Cyber security can no longer be treated as “an IT thing” – that was the key message from the inaugural East Midlands Cyber Security Summit.

The sold-out event, organised by the East Midlands Cyber Security Cluster (EMCSC) and De Montfort University Leicester (DMU), brought together business leaders, cyber specialists, and regional partners to share insights and practical steps to help organisations stay secure.

The Summit, which featured a day full of cyber security insights from guest speakers’ first-hand experiences and shared learnings, was led by EMCSC founder and director Dr Ismini Vasileiou. She explained that the raft of leading speakers would be working to ‘translate the technical into the actionable’ as well as ‘bridging research and practice’.

“The East Midlands has a diverse and growing digital economy, but too many organisations still underestimate how exposed they are,” DMU Associate Professor, Dr Vasileiou, said.

“Cyber security is not just a technical issue, it is about protecting businesses, people and growth. Today is about giving organisations the knowledge, confidence and practical tools to act before an incident happens, not after.”

Keynote speaker Paul Abbott, former Group Director of KNP Logistics, shared how his 158‑year‑old transport company was forced into administration after a ransomware attack, resulting in the loss of more than 700 jobs. He warned that many organisations still downplay the risk, assuming cyber attacks only happen to larger firms and overlooking simple measures that could significantly reduce their exposure.

Recounting the moment the scale of the crisis became clear, he told delegates: “After a few hours of trying to restore the system, one of the tech guys came to me with a very pale face, saying ‘it’s a ransom attack, we don’t really know what to do’. You know you’re in real trouble then, and that was a sobering moment.”

Paul stressed that board‑level engagement is essential: “The issue is that a lot of board execs don’t want to go into the detail of it, but how can you lead change in the business if you don’t understand the basics?

“Events like this Summit are fantastic, especially when you’re a small business thinking about how you improve security. People often don’t realise there is free support available through cyber resilience networks.”

A panel of experts reinforced the message that cyber security must be treated as a core business issue. Raj Atwal, President of ISACA Central UK, underlined the need for organisations to make cyber a genuine priority, while Jill Broom of TechUK highlighted that companies which invest in cyber security are better positioned to attract and retain clients.

Colin Ellis, Director of the East Midlands Cyber Resilience Centre, warned that weak passwords and a lack of two‑factor authentication remain among the most common causes of breaches – particularly for micro and small businesses that still believe “it will not happen to them”. 

“One of your biggest weaknesses is your email inbox and your CRM system,” he said.

Other expert speakers included Simon Plummer, Director of Information Security at Nottingham-based cyber security partner Collective Security, cyber security author Adrian Davis, Managing Director at Horme Business Services, and  Martin Sadler OBE, an adviser at the University of Bristol and part of the team behind the Government’s Cyber Growth Action Plan.

Delegates heard that practical help is widely available, including free tools and guidance from national and regional cyber bodies, enabling organisations to strengthen their defences before committing to costly technologies. Micro-businesses and SMEs in Leicestershire were among those attending to learn what support is available.

Laura O’Flynn, Operations Manager at Leicester‑based Charity Link, said: “When I first started with Charity Link, one of the board’s objectives was to improve our cyber security. With the board’s backing, they were prepared to invest, and we brought in a new IT partner. The cost benefit analysis showed that if you work with the right people, you do get cost savings. We discovered so many legacy issues and are now training our 21 staff. It has been a fascinating learning curve.”

Geoff Mann, Managing Director of ceramic manufacturer Pure Table Top in Leicester, added: “Coming here today has shown me that we need to be looking at all staff awareness rather than just the IT team.”

The Summit connected organisations with free regional support and tools, highlighted how good cyber practice can protect jobs and growth, and gave SMEs in particular the confidence and direction to take concrete next steps on their cyber resilience journey.

Three takeaways from the East Midlands Cyber Summit

1️. Cyber resilience starts at the top – senior leaders must take ownership – it’s a business responsibility, not just an IT issue.

2️.  Get the basics right – strong asset management, access control, regular patching, secure backups, supplier checks, and incident planning prevent small issues from escalating.

3️. Collaborate to strengthen – regional networks and partnerships to help organisations share knowledge, reduce duplication, and build practical, affordable resilience.