Why lean IT teams must rethink cyber-security
As regulations such as NIS2 and DORA tighten and cyber-attacks grow more sophisticated, mid-sized UK organisations face enterprise-level expectations without enterprise-level resources.
In 2025, a UK-based organisation with about 20 users discovered that its “good enough” security wasn’t nearly enough. The company had relied solely on native Microsoft 365 protection, with managers assuming its small size made it an unlikely target.
They were wrong.
A security incident revealed that attackers had already infiltrated the organisation’s cloud environment, quietly creating suspicious mailbox rules to exfiltrate sensitive data without anyone noticing. Without dedicated security staff to monitor the environment, the breach went undetected until the damage was done.
Related Articles
