DUA

logo
logo

The First of the DUA Mayfair Talks Series

This year at DUA Accountancy and Business Consultancy, we will be meeting like-minded business professionals every month at the Mandeville Hotel in London. Our DUA Mayfair Talks started this Wednesday with a deep dive into Cyber Risk, Resilience and Insurance for SMEs.

Led by Paul Dukes from DUA, our event brought together Oliver Leyens from Heath Crawford, Ben Turner from Tribe Technology, Tony Fields from PH7 Performance, Mark Pagdin from Onion Security, Dave Meadows from Pushed, Ollie Jackman from Agile Communications, Sunil Jindal from Freeman Clarke, Linda Sandberg from RPost, Nicole Southwell from ARC Business Consultants, and Lindsay Butcher from What & Why to discuss some of the most pressing issues around cyber security today.

The session was led by Oliver Leyens, who sparked a wide-ranging and practical discussion on cyber risk, resilience, and insurance for SMEs. The group explored how cyber security is often thought of as an IT issue, when in fact it is a business-wide risk involving people, processes, and preparedness. Cyber attacks can result in business interruption, financial loss, data exposure on the dark web and long-term reputational damage, that is often worse than the financial loss.

Key Themes

Key discussion themes included:

  • Cyber insurance is not only the responsibility of the IT department.
  • Data breaches can – and do – affect businesses of all sizes. SMEs are often targeted because they are perceived as less prepared.
  • SMEs working with large corporates are particularly vulnerable, as attackers use them as a route into bigger organisations.
  • Cyber risk is about protocols, behaviours, and resilience, not just systems or CRMs.
  • The shift to remote and hybrid working has significantly increased exposure.
  • Email remains the weakest link, especially with phishing, invoice fraud, and document sharing.
  • Human error is now the biggest operational risk.

 

Real-world examples were shared, including:

  • Invoice cloning and payment redirection fraud.
  • A manufacturer losing £180k, six days of work, and sensitive data due to weak email and document processes.
  • High-profile breaches such as Jaguar Land Rover illustrate that size offers no protection.

 

Emerging Cyber Security Risks

The group also discussed emerging risks, such as:

  • Multi-factor authentication being bypassed more quickly than many assume.
  • Staff copying sensitive data into AI tools to summarise contracts or emails.
  • Underestimating business interruption sums insured.

Key Takeaways for SMEs

Cyber Risk Ownership

  • Treat cyber security as a business-wide issue, not an IT “tick box”.
  • Embed cyber awareness into everyday behaviour.

 

Insurance and Financial Protection

  • Check cyber insurance cover (often available from ~£300/year).
  • Confirm business interruption sums insured are realistic (e.g. £250k may be insufficient).
  • Ask: Does my loss of trading insurance cover cyber events?
  • Ensure third-party exposures are included where relevant.

 

Preparation and Resilience

  • Know where your backups are and test them.
  • Have a documented, rehearsed incident response process.
  • Identify and protect your “crown jewels” (most sensitive and valuable data).

 

Technology and Controls

  • Work with your MSP to secure remote working (VPNs, device security).
  • Use email security tools (e.g. Mimecast).
  • Implement password managers (e.g. 1Password, device password managers).
  • Enable 2FA/MFA on all systems: email, websites, social media, WhatsApp.
  • Set territorial and permission-based access controls.

 

Processes and Training

  • User education is critical – phishing awareness and behaviour change.
  • Ring payees to verify payment details when invoices change.
  • Regular risk assessments to identify gaps.
  • Avoid copying sensitive data into AI tools without safeguards.

 

Governance and Hygiene

  • Auto-renew domains and critical services.
  • Monitor breaches using tools like “Have I Been Pwned”.
  • Use frameworks such as Cyber Essentials / Cyber Essentials Plus to identify weaknesses (but don’t treat them as box-ticking exercises).

 

Ongoing Mindset

  • Cyber security is continuous, not annual.
  • Testing and reviews should be regular.
  • Education, process, and culture are as important as technology.

 

Actions for All and Feedback!

We have been overwhelmed with positive feedback from our delegates. Some of the responses have included:

Thank you for such a well-run and engaging session today. It was genuinely valuable, and Ollie did a brilliant job of bringing such an important topic to life, I certainly came away with a much clearer and more enriched understanding of the cyber landscape.”

The energy in the room and the openness of the discussion made it even better, so credit to you for creating that environment.”

I’d absolutely love to be at the next one, so please do keep me in mind.”

We were delighted with the high quality of the discussion from our delegates.

The following free cyber risk calculator tool was shared following the session by Ollie: https://www.coalitioninc.com/en-gb/free-risk-assessment. The software will scan your network and can take up to 10 minutes to give the full score which will show in US dollars. It will also benchmark you within your industry against peers. This is definitely a great takeaway in itself.

For further information on our accountancy and business consulting services, please contact us here.

logo
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.