Cyber skills are now a business essential, not a technical optional extra. EMCSC founder and director Dr Ismini Vasileiou reflects on the East Midlands Cyber Summit to show why the real foundations of cyber resilience are people, culture and collaboration – not just software and firewalls. 

Through real-world incident scenarios and practical examples, she argues that every employee has a role in protecting their organisation, and explains how De Montfort University is helping businesses move beyond tick-box awareness to embedded, confidence-building capability.

Last week at the East Midlands Cyber Summit, I had the privilege of welcoming businesses to De Montfort University to discuss one urgent question: how do we strengthen our region’s collective cyber resilience?

What struck me most throughout the day was not just the scale of the threat. It was the consistent theme that cyber security is, at its core, a people and culture issue: leadership, decision-making, and day-to-day behaviours.

We heard first-hand how a single password compromise escalated into a serious organisational incident. Nationally, around four in ten businesses experience a breach or attack. In our region, many SMEs are scaling fast while running lean teams – which makes practical, embedded capability more essential. We discussed the reality that insurance may offset financial loss, but it does not repair operational disruption or reputational damage.

But perhaps the most powerful message that resonated with delegates was this: cyber security is not the responsibility of the IT department alone.

The weakest link is not technology

In our panel discussions and workshops, we returned again and again to the importance of culture. Technology controls are critical, but they are only effective when the people using them understand the risk.

In our hands-on tabletop exercise with Collective Security, business leaders worked through a live cyber incident scenario involving a compromised supplier. What became clear very quickly was that resilience depends on communication, awareness and shared accountability across the organisation.

Cyber safety is everyone’s role.

When employees understand how attacks happen, how to identify risk and how to respond, businesses become significantly more resilient. Without that understanding, even the strongest technical systems can be undermined.

Awareness doesn’t change outcomes. Embedded capability does.

One of the recurring reflections from delegates was how accessible the learning felt when grounded in real experience. The keynote walkthrough of a breach was described as an eye opener precisely because it was relatable. It reflected operational reality.

This is why cyber skills training must go beyond compliance modules or annual awareness sessions.

Effective cyber capability means:

• Leaders who understand their strategic responsibilities
• Managers who can assess supplier and operational risk
• Teams who can recognise and report threats confidently
• Organisations that build a culture of collective responsibility

This is not about fear. It is about confidence.

When businesses embed cyber understanding across their workforce, they are better positioned to innovate, adopt new technologies and scale sustainably.

Why collaboration matters

The summit also reinforced something I strongly believe: regional resilience depends on collaboration.

Bringing together businesses, advisers, support organisations and policymakers created a space for open conversation. Delegates connected, shared challenges and discovered the support available through regional networks. That ecosystem approach is exactly what we build through the East Midlands Cyber Security Cluster: trusted routes between SMEs, academia, support providers and policy.

Cyber resilience cannot be solved in isolation. It requires ecosystem thinking.

Continuing the conversation

This April, we will be taking that conversation to The National Cyber Security Show at the NEC in Birmingham.

If the summit demonstrated anything, it is that businesses are ready to engage seriously with cyber capability. The question is how we move from awareness to structured, practical skills development.

At De Montfort University, we work with organisations to develop cyber capability through apprenticeships, executive education, consultancy and collaborative partnerships. Our focus is always the same: applied learning that reflects real business pressures.

If you are attending the show, I invite you to visit us at Stand M37.

Let’s talk about how your organisation can move beyond reactive protection and build the internal capability needed to support growth with confidence.