Episode 84

full
Published on:

12th Nov 2025

How to Build Effective & Affordable Cyber Defences for SMEs

How can small and medium businesses protect themselves from cyber threats without spending a fortune or just ticking boxes for compliance?

Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I’m Jim and in this episode, we’re taking a look into the challenges faced by SMEs on the journey through cybersecurity compliance and insurance.

I’m joined by Lewis Lockwood from Incursion and Josh X of Capsule, who bring experience from the front lines of offensive security and insurance broking. Together, we tackle the misconception that security is prohibitively expensive and explore how smart strategies can strengthen your defences without breaking the bank.

Summary

We tackle a topic at the heart of SME cybersecurity struggles - from box-ticking compliance to negotiating cyber insurance and surviving data breaches. Lewis Lockwood explains why Cyber Essentials is more than a paperwork exercise and how agility can be a secret weapon for smaller companies. Josh X talks about the realities of selling cyber insurance to resource-stretched businesses, the importance of aligning insurance with actual security posture and the real risks hidden even in smaller businesses.

Whether you’re a founder, IT manager or just curious about how attackers think, you’ll get practical advice, cautionary tales and actionable steps you can take today.

Key Talking Points 

  • Cyber Essentials as Practical Defence, Not Just Compliance Learn why basic frameworks like Cyber Essentials shield SMEs from common attacks, offering affordable, actionable protection that goes well beyond box-ticking.
  • How Insurance and Security Must Work Together Discover the realities of cyber insurance for small businesses, including why your security posture affects premiums and claims, and what actually happens if you’re hit by ransomware or invoice fraud.
  • Learning from Real-World Breaches and SME Pitfalls Hear first hand stories about high profile incidents, negotiation tactics with threat actors and how even a local florist or butcher can be targeted. Understand why continuous education, simple security controls and the right insurance mix can prevent both financial disaster and sleepless nights.

Tune in for a conversation that’s honest, insightful and practical - with takeaways you can put into action immediately, no matter your company size.

On the security of key documentation: 

“Where are you storing your insurance documents? If someone wants to get into your network, the easiest thing to do is to look at their insurance documents and be like, okay, they've got a million pound limit, let me ask for £2 mil.”

Josh X, Capsule


Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


In this episode, we covered the following topics:

  • Cybersecurity Cost Perceptions Why the belief that security is prohibitively expensive for SMEs is misleading and what actually drives costs.
  • The Role of Cyber Essentials How Cyber Essentials provides a practical, affordable security baseline for small and medium businesses without breaking the bank.
  • Insurance as a Safety Net Why cyber insurance can't replace proper security measures and how to understand its role as a last resort, not a first line of defence.
  • SME Agility in Security How smaller organisations can use their size as an advantage to quickly implement fixes and adapt to security recommendations compared to larger enterprises.
  • Rise in Cyber Insurance Adoption What's driving growing awareness and uptake of cyber insurance among SMEs and why certain sectors are slower to adopt.
  • Practical Security Measures Simple, cost-effective steps SMEs can take to drastically reduce risk, including patching, access control and MFA.
  • Fraud and Social Engineering Threats Real-world attack scenarios targeting SMEs, from invoice fraud to phishing, and why user awareness matters more than you think.
  • Incident Response and Business Impact The wider consequences of a cyber incident beyond financial loss, including operational disruption, PR crises, regulatory fines and personal liability for directors.
  • Insurance Document Security Why you need to secure your insurance documentation and how attackers use policy details to calibrate ransom demands.
  • The Value of Security Accreditation How frameworks like ISO 27001 and Cyber Essentials can lower your insurance premiums and deliver tangible business benefits beyond compliance.


Resources Mentioned 


Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.


LinkedIn: Razorthorn Security

YouTube: Razorthorn Security

TikTok: Razorwire Podcast

Instagram: Razorwire Podcast

Twitter:   @RazorThornLTD

Website: www.razorthorn.com


All rights reserved. © Razorthorn Security LTD 2025

All Episodes Previous Episode

Listen for free

Show artwork for Razorwire Cyber Security Insights

About the Podcast

Razorwire Cyber Security Insights
Real conversations helping cybersecurity professionals sharpen their insights, strategy & leadership skills.
Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge.

Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends.

Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement.

Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development.

James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cybersecurity risks effectively while strengthening resilience.

The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it.

For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.