A conversation with John Holland, Information Security Manager:
- Cyber security can sometimes feel like an IT issue, but we often hear that it’s everyone’s responsibility. Why is that?
Cyber resilience is about much more than technology. Every person in the business plays a part in protecting our information, our clients and each other. The strongest technical controls in the world can still be undermined by a simple mistake, so building awareness and encouraging good habits is just as important as the systems we put in place.
Ultimately, cyber security works best when it’s part of our culture. Our resilience depends on informed people, strong processes and security being woven into how we work every day.
- The cyber landscape is constantly changing. How does Booth Welsh stay ahead of emerging threats?
Cyber security is never something you can tick off a list and move on from. New threats emerge every day, which means we’re continually reviewing our systems, learning from industry best practice and working closely with trusted partners who help us stay informed.
That collaborative approach means we can combine external expertise with our own engineering knowledge to make informed decisions and strengthen our security over time.
- Booth Welsh holds accreditations including ISO 27001, Cyber Essentials and Cyber Essentials Plus. What do these mean for our people and our clients?
These accreditations demonstrate that we have robust processes and controls in place to protect information and manage cyber risks.
For our clients, they provide confidence that we’re working to recognised industry standards. Internally, they give us a strong framework to build upon, but they’re only part of the story. Real resilience comes from maintaining those standards every day and continually looking for ways to improve.
- New technologies, including AI, are becoming part of everyday working life. How do we encourage innovation while keeping security front of mind?
Innovation and security should go hand in hand. We want people to embrace new technologies where they can add value, but it’s important that they’re used responsibly.
That’s why we invest in awareness, guidance and training, helping colleagues understand both the opportunities and the risks. When people understand why certain controls exist, they’re far more confident making informed decisions.
- Our C.A.R.E.S. values run through everything we do. How do they shape our approach to cyber resilience?
They really do underpin everything.
Collaboration helps us learn from trusted partners and from one another. Ambition drives us to keep improving rather than becoming complacent. Resilience is about preparing for challenges before they happen. Empowerment means giving everyone the knowledge and confidence to make good decisions. And Stewardship reminds us that we’re responsible for protecting our people, our clients and the reputation we’ve built together.
Cyber resilience isn’t separate from our culture; it’s an extension of it.
- What are some of the simplest things every colleague can do to help keep Booth Welsh secure?
Small actions make a huge difference. Staying alert to suspicious emails, using strong passwords, protecting sensitive information, following our policies and asking questions if something doesn’t feel right all help reduce risk.
Cyber resilience isn’t about expecting everyone to be security experts. It’s about creating good habits and encouraging people to speak up whenever they’re unsure.
- Finally, if there’s one message you’d like everyone at Booth Welsh to take away about cyber resilience, what would it be?
Cyber resilience isn’t the responsibility of one team; it’s something we all contribute to every day.
Every good decision, every question asked and every safe habit helps protect not only our business, but also our clients, colleagues and the trust we’ve built over many years. When everyone plays their part, we become a much stronger and more resilient organisation together.