This advice has been collated by EMSOU and is intended for wider distribution within the East Midlands Region to raise awareness among businesses and the public.

Advice and information is changing daily as we navigate our way through the COVID- 19 pandemic, so please ensure you only take information from reputable sources.

If you require any further information, assistance or guidance please contact the EMSOU Protect Team EMSOU Protect Team or your local Force protect team.

Today’s topic is: Cyber Security and Leadership An organisation’s leaders set the tone. They establish business priorities and ensure

adherence to them. They are the arbiter of difficult decisions and provide direction and cohesion. Steve Jobs’ leadership revolutionised Apple from a small backwater tech firm to one of the biggest and most successful enterprises of the modern day. As of 2019, Apple is worth over $1 trillion.

Like the hub of the wheel - leaders connect, coordinate, and drive the business forward, embracing cyber security education, awareness and best practices; supporting security investments and championing enterprise risk management. IT security protects the organisation’s sensitive data and its ability to function.

Cybersecurity leadership goals:

  1. Managing and mitigating overall cyber-related business risks.

  2. Establishing effective governance controls via security frameworks and policies.

  3. Prioritising and resourcing cybersecurity programs.

  4. Safeguarding the sensitive information that the business relies upon.

  5. Establishing a cyber-secure culture within the organisation.

Achieving these goals is a challenge in the continually evolving cyber security space.

Business leaders who are often experienced in finance or enterprise operations are also expected to mitigate risks to the business, and cyber threats are part of this wider picture.

Achieving the goals:

  • Engage with trusted third parties to learn about cyber risks and their mitigations; cybersecurity experts, consultants, industry groups, service providers, educators and trusted sources such as the National Cyber Security Centre (NCSC) and Action Fraud.

  • Implement security frameworks maintained by authoritative entities such as the International Organisation for Standardisation (known internationally as ISO) or the National Institute of Standards and Technology (NIST). These frameworks can be integrated with any organisation, regardless of its size and complexity.

  • Consider accreditation such as Cyber Essentials/Cyber essentials plus to demonstrate to partner companies the organisation’s commitment to cybersecurity.

  • Regularly commission objective risk assessments of the organisation such as internal technical reviews, procedural assessments, audits and pen tests.

  • Prioritise cyber-related risks to ensure appropriate attention and effort is committed to mitigating the risks.

  • Conduct exercises and decision-making drills to familiarise the organisation with how to respond appropriately to disasters and security incidents. Ensuring that the responses are clearly communicated and documented.

  • Consider the benefits of cyber insurance to transfer risk where appropriate.

What is the cost?

Digital assets cannot be protected without both human and technical resources. Expenditure based on protecting what is most important to the organisation and resources allocated accordingly is money and time well spent.

Developing a culture of good cyber hygiene within an organisation is imperative. It’s also important to develop and maintain organisational information security policies and standards, informed by risk assessments, legislation and best practices, whilst ensuring organisational security policies are appropriately implemented and communicated.

Security begins at home

Mitigating risks to yourself and your family is similar to protecting an organisation. Basic cyber safety precautions include:

  • Strong passwords and/or multi-factor authentication

  • Updating devices and installing anti-malware

  • Securing home Wi-Fi by changing default passwords, renaming the SSID and using strong encryption (WPA2)

  • Using encrypted email, checking for HTTPS whilst online, and reviewing the privacy settings of your browser

  • Avoid using public networks unless using VPN technology

  • Use VPN technology when remote working

  • Physically protect devices when out and about and use a privacy screen if working in a public area or on a train

  • Use social media wisely and be aware of all the information you are exposing online


Please report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to

Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.