Your IT Security Might Be Fine. Your Evidence Probably Isn’t.
A Leeds law firm suffers a data breach.
Not ransomware.
Not hackers.
Just human error.
The firm had good technical security:
- Microsoft 365
- MFA
- Endpoint protection
- IT support
But when the Information Commissioner's Office investigated, the real problem emerged:
There was little evidence of governance, oversight, and ongoing management.
Because regulators increasingly want proof that risks were being actively managed before something went wrong.
Not assumptions.
Not “our IT company handles that.”
Evidence.
We explore the full hypothetical scenario in our latest article on Where Is Your Proof?:
