scullion Law and Arnold Clark both shared their experiences of managing cyber crises, from dealing with attacks to the aftermath of restoring operations. These case studies underscored the importance of quick incident response, clear communication, and the value of cyber insurance in mitigating financial and reputational damage.

Hands-On Practical Exercises

A particular highlight at both events was the practical, hands-on exercise that allowed participants to experience the intensity of responding to a live cyber-attack scenario. During both the Belfast and Edinburgh event, attendees were asked to role-play as the executive team of a small housing charity under attack from hackers demanding a £50,000 ransom in cryptocurrency. Led by Jude McCorry, the exercise challenged attendees to formulate an initial incident response plan within 15 minutes, presenting it to the room for feedback.

This exercise was eye-opening for many participants; it provided a real-world application of the later discussions throughout the day. It also spurred great conversations during the Q&A, with participants sharing their perspectives and approaches. The interactive nature of this session gave attendees the opportunity to explore different strategies for protecting sensitive data, deciding whether to pay a ransom, and dealing with external stakeholders such as law enforcement and media.

Practical Insights and Key Takeaways

Both events left participants with a strong understanding of the evolving cyber landscape, but the practical tasks and case studies also left a lasting impression. Alex Dowall highlighted that testing incident response plans regularly through exercises such as tabletop simulations is crucial. These exercises allow organisations to assess their readiness and fine-tune their response strategy, ensuring that key decision-makers are well-prepared to act swiftly in the event of a real attack.

Additionally, speakers like Simon Whittaker stressed the importance of cultivating a positive cybersecurity culture within organisations. It’s not enough to have policies and procedures in place; employees need to feel empowered and aware to ensure cybersecurity is part of daily operations.

Future Trends to Watch

Looking ahead, the cyber landscape will continue to evolve, with new threats and challenges emerging. From our discussions in Belfast and Edinburgh, we identified a few key trends that will shape the future of cyber security:

AI in Cyber Security: Both a tool for defence and a potential weapon for cyber criminals, AI will redefine cyber security. As artificial intelligence becomes more advanced, it will play a larger role in both preventing and launching attacks.
The Cyber Skills Gap: The shortage of skilled cybersecurity professionals continues to be a challenge. Addressing this gap will be crucial to building resilient defences. Organisations are encouraged to invest in cybersecurity training for their teams and consider partnering with external experts to close the skills gap.

These events served as a crucial reminder of the importance of collaboration, awareness, and strategic planning in protecting organisations from cyber threats. With engaging case studies, practical exercises, and in-depth discussions, attendees left with actionable insights and renewed commitment to strengthening their cybersecurity strategies.

Because of the great feedback, we are delighted to announce that we will be running the Cyber Executive Education sessions again in February and March next year. We look forward to continuing these important conversations and welcoming more participants in 2025!

02.10.24

General