Here’s a question for you to think about.
It’s 4.45pm on a Friday, and you’re getting ready to go home from your Ipswich office. A team member skims an email that looks like it’s from Microsoft, clicks a link… and the stomach drops as they belatedly recognise that it’s not a genuine email.
What do you think would happen next?
Would your team member hide it and hope for the best, fearing they’ll be reprimanded or punished? Or do they feel safe flagging it within a couple of minutes so your IT support team can contain it rather than let it cause chaos over the weekend?
That single moment could decide whether you have a minor scare or a full-blown breach that costs thousands and damages your reputation.
Phishing is still the #1 way attackers get into IT systems, and it’s getting harder than ever to stop
“Just over four in ten businesses (43%) and three in ten charities (30%) reported having experienced any kind of cybersecurity breach or attack in the last 12 months…Of businesses or charities that experienced a breach or attack in the last 12 months, phishing attacks remain the most prevalent and disruptive type of breach or attack (experienced by 85% of businesses and 86% of charities).”
Source: Cyber Security Breaches Survey 2025, commissioned by the Department for Science, Innovation and Technology (DSIT) and the Home Office, 19 June 2025
It’s time that we read this as a clear warning, not a boring statistic.
Phishing scams remain the most significant cybersecurity risk for businesses, leading to data breaches.
Once upon a time, it was easy to spot a dodgy email. Signs such as spelling mistakes, grammatical errors, and even poor branding made it clear that an email was fake.
But now, the game has changed significantly, and the hackers are winning.
Attackers are using AI to craft highly convincing, personalised messages that look and feel legitimate. They can easily mimic local suppliers or real colleagues, making it almost impossible to spot the fakes from the real thing.
And that’s where the problems start.
From that very first click, the clock begins to tick.
For every minute that you’re unaware that they’re inside your system, they are stealing your data, locking your files, and threatening your reputation. That’s why speed matters. And speed depends on culture. If your team feels safe to speak up, you contain the damage. If they don’t, you could be facing downtime, fines, and lost trust before Monday morning.
That’s why quick action and company culture are essential when tackling cyberattacks and data breaches.
A negative reporting culture could make employees scared to admit they’ve risked a breach.
A negative reporting culture in the office doesn’t just create awkward conversations and unhappy staff; it directly puts your business at risk. When employees are scared to admit that they’ve made a mistake, they are more likely to hide the issue from the people who need to know: your IT department.
For every second they delay reporting, your hackers have more time to cause more chaos.
Last summer, it was reported that a 158-year-old company was put out of business (and 700 employees were left jobless) after hackers guessed a weak password, gained access to the system, and shut it down.
In this scenario, from the CEO’s comments after the event, the employee may not have known that their password was the cause of the problems. But it does highlight how precarious our businesses are, hinging on one person’s password or ability to spot a scam.
That’s why it’s so important to be honest about whether your staff can genuinely admit to mistakes.
If you think they might hide an issue because of potential consequences, your HR team has a serious problem on its hands.
Why positive reinforcement works (especially for hybrid teams)
Since the pandemic, hybrid working has proven to be here to stay for businesses across Ipswich, Colchester, Felixstowe, and throughout Essex. It’s flexible and productive, and it’s what employees want from their bosses.
But hybrid working is far riskier because when staff switch between office and home networks, policies slip, and mistakes happen. Every home network can become a potential entry point to your IT system.
That’s why it’s crucial to have a positive environment with a non-punitive culture. It means businesses can turn potential near misses into learning moments rather than disasters.
Your SLTs can feel confident that you have a confident team, not a fearful one.
And there are other compliance benefits as well.
Under GDPR, you have just 72 hours to report a personal data breach. The ICO expects clear internal processes, which is why a culture that encourages fast reporting could save you from hefty fines and sleepless nights.
HR and IT departments need to become a power duo.
If you read our previous blog article “Who Should Take Ownership of Your Cybersecurity Strategy?”, you’ll know that we’ve long advocated for cybersecurity to be a team activity, not an individual technical responsibility.
That’s because we recognise that cybersecurity is a people problem.
And when you tackle the people part of data breaches, it becomes easier to manage the technical improvements.
That’s why HR departments and IT teams need to work together because if they work in siloes, cracks can appear, and hackers can slip through those gaps.
We believe that HR teams set the tone for culture, but without IT’s technical support, those policies are just words. IT might be responsible for MFA and data backups, but without HR’s influence, staff may ignore alerts or hide mistakes.
But that could, and should, change with collaborative working.
- HR teams can create a zero-blame culture. They can adapt policy language, recognise and reward early reporting and create a psychologically safe workplace.
- In turn, IT teams (whether you have an internal IT manager or outsource your IT support to us) can set up the specific technical safeguards that you need.
This is where compliance turns into resilience.
You get confidence.
You get a good night’s sleep.
But most of all, you get a business that can bounce back from near misses without breaking a sweat.
Nothing feels better than knowing your IT is protected and your people feel safe to speak up.
In Suffolk and Essex, where business thrives on trust and reputation, that confidence isn’t optional. It’s what keeps customers loyal and your operations running smoothly.
Positive reinforcement and collaboration aren’t just nice ideas; they’re proven growth strategies.
When HR and IT join forces, you get faster reporting, fewer breaches, and a culture that protects your bottom line.
It’s time to bring your HR team into the cybersecurity loop. Let’s set up a time to collaborate and map out quick wins that protect your IT system and your people.
