Cyber Insiders: Sarah Dyer-Hall on the Risk of Underestimating the Value of Cybersecurity

In this episode of Cyber Insiders, we talk to Sarah-Dyer Hall, the Director of Digital Data and Technology at Drinkaware, about the charity’s cybersecurity journey and the potential repercussions of underestimating the importance and scope of cyber resilience.

Sarah is responsible for Drinkaware’s digital data and technology work streams, including the Drinkaware website, applications, tools, SEO and Digital Innovation. Prior to joining Drinkaware, Sarah held similar high-level roles at other charities including Relate and Beatbullying.

In the age of digital-first businesses, Sarah is a strong advocate for prioritising cybersecurity, no matter the size, industry or the stage of its cyber maturity. “Even if you’re a small organisation and think you’re an unlikely target for a hacker, you’re probably wrong. Hackers have all sorts of motivations, and the data you hold is valuable to them. You cannot underestimate your organisation’s risk or the far-reaching impact of a cyber-attack,” she explains.

Although a relatively small organisation, Drinkaware has a massive reach and handles large volumes of Personally Identifiable Information (PII) on a daily basis. With its various user facing website tools and apps, Sarah was keenly aware of the importance of securing the organisation’s digital estate.

“Our website is basically the front door. If you think about it as a house, we’ve got our digital drinking assessment tools, our mobile app, our shop, chatbots, and various other things…a big data breach would put a massive hole in our brand. We’ve worked hard to build trust and integrity into our brand, but that would get wiped out overnight if an incident occurred that compromised customer data. Reputational damage could lead to less traffic to the website, less usage of our tools, which would mean we might not be able to meet our outcomes as a charity. On top of that, our services are used by some of the most vulnerable people in society and that would affect their ability to trust us.”

Reputational damage is only one of the many fallouts of an attack. Sarah explains that in previous roles where significant internal data breaches occurred, it took months of internal sources to resolve the incident and get back to business as usual.

“For digital-first businesses, the knock-on effect on day-to-day organisational activities could be severe. You need to consider that it could lead to you ending up in a place where you can’t actually continue to operate,” she says.

When it comes to implementing a cybersecurity plan, Sarah recommends that organisations don’t fall into the trap of taking a whack-a-mole approach. Rather than running around trying to haphazardly fix problems, organisations should take a holistic approach to their digital environment.

Cybersecurity is not a solo undertaking, she says. “Try to work with your colleagues as much as possible. You need investment and buy-in from the people you’re working with. You’ve got to show them the value of cyber resilience and back that up with evidence…this data can also help map out your policies and determine what security activities you need to implement e.g., regular safety audits, mandatory software updates, and frequent pen tests.”

With a solid cyber resilience framework and pragmatic approach to strengthening cybersecurity posture, businesses can start prioritising the work that will drive value to the business and deliver measurable outcomes.

Listen to the full podcast here to hear more from Sarah about the value of cybersecurity and how finding the right security partner can find a balance between risk and innovation.