Business leaders, SME owners, and professionals from across the West Midlands gathered at the National Motorcycle Museum for the second Solihull Cyber Advice Network (SCAN) Business Resilience 2026 event — a collaborative cyber security awareness initiative designed to help local organisations understand the rapidly evolving cyber risks facing businesses in 2026 and beyond.
Hosted by Discus Systems PLC, and supported by the West Midlands Cyber Resilience Centre and leading cyber security specialists, the event brought together practical advice, real-world stories, and actionable guidance specifically aimed at SMEs and business decision-makers — not just IT professionals.
The day opened with breakfast networking and refreshments before attendees were welcomed by Cassandra Campbell, who reinforced the purpose of SCAN: helping businesses understand that cyber resilience is now a commercial, operational, and reputational issue — not simply an IT problem.
West Midlands Police & WMCRC: “Cyber Security is a Business Responsibility”
The first keynote session was delivered by Nicholas Kluger-Langer from the West Midlands Cyber Resilience Centre, supported by the West Midlands Police cyber resilience programme.
Nicholas highlighted:
- Cyber crime cost UK businesses approximately £28 billion in 2024
- UK businesses face a new cyber attack every 39 seconds
- Around 80% of cyber attacks now begin within supply chains
A major theme of the presentation was that cyber security can no longer sit solely with the IT department.
Instead, Nicholas stressed that:
- Boards, directors and business owners must understand cyber risk
- Staff awareness remains critically low
- Businesses need recovery plans as well as preventative controls
One particularly striking statistic showed that only 18% of employees currently receive cyber awareness training, despite around 90% of attacks beginning with phishing emails.
Attendees also learned about the WMCRC Cyber PATH programme, which supports SMEs with:
- Security awareness training
- Microsoft 365 reviews
- Vulnerability assessments
- Business continuity reviews
- Cyber policy guidance
“Scaring is Caring” — Real-World Cyber Threats Explained
Francis West from Security Everywhere followed with one of the event’s most interactive sessions, exploring the very real human impact of cyber crime.
Through demonstrations, audience participation, and real-world examples, Francis covered:
- Phishing scams
- Domain spoofing
- Password theft
- AI-assisted fraud
- Ransomware attacks
- Dark web data exposure
He challenged several dangerous myths still common among SMEs:
- “We’re too small to be targeted”
- “Everything is in the cloud so we’re safe”
- “We use Macs and iPhones so we’re protected”
The session also highlighted how AI is now helping criminals create convincing phishing attacks in flawless English, making traditional “spot the spelling mistake” advice increasingly outdated.
Practical takeaways included:
- Enable MFA on WhatsApp and business applications
- Review linked devices regularly
- Check compromised passwords on phones
- Protect email domains using SPF, DKIM and DMARC
- Monitor whether company credentials appear in known breaches
Following a networking break, attendees returned for the second half of the event.
Cyber Essentials: Why the Basics Still Matter
Neil Smith from ReformIT delivered a highly practical session focused on Cyber Essentials and why simple cyber hygiene still prevents the majority of attacks.
Neil explained:
- More than 600,000 cyber attacks were reported by UK businesses in 2025
- Businesses are attacked approximately every 44 seconds
- Cyber Essentials helps protect organisations against around 80% of common attacks
The presentation also explored the stricter Cyber Essentials changes introduced in April 2026, particularly around:
- Patching
- Vulnerability management
- Network scope
- Unsupported software
Key advice included:
- Install updates within 14 days
- Use MFA everywhere possible
- Avoid using admin accounts daily
- Maintain an asset register
- Create formal onboarding and offboarding procedures
A recurring message throughout Neil’s presentation was that attackers are often exploiting very basic weaknesses rather than carrying out sophisticated attacks.
More Practical Security Advice From Francis West
Francis West returned for a second session focused on practical steps businesses can take immediately to reduce cyber risk.
Topics included:
- Mobile phone security
- Password management
- SIM swap fraud
- Dark web monitoring
- Email spoofing protection
- Secure Wi-Fi practices
- Cyber insurance and incident planning
Attendees were also introduced to practical resources including:
- HaveIBeenPwned
- NCSC email security checks
- UK fraud reporting services
- Scam website checking tools
The session reinforced that layered security and staff awareness are now essential, particularly as AI accelerates the scale and sophistication of attacks.
Cyber Threats in 2026: SMEs are Prime Targets
Following the lunch break, Tom Streatfield from Brigantia delivered a forward-looking session exploring the cyber threat landscape facing SMEs in 2026.
Tom explained how attackers increasingly target smaller organisations because many still:
- Lack dedicated cyber security staff
- Use outdated systems
- Have inconsistent patching
- Operate with weak passwords or shared accounts
- Have poor or untested backups
The presentation explored:
- AI-generated phishing
- Deepfake scams
- Business Email Compromise (BEC)
- Ransomware-as-a-Service
- DNS-level attacks
- 24/7 monitoring and response
Tom also highlighted how cyber security is now influencing:
- Insurance applications
- Tender opportunities
- Supplier due diligence
- Regulatory compliance
One of the most practical sections of the day was Tom’s “Top 5 Things You Can Do This Week”:
- Turn on MFA
- Keep systems updated
- Remove unused user accounts
- Test backups properly
- Deliver phishing awareness refreshers to staff
AI, Ransomware & Microsoft 365 Risks Under the Spotlight
The final technical session was delivered by Matt Frye from Hornetsecurity, focusing on how AI is accelerating phishing, ransomware, and Microsoft 365 attacks.
Matt shared statistics showing that:
- Hornetsecurity blocks around 7 billion phishing attempts per month
- Up to 2 billion suspicious URLs are analysed monthly
- Phishing remains the most common attack method globally
The session explored:
- AI-generated phishing attacks
- Phishing kits openly sold online
- Hidden Microsoft 365 sharing risks
- Excessive permissions within SharePoint
- AI-generated ransomware code
- Governance challenges around Copilot and AI adoption
Matt also highlighted proposed future legislation around ransomware reporting and restrictions on ransom payments, reinforcing why organisations must focus on resilience, recovery planning, and visibility.
Collaboration, Networking & Business Resilience
The event closed with final remarks from Cassandra Campbell and Damien Biddulph of the Discus team, thanking attendees, speakers, and supporting organisations for helping strengthen cyber resilience across the local business community.
Guests then continued networking over a delicious hot lunch, with many discussions centred around supplier security, Cyber Essentials, AI risks, and how businesses can better support one another in an increasingly complex digital landscape.
A recurring theme throughout the day was simple but powerful:
Cyber resilience is no longer optional.
For SMEs, it is now directly linked to operational continuity, reputation, insurance, compliance, customer trust, and long-term business growth.
For more information about future SCAN events and cyber resilience support: