Cybersecurity slipping down your to-do list...You’re not alone
If cybersecurity keeps slipping down your to-do list, or has fallen off entirely, you’re not alone.
In recent conversations we’ve had with firms of all sizes, we’ve seen business leaders focus on hitting year-end targets for revenue, hiring, and team stability. The problem is that hackers aren’t taking a break just because you’re busy.
The trends are clear. When attention drifts, security posture declines. During and shortly after the pandemic, organisations made strong gains, rolling out remote work protections, MFA, and proactively protecting what took place on user devices. However, since last year, those gains have been eroding. The industry average Microsoft Secure Score peaked just under 50% in August 2024 and has been sliding into the high 40s ever since and looks like it’s going to continue to decline.
Control drift, staff turnover, new apps, technology sprawl, AI distractions, and a “set-and-forget” mindset are leading to security decays due to a lack of routine care.
What Good Looks Like (and Why 75% Matters)
Microsoft Secure Score is a practical, board-friendly measure of security across identity, devices, apps, and data. It’s not perfect, but it’s clear and friendly management teams, regardless of whether they have a technical background.
For most SMEs, a Secure Score of around 75% is a realistic target. It’s high enough to prevent common attacks, including phishing, legacy authentication, and misconfigurations, without crippling productivity. It’s also easy to explain to executives and auditors.
What You Can Do Now
1. Run a quick baseline. Check your Secure Score and tackle the top three low-impact recommendations. If MFA is on the list, act immediately!
2. Pick a framework. Consider NIST CSF, Cyber Essentials, or ACS, which all provide concrete controls (don’t worry if you don’t know what these are. Drop me a message and let me know where you are based in the world and I can let you know the best certification for your region).
3. Commit to a cadence. Schedule quarterly security reviews now and treat them like board meetings. One step better is to include a standing agenda for cyber in your Board agenda and nominate ownership to someone in the team.
4. Outsource where needed. Specialist partners can accelerate audits, cyber improvements, email security, and awareness programs to keep your security posture from drifting.
--------------------------------------------------------
Our Annual Cybersecurity Playbook
To make security maintenance achievable, we recommend a quarterly rhythm that compounds small wins into big outcomes:
Q1: Foundation & Governance
Q2: Cyber Improvements & Human Risk
Q3: Resilience & Visibility
Q4: Response, Assurance & Supply Chain
We’ve packaged this into a one-pager and a short slide deck your team (and Board) will actually read.
If you want, send us an email to hello@buchanantechnology.asia and we’ll send you the details.
--------------------------------------------------------
We hope this acts as a friendly reminder. If you have any questions or we can help with anything, please feel free to reach out.
We look forward to working with you, and if you’re not yet a client, please check out our website to see how we can help you to improve productivity, manage costs and reduce your risks with cost effective cyber security support.
We hope this acts as a friendly reminder. If you have any questions or we can help with anything, please feel free to reach out.
We look forward to working with you, and if you’re not yet a client, please check out our website to see how we can help you to improve productivity, manage costs and reduce your risks with cost effective cyber security support.
