Scenarios

Speed matters. The actions you take in the first hour decide whether this becomes a footnote or an incident.

Phishing is the most common way attackers get into SMEs. Most clicks lead nowhere; some hand over a password; a few trigger a chain that ends in fraud or ransomware. Run the steps below in order, and assume the worst until proven otherwise.

Don't pay yet. Don't reboot. Don't restore over a still-infected system.

Modern ransomware does two things: encrypts files and exfiltrates data. Your job in the first 24 hours is to contain the spread, preserve evidence, and bring in the right people.

Leavers are the most common source of orphaned accounts.

Your goal is the same whether it's a planned departure or a same-day exit: revoke what they no longer need, preserve what the business does need.

A consistent process prevents 80% of access problems three years later.

Give every new joiner the least access they need, the right training, and a clear record of what was set up.

These are now routine. The first one is hard; the tenth is a copy-paste.

Treat the questionnaire as a once-only piece of work and reuse the answers.

This decision affects your security posture more than any tool.

Use the time when nothing is wrong to interview properly.

Cyber insurance has matured. The cover is more useful and the requirements stricter.

The application is increasingly an audit of your security. Incomplete answers can void the policy.

Achievable in 4–8 weeks for most SMEs.

Five technical controls, a self-assessment questionnaire, and a certification body.

You don't need a moratorium. You need a four-step plan and a one-page policy.

AI adoption is happening whether you've approved it or not.

The hidden costs in a deal are usually in IT and data.

IT due diligence is often skimmed. It shouldn't be.