As social engineering surges, it’s time to insure and secure your business, says Espria
Building a cyber-aware culture and threat-protected business is the smartest risk investment to stay on top of the threat landscape.
In a move that highlights the escalating cyber threats, the UK government recently announced the launch of a dedicated Vulnerability Research Institute (VRI) to bolster UK business cyber security defences. Designed to bring together the public and private sectors as well as individuals, the VRI emphasises the importance of collaboration across our cyber defences.
“There is a broader systemic risk that many companies have begun to face: even with great internal defences, human error can compromise even the most robust security.” said Brian Sibley, VCTO, at Espria.
The UK’s new Vulnerability Research Institute adds a layer of promise by advancing knowledge sharing and understanding of industry wide infrastructure weaknesses.
“A 2025 Sophos report found that social engineering attacks such as malicious emails caused 37% of ransomware attacks in the UK last year – the very same modus operandi of Scattered Spider. Adding to the concern, over 40% of ransomware victims lacked the expertise to detect and stop an attack.
“These figures raise an important question; what is the business sector doing to plug the skills gap? Organisations must leverage vulnerability intelligence from institutions like VRI but also train staff to spot and respond appropriately to social engineering attacks to close the gap at both the human and technical level.”
Sibley emphasises the advantages of employee training in relation to recent attacks to raise general awareness across the business.
“For businesses lacking in formal training, they may find that the weakest link in security is not their tools and IT but their own people. Human error is what threat actors rely on as it only takes a momentary lapse in judgment to fall victim. To combat this, it is critical to continuously refresh employee knowledge on what to look out for.
“From the IT team to the reception desk, employees across the business should be provided with targeted training on threat spotting and taught the correct procedures for reporting suspicious behaviour and credentials resets. Additional training should also be considered for those who would be involved in the incident response process.
“However, the work does not stop there; businesses should regularly revisit their incident response plans and stress test them with cyber defense exercises. These can identify any gaps that could create issues during a real life incident.”
Sibley continued, “Preparation is equally important when it comes to creating a streamlined incident response. This level of preparedness and risk mitigation is something cyber insurers view favourably. Unfortunately, even the best cyber protection isn’t bulletproof, but the true value of a managed detection and response service lies in the expertise of its threat hunters and the remediation and recovery tools it delivers”.
“Depending on the nature of your business and the type of data you handle, such as payment information or personal customer details, your organisation may be at greater risk of common cyberattacks. Once robust monitoring and detection strategies are in place, cyber insurance can help protect the business from significant financial losses in the event of an incident.”
Sibley concluded, “Initiatives such as VRI may prove valuable in an increasingly digital world but this must be coupled with an internal proactive approach to cyber security. Although the retail sector is in the spotlight, threat actors are constantly seeking the weakest entry points for any and all businesses. Rather than waiting for your sector to make headlines, businesses should reassess their security controls and training now, and invest in cyber insurance to close the door of opportunity.”
You may be interested in
Beyond Copilots: Why AI Agents Are the Next Competitive Advantage
AI is no longer a tactical tool, it’s becoming the engine of enterprise transformation. While copilots and other generative AI tools have helped teams work faster, the real breakthrough is happening with AI agents: autonomous systems that don’t just assist but act, learn and orchestrate entire workflows across the business. The question every executive should be asking is: “How will we harness AI to create value at scale before our competitors do?” High-performing organisations aren’t waiting. They’re embedding AI agents into daily operations and seeing measurable impact; accelerated decision-making, leaner processes and stronger financial outcomes. When markets move at digital speed, standing still means falling behind. Here’s why: So, the question isn’t “Should we adopt AI?”, it’s “What could…
Zero Trust Networking
Protecting Employees Without Friction Your workforce is your greatest asset, and your greatest vulnerability. Attackers know this, which is why phishing and credential theft remain the most common entry points. But here’s the leadership challenge: how do you protect employees without slowing them down? Zero Trust answers that question by making security invisible yet uncompromising. Employees work from anywhere, home, client sites, airports, without clunky VPNs or endless password resets. Behind the scenes, every login is verified, every device assessed, every anomaly flagged. If something looks wrong, a compromised credential, an unusual location, the system reacts…
Shadow AI: Executive Briefing on Real Risks, Business Impact and Mitigation
Shadow AI is here, and it’s growing Shadow AI is the use of artificial intelligence tools and platforms outside the oversight of IT, security, or compliance teams. This is not a hypothetical concern. KPMG’s 2025 global survey found that up to 58% of employees are using AI productivity tools daily, and nearly half admit to uploading sensitive company information to unauthorised platforms. Only 41% of employees say their organisation has a policy guiding the use of generative AI, revealing a significant governance gap. The Risks Are Real and Substantial The evidence from leading analysts and recent incidents is clear:…
Cyber Resilience in 2025: From Tick-Box to Boardroom Imperative
What the NCSC’s 2025 Review Means for UK Businesses The National Cyber Security Centre’s (NCSC) 2025 Annual Review is a wake-up call for business leaders across the UK. The days when cyber security was simply an IT concern or a routine compliance task are over. With a record number of nationally significant cyber incidents handled in the past year (more than double the previous year’s figure), it is clear that cyber risks have become a central issue for organisational survival and national prosperity. The Evolving Threat: Why Businesses Can’t Afford Complacency No sector has been spared in the latest…
Is Your MSP Really Helping You Grow — Or Just Keeping the Lights On?
There’s a moment in every business where the question quietly surfaces: “Are we getting what we really need from our IT provider?” It’s not always easy to answer. On the surface, things seem fine. Tickets are resolved. Reports arrive. There’s someone to call when things go wrong. It’s familiar. It’s comfortable. And that comfort can be deceiving. Because beneath the surface, many organisations are stuck in a service relationship that feels safe — but is actually stagnant. And here’s the truth: comfort isn’t the same as progress. For many, the idea of changing MSPs or challenging the…
The 2025 State of Ransomware: Key Insights on Attacks, Costs, and Recovery
Ransomware continues to evolve — and so must our defenses. The State of Ransomware 2025 report from Sophos presents one of the most comprehensive views yet into how organisations around the world are being impacted by ransomware attacks. Based on an independent survey of 3,400 IT and cybersecurity leaders across 17 countries, the report explores how attacks are evolving, the operational weaknesses adversaries exploit, and the human and financial tolls that follow. Whether you’re building a cybersecurity strategy or assessing risk, this year’s findings offer crucial, real-world insights to guide your response. Key Findings from…