"I'm not a technology person - but that's exactly why you should listen to me about cyber security."
That is how David Pollock, Executive Chairman at CyberLab, opens his conversation on cyber risk. It is a deliberate provocation, but it cuts straight to the issue. Most UK business leaders are not technologists. They are decision makers. And because cyber security can feel like a technical specialism, it drifts to the IT team’s desk rather than staying firmly on the board agenda. That has to change.
In a recent two-part Q&A, David sat down with CyberLab Sales Director Adam Myers to share what 30 years of building and leading businesses has taught him about cyber risk. His view is direct: cyber security is the single biggest threat to everything a leader has spent their career building.
Cyber Security is Your Number One Risk
One in five businesses that get hacked can go out of business. David does not treat that as a vendor statistic – it sits at number one on his personal risk register. He said…
“If you’re a chief exec running any company and cyber security is not number one on your risk list, you’re in danger of losing your job and, more importantly, losing the jobs of all your people,” he says.
The DSIT Cyber Security Breaches Survey consistently shows that a significant proportion of UK businesses experience a cyber attack or breach each year, yet many still treat it as an IT matter rather than a board priority. David’s message is unambiguous: that cannot be the approach.
Cyber security belongs on the board agenda every single month. If it is not there, the organisation is carrying a risk that could end it.
C-Suite Leaders Are the Target
Here is the uncomfortable reality. Senior leaders are among the most attractive targets for cyber criminals. They are busy, carry high authority, and face a constant volume of communications. That combination makes them easier to deceive than most people realise.
David knows this from personal experience. He was targeted with a phishing email designed to look like a post-Christmas party message from his own team. He clicked it.
“I was on the phone immediately going, ‘they’ve got me’,” he recalls. “And they went, ‘don’t worry, we’ve got three layers of security, we can protect you’.”
Two things stand out in that story. First, anyone can be caught – including the chairman. Second, transparency mattered. David reported it immediately, and because the right layered defences were already in place, the damage was contained.
The lesson is not that leaders should feel embarrassed by their vulnerability. It is that they need to build organisations where people feel safe enough to own a mistake quickly, and where the technical defences are deep enough to protect them when they do.
Our Services Protect You
CyberLab supports 1,200+ UK organisations with their cyber security strategy – from Cyber Essentials certification through to advanced threat detection.
A Great Place to Work is a More Secure One
This is the most distinctive insight from David’s conversations with Adam, and it deserves more attention than it typically gets: building a great workplace and building a secure one are connected.
David has spent his career creating environments where people genuinely want to work. His businesses have featured in the Best Companies to Work For top 100 for 17 years, reaching number one. His philosophy is straightforward: love your people, and they will love your customers.
That same principle shapes how employees respond to security. In an organisation where people feel valued and trusted, they are more likely to report a suspicious email, flag an anomaly, or own a mistake before it escalates. In one where they feel undervalued, they are more likely to stay quiet and hope for the best.
“In every person there’s a great person dying to get out. What you have to do as a business leader is open that door to them being great.”
That applies directly to your security culture. Engaged employees are more alert, more willing to ask questions, and faster to act when something feels off.
Security Awareness Training is Your First Line of Defence
Human error sits behind the vast majority of cyber breaches. Security awareness training exists to reduce that exposure – but only when it is taken seriously.
“It is the first line of defence in protecting your organisation, teaching your people not to get caught. We all get caught. But the more you’re trained, the better your defences become.”
The difference between organisations that do security awareness well and those that treat it as a box-ticking exercise almost always comes down to the tone set at the top. When a CEO treats it as a genuine priority, the culture follows.
Where to Start
For a business leader who feels out of their depth when cyber security comes up, David’s advice is practical and accessible.
“I’d be going on to Claude or OpenAI and saying, ‘what is my biggest risk and how can I protect my business?'” And I’d be looking at the Microsoft stack. There’s a load of security opportunities in there for you to enable. You should be switching them on.”
Most organisations already pay for Microsoft 365. A significant proportion of the security controls built into that platform go unused. CyberLab’s M365 Security Assessment identifies which controls are active, which are not, and where the gaps sit – giving leaders a clear, cost-effective starting point for strengthening their position.
For non-technical board members who want a broader grounding, the NCSC Board Toolkit frames cyber risk in plain language and is a free resource worth bookmarking.
How CyberLab Supports Business Leaders on Cyber Security
We support 1,200+ UK organisations with their cyber security strategy, from foundational controls through to advanced threat detection.
- Our security awareness and social engineering programmes are built to change behaviour, not satisfy compliance checklists.
- Our M365 Security Assessment identifies what you already have, what you are missing, and where to focus first across the Microsoft stack.
- Our consultancy team works directly with leadership and board teams to frame cyber risk in business language, not technical jargon.
- We are CREST-, CHECK- and NCSC-accredited, with 30+ years of combined expertise and over 1,500 Cyber Essentials and Cyber Essentials Plus certificates issued.
Start the Conversation
Cyber security does not require a technical background. It requires leadership.
If you want a clearer picture of your organisation’s risk exposure – in plain language, without the jargon – CyberLab’s team can help you make sense of it and build a plan that fits your organisation.
CyberLab is a CREST-, CHECK- and NCSC-accredited cyber security partner trusted by 1,200+ UK organisations.