When we talk about cyber security it’s tempting to think only in terms of technology like firewalls, end point detection and advanced security solutions. However, for many organisations real cyber resilience is just as much about people, governance and culture as it is about the actual tools. As threats continue to grow in terms of frequency and complexity, the organisations that are best protected aren’t always the ones with the biggest spend but the ones that think strategically.
Latest Reports
According to the latest reports, cyber attack in the last 12 months are up by 50%. Yet only 30% of organisations have a board member or trustee explicitly responsible for cyber risk. Without someone at the top taking clear ownership, cybersecurity often becomes something discussed only after an incident, not before.
For membership-based organisations who are often custodians of sensitive member data, event systems and financial records, the reputational impact of a breach can be even more damaging than the financial cost. Many already operate on lean resources, so recovery from a serious breach could take months. Having a named cyber lead on your board, and regularly reviewing digital risks, is a relatively low-effort, high-impact change.
Critical Area
Another critical area is awareness and culture. Research by TechRound showed that 58% of UK IT professionals believe their colleagues don’t understand the real consequences of poor cyber hygiene. That’s not surprising: while many organisations provide initial training, few invest in ongoing reminders or simulate threats like phishing emails. As with health and safety, cyber awareness needs to be part of the everyday rhythm of an organisation and not just a box ticked during induction.
As Stewart, our CEO and Founder at Lighthouse IT puts it:
“In our experience working with organisations of all sizes, the biggest breakthroughs don’t only come with buying more tools – they come from clarifying who owns cyber, raising awareness, and embedding simple but disciplined practices.”
Business Continuity
There’s also a tendency to overlook business continuity planning. Many membership organisations have a disaster recovery plan for physical issues like floods, power cuts, office closures, but haven’t reviewed how they’d respond to a ransomware attack or major data breach. Who communicates with members? What systems need restoring first? Is your data backed up in a way that lets you restore quickly? Having a practical, tested plan matters far more than having a perfect one. Also the latest advice would be to have a printed copy of your continuity plans, stored confidentially for reference in case of a breach.
Summary
Finally, cyber risk doesn’t stop at your organisation’s edge. It includes suppliers, software vendors, and event partners. A third-party breach can impact your members even if your own systems are secure. Reviewing supplier agreements and expecting basic standards from partners is fast becoming essential.
Cyber security can feel overwhelming, but the fundamentals are surprisingly straightforward – good leadership, informed people, tested processes, and trusted partners like Lighthouse IT. For membership organisations, these steps build a foundation of trust with the communities they serve.
Read our last Lighthouse IT article here: Cyber security: A responsibility for boards and senior leaders
Lighthouse IT is a managed IT and cyber security provider helping organisations harness technology to drive better outcomes. Visit https://www.lighthouseit.co.uk/ or Contact Us [email protected]
Leave A Comment