< Previous20 East Midlands Business Link www.eastmidlandsbusinesslink.co.uk CYBERSECURITY High-profile breaches and the growing risk of disruption are forcing firms in the East Midlands to take cybersecurity seriously, with regional programmes helping to close the gaps. I n April 2025, the Co-operative Group disclosed that a malicious cyber attack had cost it more than £200 million in lost revenue and a further £80 million in operating profit. The figures underline how exposed even the most established household names are when systems are compromised. At the same time, Jaguar Land Rover was forced to halt production lines across the UK after a cyber incident rippled through its networks and supply chain. These headline cases demonstrate how fragile operations become when security is breached and act as a warning to businesses across the East Midlands that cyber resilience can no longer be treated as optional. Nationally, the sector has grown at pace, reflecting the sharp rise in demand for services that can defend against increasingly sophisticated Cyber resilience rises up the agenda www.eastmidlandsbusinesslink.co.uk East Midlands Business Link 21 CYBERSECURITY threats. The number of firms providing security services and products continues to climb, employment has expanded into the tens of thousands, and revenues are growing year on year. Importantly, these gains are not confined to London and the South East. Almost half of cyber security businesses or their regional offices are located elsewhere, underscoring how important regional ecosystems are becoming in building resilience. The same qualities that underpin the strength of the region’s economy also heighten the risks. Automation on factory floors, digitalised supply chains and connected logistics networks create efficiency but also expand the number of entry points for criminals. A single weak point can expose entire operations, and attackers have learned to exploit smaller firms that feed into larger organisations. It is no longer unusual for a cyber breach in a modest supplier to cascade through the chain and reach much larger enterprises. That reality places new pressure on businesses of every size in the region to ensure their systems and practices are not left vulnerable. Local institutions have recognised this 22 Á22 East Midlands Business Link www.eastmidlandsbusinesslink.co.uk and begun to address the problem directly. De Montfort University has launched a £150,000 programme to provide training, risk assessments and mentoring tailored to the needs of businesses in the East Midlands. The initiative is designed to support small and medium enterprises in particular, offering access to expertise that would otherwise be out of reach. Alongside this, the East Midlands Cyber Resilience Centre has been set up as a regional hub offering advice, incident simulations and links to law enforcement. Both schemes underline the understanding that resilience is not solely a technical exercise but a shared responsibility requiring collaboration between academia, government and business. Despite the increasing availability of support, many businesses in the region remain unprepared. A belief that smaller firms are too insignificant to be targeted continues to leave gaps in defences. In practice, those very businesses are often prime targets precisely because they are assumed to be weaker. Weak credentials, outdated systems and poor supplier oversight are still common issues. Staff turnover and limited training compound the risks, while a lack of board-level engagement means that cyber is frequently relegated to the responsibility of a single IT manager rather than treated as a strategic priority. The result is a patchwork of practices that leave too many doors open to attackers. CYBERSECURITY www.eastmidlandsbusinesslink.co.uk East Midlands Business Link 23 The most effective defence begins with leadership. When directors treat cyber risk as a board-level issue, it receives the same attention as financial or legal obligations. That change in culture prompts clearer governance, more consistent investment and greater accountability. From there, businesses can take practical steps that need not be prohibitively expensive. Keeping systems patched and configured securely, enforcing multi-factor authentication, restricting unnecessary access and maintaining reliable backups are all fundamental measures. They are simple in concept yet powerful in reducing exposure. Staff awareness is equally important. Employees who recognise the signs of phishing emails or suspicious behaviour are a first line of defence, and regular training can be delivered at low cost. Planning for the worst is another crucial component. Incident response strategies that outline who does what, how communication is managed and how operations are restored can mean the difference between a temporary setback and a crippling disruption. Tabletop exercises or simulations, such as those offered by the regional resilience centre, allow organisations to rehearse their response before a real attack arrives. Building these practices into regular operations reduces the element of panic when systems are genuinely under threat. Supply chain security remains one of the most pressing issues. Businesses often rely on multiple suppliers, contractors and partners who have varying levels of security maturity. Few organisations carry out consistent checks on their suppliers, leaving them exposed to risks they cannot directly control. Stronger contractual requirements, periodic reviews and limited access rights can mitigate this weakness. It is a step that requires persistence but is increasingly vital in a world where attackers exploit every link in the chain. As digitalisation accelerates and technologies such as artificial intelligence are adopted more widely, the attack surface will continue to expand. Threat actors are becoming more organised, well-resourced and relentless, making it unrealistic to assume that older methods of defence will suffice. Those businesses that build cyber resilience into their operations now will not only protect themselves but will also gain a competitive edge. In an environment where trust is central to securing contracts and retaining customers, the ability to demonstrate reliable security practices can be a powerful differentiator. For the East Midlands, the opportunity is twofold. Firms can defend themselves and their customers against increasingly disruptive attacks, while also contributing to a regional cluster that could become a national exemplar in cyber resilience. By embracing the support available and embedding security as part of their infrastructure, businesses can strengthen their long- term competitiveness and ensure they are not caught out by threats that are only set to intensify.I n today’s tech-enabled world, we can get complacent about safety. Cars automatically stop us from hitting that fox that jumped out in front of us, smartwatches warn us to take a rest and our house alarm detects the sound of breaking glass outside. These advancements are amazing, genuinely saving lives and making our lives easier, allowing us to spend more time doing what we enjoy. Most of us use this technology for its intended purpose, there are however people out there who see it as an opportunity to commit cybercrime and cause massive disruption or misery for others. There have been incidents where baby monitors were hacked and used to spy on families to facilitate extortion, or a smart fish tank heater being compromised to steal thousands of megabytes of personal data from a casino. Both happened simply because people didn’t run the update they were prompted to install. It’s easy to forget that anything and anyone can be targeted, but that doesn’t mean we need to fear new technologies. We just need to be more aware of the risks around cybersecurity, both at work and at home with our friends and family. I am a firm believer that good cyber awareness starts at home. If you make sure your parents, your children and yourself update iPhones, Android phones and laptops when prompted, use a strong unique password for emails and set up multi-factor authentication, it makes you, your friends, family and colleagues more cyber-aware both at home and at work. So, why does this matter anyway? Cybersecurity used to be just an IT issue, but now it’s everyone’s issue and a business-critical priority. While technology plays a vital role in defending against attacks, the human factor often remains the weakest link. Of course, your IT team still needs to invest in modern email scanning, advanced malware protection and either have the skills in-house or a managed security team to help when (and I do mean when, not if) someone tries to get in. However, if we all just rely on technology to protect us, we are still risking reception giving someone that front door key. Creating a cyber-aware culture starts with education. Staff need to understand not only the “how” but also the “why” behind cybersecurity practices. Regular education on identifying malicious emails, using strong passwords and reporting suspicious activity is essential. There’s a reason why you constantly hear the “See it. Say it. Sorted” message from the British Transport Police when on the train. The earlier threats are identified, the quicker they can be stopped and the damage limited. Over the last decade, we have seen a shift in how cyber-attacks often start. Now they are often more opportunistic, trying to work their way up the food chain until they can catch a big fish. Of course, the large, targeted attacks still regularly happen, but most of us are far less likely to be a victim of one of these. That’s why attackers are often now just after our passwords to try to get into a system and work their way up, either inside the organisation or higher up the supply chain. That’s why it is so important to protect our security identity as much as we possibly can. Education plays a huge part in this, but technology can help a lot these days. There are multiple suppliers who can monitor who is using your login to access your email, your files, or third-party systems and look for suspicious activity. They can automatically identify anomalies in how your login is being used and block access even before an attack has happened. Were you logging into your email from Bristol 2 minutes ago, but now you are in China trying to access 24 East Midlands Business Link www.eastmidlandsbusinesslink.co.uk ACCOUNTING Why protecting your digital identity is now central to managing assets and preserving trust Mark Smith, chief information officer at Streets, considers the importance of cybersecurity as it transitions from an IT department issue to one everyone must consider.ACCOUNTING secure files and starting to upload information to an external sharing site? These tools proactively monitor your systems 24/7 and respond automatically, keeping you safe while your friendly IT team is fast asleep. We are now seeing that cybersecurity isn’t just being seen as a cost, but an investment in business continuity and client trust. The reputational damage from a breach can be far more costly than any security measure and the mental toll of dealing with identify fraud and personal financial loss can be far reaching. As the M&S incident demonstrates, the www.eastmidlandsbusinesslink.co.uk East Midlands Business Link 25 financial impact can be catastrophic, but the erosion of customer confidence can have even longer-lasting consequences. In an age where technology shields us from physical harm and streamlines daily life, it’s easy to overlook the growing threat of cybercrime. Just as we diversify investments and monitor financial risks to protect our wealth, we must treat cybersecurity as a form of digital asset management. After all, safeguarding your identity and data is not just about IT—it’s about preserving trust, continuity and long-term financial health. 26 East Midlands Business Link www.eastmidlandsbusinesslink.co.uk SUPPORTING BUSINESS GROWTH A mbition is at the heart of every growing business, but ambition alone is rarely enough. Expanding a company, whether through acquiring new facilities, hiring staff, ramping up production or entering fresh markets, requires more than energy and determination. It demands insight, foresight and, increasingly, external guidance. The firms that navigate growth most successfully are those that know how and when to draw on expertise beyond their own walls. Advisory networks have always played a role in shaping commercial decisions, but their value has become more pronounced in recent years. Growth strategies carry new layers of complexity, from regulatory compliance to digital transformation. A business that relies only on internal resources risks missing blind spots that can slow momentum or even derail expansion altogether. External advisers bring perspective that internal teams may lack. They can help business leaders stress- test plans, anticipate challenges and seize opportunities with greater confidence. The value of advice lies not only in technical expertise but also in local knowledge. A business expanding into a new area, for instance, may struggle to interpret unfamiliar regulations, identify reliable suppliers or build networks of trust. Advisors who understand the regional landscape can bridge that gap, providing introductions, context and an The right advice: key to business growth Expansion is never straightforward. From finance to workforce planning, businesses that draw on the right advisory networks and local knowledge are better placed to grow with confidence. www.eastmidlandsbusinesslink.co.uk East Midlands Business Link 27 SUPPORTING BUSINESS GROWTH understanding of subtle cultural or market dynamics. In the East Midlands, for example, businesses benefit from established enterprise partnerships, chambers of commerce and training bodies that combine practical support with an awareness of regional conditions. Mentioning the region just once illustrates the broader point: wherever a company is based, local networks often make the difference between theoretical plans and practical delivery. Finance is a particularly clear example of where guidance matters. Expansion invariably requires capital, but navigating the funding landscape is rarely straightforward. Traditional bank lending may be the obvious option, yet it is not always the best fit for every stage of growth. Grants, venture investment, and newer forms of alternative finance all come with their own terms, benefits and risks. External advisors are well placed to match businesses with the right solution, ensuring repayment structures align with projected cash flow or that grant opportunities are not overlooked. A poor financial decision can weigh on a business for years, while a well- structured package can unlock growth that would otherwise remain out of reach. People and skills are another area where support proves critical. Expanding production or launching new services inevitably means recruiting, training and 28 Á28 East Midlands Business Link www.eastmidlandsbusinesslink.co.uk SUPPORTING BUSINESS GROWTH retaining staff. Yet building a workforce is not simply about numbers; it is about ensuring the right skills are in place and compliance obligations are met. Here, advisory support often connects businesses with training providers, apprenticeship schemes and skills development programmes that align with industry demand. By embedding growth in workforce planning, businesses avoid the costly churn that can undermine expansion efforts. Advisory bodies that specialise in labour markets or vocational training are becoming integral partners in growth journeys. Growth also brings exposure to risk, and this is where advisory networks can strengthen resilience. Businesses that scale rapidly without adequate planning often find themselves vulnerable to disruptions in supply chains, fluctuations in costs, or sudden changes in regulation. Advisors can help firms diversify suppliers, implement digital systems for greater efficiency, and anticipate legal requirements that may not www.eastmidlandsbusinesslink.co.uk East Midlands Business Link 29 SUPPORTING BUSINESS GROWTH yet be on the radar. By embedding resilience into growth strategies, companies are better prepared for shocks, whether economic, political or environmental. What unites all these forms of support is that they prevent businesses from operating in isolation. Growth can feel like a solitary challenge, with leadership teams carrying the burden of strategic decisions. Yet the reality is that the most sustainable expansion is collaborative. Businesses that reach out are those that reduce their risks and increase their chances of long-term success. Advisory networks create a feedback loop of knowledge, providing reassurance at every stage of growth and ensuring businesses are not blindsided by obstacles they might otherwise have missed. For many firms, the question is how to structure it. Some build ongoing relationships with advisors who act almost as extensions of their management teams. Others create project-based arrangements, bringing in specialists only at key moments. Both approaches demonstrate the same recognition: growth is rarely achieved in isolation. As challenges multiply, so too does the importance of trusted external guidance. Businesses do not expand on ambition alone. They expand when ambition is underpinned by the right knowledge, skills and networks. Advisory expertise is not an optional extra. It is a cornerstone of growth. The companies that understand this, and that invest in building strong advisory relationships, will not only expand more successfully but also with greater confidence that their progress can be sustained in the years ahead. SOLICITORS EOTs and business growth | A strategic alternative to traditional sales Employee Ownership Trusts (EOTs) are a relatively new phenomena which are fast gaining traction as their benefits become more widely understood – tax advantages, succession planning and social responsibility among the key motivators. They are most suited to business owners who value the future of their company and the people who helped to build it, over an immediate cash sale – and can be an excellent option where a trade sale is either unavailable or unattractive to business owners. As the name suggests, the company is sold to its employees via a trust. The trust then owes a debt to the sellers of the purchase price, and this would be paid using (i) free cash in the company, and (ii) ongoing profits passed up from the company to the trust. Having advised on a number of EOTs to a range of different businesses and featured in the Sunday Times on the topic, Euan McLaughlin in the Sills & Betteridge Corporate team is a strong supporter of the EOT model (in the right circumstances). You can read his full article on the tax reliefs and other advantages on the Sills & Betteridge blog. "Euan provided innovative, astute legal advice with a human touch, offering comprehensive support to myself and the Board at every stage of the EOT transaction. It made a huge difference having a solicitor who had taken the time to understand the individuals and dynamics within the business." Tim Eagles, Managing Director Castlet Holdings Ltd Lincoln. Please contact Euan McLaughlin on emclaughlin@sillslegal.co.uk or 01522 700490 if you would like to discuss your situation and options. Next >