top of page

Under the Spotlight: 3B Data Security's Keith Cottenden answers our questions

Welcome to our Spotlight Feature on our Cyber Essentials Partners as they talk about the virtues of good cyber security and the importance of Cyber Essentials and Cyber Essentials+. Beneath the spotlight in this episode is Keith Cottenden of 3B Data Security.


Our Cyber Essentials Partners are official providers of Cyber Essentials and Cyber Essentials Plus Certification.


Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security which can often become a requirement when tendering for work in both public and private sectors.


Cyber Essentials is a simple but effective Government-backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.


3B Data Security are one of 11 companies that we have partnered with who are official IASME certification bodies. Certification bodies are specially trained cyber security companies licensed and assured by IASME to offer assessment and certification to cyber security standards such as Cyber Essentials.


Today, we point the spotlight on 3B Data Security, a specialist Cyber Security organisation with extensive experience in Cyber Incident Response, ISO 27001, Cyber Essentials & PCI DSS Compliance, Security Training, Penetration Testing, Forensic Investigations, Data Breach Management and much more.


Here's what Director of Operations Keith Cottenden had to say when we put him under the spotlight...

 

1. First of all, let’s do introductions. Tell us who you are and a little bit about your role within your business

"I’m Keith Cottenden, the Director of Operations at 3B Data Security. My role focuses on managing the delivery of our services and ensuring our clients receive the support they need to stay secure and compliant. I work closely with our team of expert consultants, ensuring we provide effective solutions to our clients."

2. What, in a nutshell, does your business do? And how do you help people/clients?

"At 3B Data Security, we specialise in providing a comprehensive range of cyber security services, from protecting businesses against threats to helping them recover from incidents and ensuring compliance with industry standards. Our goal is to act as a trusted partner, helping clients protect their data, navigate complex security challenges, and build cyber resilience."

3. Why would a business come to you for help, and how would you help them?

"Businesses come to us because they value our team's extensive experience and expertise. Our staff are highly experienced, bringing decades of hands-on knowledge to the table. We hold multiple industry accreditations and certifications, demonstrating our commitment to delivering high-quality, reliable services. Whether it’s managing cyber risks, responding to incidents, or achieving compliance, we provide tailored, trusted solutions that help protect and strengthen our clients’ businesses."

4. What, in your view, are the biggest cyber threats to companies right now?

"Some of the biggest cyber threats to companies right now include ransomware, phishing, supply chain attacks, and insider threats. Ransomware continues to be one of the biggest threats due to its high profitability for attackers, often crippling businesses until payments are made. Phishing has proven time and time again to be effective in exploiting human error, a weakness no security system can fully eliminate. Supply chain attacks are increasingly targeted because compromising a single vendor can have widespread impacts, affecting multiple organisations. "Insider threats, both malicious and accidental, are particularly challenging because they involve trusted individuals who already have access to sensitive systems and data. These threats are so significant because they exploit systemic vulnerabilities, human behaviours, and the way businesses are so closely connected."

5. Given how rapidly cyber security threats emerge and change, it can be hard for companies to keep up. What message do you have for businesses that are looking to boost their cyber resilience but are struggling to know how and where to begin? What role can achieving Cyber Essentials have in this?

"The key is to focus on building strong foundations. Begin with a clear understanding of your risks and priorities and implement basic yet critical measures such as secure passwords, software updates, and staff training. Cyber Essentials is an excellent starting point - it provides a framework for essential security practices that protect against common threats. "By achieving Cyber Essentials certification, businesses not only improve their cyber hygiene, but also demonstrate their commitment to security to customers and partners. From there, they can implement more advanced measures suited to their organisation’s requirements."

6. A lot of people consider cyber security to be rather complex. Just how difficult is it for businesses to boost their resilience to online crime?

"Boosting cyber resilience doesn’t have to be overly complex. While some aspects of cyber security require technical expertise, many effective measures are straightforward and accessible to most businesses. Simple steps like keeping software up to date, using strong passwords, training staff to recognise threats, and adopting frameworks like Cyber Essentials can significantly reduce risks. For more complex challenges, working with a trusted cyber security partner can provide guidance and implement solutions that fit the business's needs. It’s about starting with the basics and building from there."

7. Where should cyber security rank on a company’s list of priorities?

"Cyber security should be a top priority for any company, as it directly impacts business continuity, customer trust, and compliance with legal and regulatory requirements. As we see far too often, a security breach can result in financial losses, reputational damage, and operational disruption. By making cyber security a central focus, businesses can protect their assets, maintain trust with clients, and stay ahead of evolving threats. It’s not just an IT issue, it’s a critical business concern."

8. Why do you think some companies are reluctant to invest in cyber security?

"Some companies may hesitate to invest in cyber security due to a lack of understanding about the risks or a belief that they aren’t likely targets. Others may view it as a cost rather than an investment, prioritising short-term savings over long-term protection. "There’s also the misconception that basic measures are enough, or that insurance alone can mitigate the impact of an attack. In reality, cyber threats affect businesses of all sizes, and the cost of a breach - both financial and reputational - far outweighs the investment needed to prevent it."

9. Arguably the most challenging element of cyber crime is the fact that threats are constantly evolving. Do you find it hard to keep up?

"While it’s true that cyber threats are constantly evolving, staying ahead is part of what we do. Our team is dedicated to continuous learning, monitoring emerging trends, and adapting our strategies to meet new challenges. By staying connected with industry bodies, achieving certifications, and staying up-to-date with industry news and trends, we ensure we’re always prepared to address the latest threats. It’s a challenge, but one we embrace to keep our clients secure."

10. You work closely with the East Midlands Cyber Resilience Centre as a Cyber Essentials Partner. What are the benefits to businesses to signing up to the free community membership that they offer?

"Joining the CRC’s free community membership provides businesses with access to valuable support, resources, and guidance to improve their cyber security. It’s an excellent way for organisations to gain practical advice, stay informed about emerging threats, and build their resilience with the help of trusted experts."

Thanks to Keith for imparting such in-depth knowledge and understanding. To see all of our Cyber Essentials Partners, visit: Cyber Essentials Partners | East Midlands Cyber Resilience Centre.


To learn more about Cyber Essentials and Cyber Essentials+, visit: Cyber Essentials | East Midlands Cyber Resilience Centre


To visit 3B Data Security's website go to: 3B Data Security.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


 
 
 

Comments

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page