Pull up a chair. We need to talk about something that's going to make your skin crawl.

While your sales team struggles to get prospects to return a bloody phone call, Iranian threat actors are convincing your employees to hand over the keys to your digital kingdom with the kind of charm and persistence that would make a used car salesman weep with envy. These aren't basement dwellers sending "Nigerian prince" emails—they're sophisticated operations turning social engineering into an art form while most organisations treat it like a compliance checkbox.

When fake job offers become delivery mechanisms and your "cybersecurity awareness" training is more obviously fake than actual attacks, you've got a problem that technical controls can't solve.

In one of 2025’s most disgraceful breaches, Lawcover — the indemnity insurer for thousands of lawyers — exposed the personal and financial data of judges and solicitors through an unencrypted SharePoint backup. It’s not a sophisticated hack; it’s old-school negligence.

Five-year-old legal records, sensitive case data, and passport numbers were all left to rot in the cloud. The incident highlights just how dangerously out of touch the legal sector is when it comes to basic cyber hygiene. In this brutally honest breakdown, we unpack what went wrong, why it matters for the UK, and why your supply chain is now your attack surface.

Your IT provider just became your biggest security threat. The DragonForce ransomware gang didn't break down your front door – they got handed the keys by exploiting the very tools meant to protect you. While you've been worrying about suspicious emails, criminals turned SimpleHelp and other RMM software into weapons of mass destruction.

One compromised MSP means hundreds of businesses infected in minutes. The attack already happened. The vulnerabilities were known.

The warnings were ignored. And right now, your business is probably running the same vulnerable tools. The only question is: are you next, or are you prepared?

Cybersecurity isn’t IT’s job anymore, it’s yours. Ransomware doesn’t spread because hackers are clever. It spreads because leadership keeps treating security like plumbing: fix it when it breaks.

This final part in our trilogy calls out the boardroom silence, the risk registers no one updates, and the plans that never get tested.

If your business is still relying on hope, luck, or “that one guy in IT,” you’re not secure you’re surviving on borrowed time. This isn’t fear-mongering. It’s your final warning.

Cyber insurance isn’t a silver bullet and claim denials are rising fast across the UK. Whether it’s poor security hygiene, policy exclusions, or failure to meet basic requirements, many businesses are learning the hard way that they’re not actually covered when disaster strikes.

This guide breaks down why insurers are rejecting claims, what Cyber Essentials (and Plus) have to do with your insurability, and why your MSP might be part of the problem.

If you’re relying on a policy you haven’t read, or assuming “we’re covered” because someone said so once in a meeting, you’re playing a dangerous game.

Cyber insurance only works if you do too and most businesses simply aren’t. Find out how to change that before it’s too late.

Every UK business has a fire plan. Most have flood plans. Some even worry about theft. But ask what happens when ransomware encrypts every file and locks you out of your own systems? Silence. No plan. I just crossed my fingers and am praying to the cyber gods. While you’ve invested in fire extinguishers and insurance policies, attackers have invested in your network.

Your business isn't ready without a tested, documented, and rehearsed cyber recovery plan. You’re vulnerable. And no, your MSP’s vague promise of "we’ve got it covered" won’t hold up in front of the ICO, insurers, or customers. It’s time to face the truth.

You’ve prepared for everything, except the thing most likely to ruin you.

Ransomware isn’t your biggest problem—it’s just the one that finally made you look. Behind every cyberattack sits a decade of crap decisions, from budget-stretched IT to untrained staff, weak passwords, and clueless suppliers.

You didn’t get hit because you were unlucky. You got hit because your house was already on fire.

This is part one of a blistering three-part series breaking down the disease beneath the ransomware epidemic ripping through the UK’s small business sector.

If you think you’re too small to be a target, read this—and pray you’re not already infected.

May’s Patch Tuesday is coming in hot—and if April’s mess left your domain logins broken, WSUS deployments in meltdown, or your Hello PIN sulking in the corner, you’ll want this one.

Microsoft is set to mop up its authentication chaos, plug lingering Windows 10 holes, and squash a few zero-days while it’s at it.

But that’s not all. Adobe, Intel, and SAP are sneaking in updates too. This month’s patch drop might not be as noisy as April, but it’s arguably more important.

Brace yourself for impact on 14 May—and don’t forget to test before clicking “Install.”