Nobody's immune to cybercrime, at the end of the day we hear lots of cases of very large organisations, very publicised, because they tend to be the regulated industries, and you hear a lot about them being subject to cybercrime. But actually even the small owner managed businesses are at risk, for example a local owner managed hairdressers was subject to a ransom ware attack and actually what we are saying is that businesses right across the spectrum are at risk.
What we're still finding is that there still seems to be a lack of a culture and businesses of people actually reporting cybercrime events so there still needs to be a lot of educational awareness around actually. If you've been subject to a cybercrime you need to report that as a breach because ultimately that's the only way an organisation can really determine how much of a target they are on what defences they need to have in place. What we are seeing is where organisations have got that culture, actually they've got better defences in place now because they've done something to protect themselves.
A really important part of a cyber strategy is actually having an incident management process in place and actually when we look across our client base and when we look across the market and some of the conversations that we're having with organisations, again very sector agnostic, what we're finding is actually it's that incident management piece that's missing. So whilst organisations are starting to think about cyber in a different way actually the incident management piece and how we will deal with the breach is still very much a last thought.