John Howell

Head of Technology

John Howell is Head of Technology for Headforwards working on both strategy and delivery with clients across a range of sectors. He has 25 years’ experience in technology with eight of these leading a successful travel technology company. In this work he created a travel booking platform handling over £1bn transactions a year, as well as a new virtual card payment product delivering millions of pounds in revenue.


According to the Cyber Security Breaches Survey 2024, half of all UK businesses and around a third of charities (32%) reported cyber security breaches or attacks in the previous 12 months. This is even higher for medium and large businesses (over 70%), and high-income charities (66%). It is estimated the most disruptive breach costs each business over £1,200 on average and medium to large businesses over £10,000.

As technology becomes more specialist so do the Cyber controls needed to keep data safe and secure. It can be overwhelming for businesses to ponder the volume of things that could go wrong and the various chinks in your armour, but taking a pragmatic approach to cyber security can help. 

There’s no one size fits all when it comes to Cyber solutions

The level of threat in terms of size and probability of a cyber attack is different for each organisation. As are the risks that exist within your business.  

Every organisation has a unique technology and data environment which needs to be considered. For example, two organisations could both use the same software or infrastructure products, but how they use it and configure it is likely to be unique. 

Consideration must also be given to the type and value of the data held within the company both to itself, and to hostile actors. Think about how technology is consumed by your customers and employees, your internal capability, your reliance on third parties and how up to date your technology is. This will help in effectively allocating the company’s cyber resources.

Technology and cyber need to be considered together

It might sound obvious, but technology and cyber go hand in hand. You need a depth of understanding of technology to be able to identify what problems exist, the true nature of the threat they present and how to deliver a meaningful solution. 

Cyber needs to cover off the whole spectrum of your technology environment. You need to think about a vast collection of areas which involve different specialities: General Information Security and data security topics such as Confidentiality, Non–Repudiation, and Availability of your data; Networking and Infrastructure Resilience such as Network Protection, Endpoint Server and Gateway Protection, Threat Management; the security of the individual applications within your estate; and traditional Identity and Access Management. 

Our Cyber Assessment provides an expert review of your entire estate and leaves our clients with a set of guidelines to enable leaders to allocate resources effectively

such as hardware, software, different types of licencing or increasing the capacity of sysadmin or cyber security teams. The goal is to leave businesses in a state that manages security while retaining efficiency, functionality and affordability. 

Cyber Security needs a pragmatic approach

The problem with cyber is that it can be overwhelming. The mere scale of the potential risks can be dizzying, and so you really have to come back to an approach grounded in pragmatism. 

Especially if you are a smaller organisation, your budget and resources for managing cyber and technology will be limited. It can be easy to prioritise fixing things that would be extremely damaging, but which are also extremely unlikely. Focusing on risks which are more likely to occur and can cause problems for your organisation can be a better use of precious resources. 

Invest in Cyber Security

It’s vital for a company to know where their high-value data is stored, to identify what might attract cybercriminals and to be honest with itself about security gaps and potential risks.

Ensure that you have well-defined processes and procedures in place that support your existing processes rather than getting in the way of them.

Finally, invest in cyber security. Areas such as staff training are crucial to mitigate cyber threats. The most exploitable part of your IT systems are often your employees that use them, yet it’s common to find people who can’t spell “phishing”, let alone recognise it.

Headforwards™ is a Registered Trade Mark of Headforwards Solutions Ltd.
Registered Address: FibreHub, Trevenson Lane, Pool, Redruth, Cornwall, TR15 3GF, UK
Registered in England and Wales: 07576641 | VAT Registration Number: GB111315770