Your Brighton Business and Cyber Security in 2026: What’s Actually Worth Worrying About

Cyber security can feel overwhelming and, if it’s not been in the headlines recently, easy to ignore. New threats, new acronyms, and then when it does hit the headlines, it’s not always easy to know what to pay attention to. Especially if IT isn’t your day job. Here’s what I’d genuinely prioritise if I were running a small- to medium-sized business in Brighton or Sussex right now.

Your employees are probably sharing company data with AI tools

Is there anyone anywhere who’s not talking about AI now? A recent report by security firm LayerX found that 77% of employees who use AI tools like ChatGPT are copying and pasting data into their queries. More than one in five are pasting personally identifiable or payment card information.1

I’m not for a second suggesting that AI tools should be banned. I believe generative AI tools genuinely help people do their jobs better. The problem comes when staff use personal, unmanaged accounts to access AI tools. When people do this, you and/or your IT department have no visibility into what is being shared. Once data leaves your owned environment, you lose all control over it. Tools like Microsoft Copilot let your team benefit from AI within your existing secure environment, keeping your data yours. If you’ve not had that conversation with your IT provider yet, it’s worth having.

The same principle applies to online file conversion tools. Uploading a confidential document to a random website to convert it to a PDF is something people can do without thinking but it carries real risk. Microsoft 365 can handle most of what people use these tools for, so again it’s worth plugging any gaps with something approved and secure.

Human error and having a failsafe for the mistakes that slip through

Around 95% of security breaches involve human error2, a stat which follows on from what we’ve just covered. It's not necessarily because people are malicious or careless; it could just as easily be caused innocently by someone who hasn’t been shown what

to look out for. It could be a convincing phishing email, a weak password or even a file shared with the wrong person that results in a cyber security breach for your business.

Good cyber security training is what helps here. Modern platforms use realistic phishing simulations and short interactive modules rather than dreary tick-box exercises that send people to sleep or try and click-through at rocket speed. A proper cyber security programme can reduce your chances of a security incident by up to 70%3 - not a bad ROI, all things considered.

Of course, training reduces the risk but doesn’t eliminate it. People will still occasionally click the wrong thing and even if they don’t, modern cyber threats are constantly evolving. Should the worst happen, you want something in place to catch any incidents quickly. This is where MDR and XDR are worth understanding (even if the acronyms aren’t all that inviting).

XDR (Extended Detection and Response) monitors your entire IT environment together rather than looking at devices in isolation. It watches endpoints, networks, cloud services and email as one picture, which means suspicious activity that looks innocent in one place becomes a clear red flag in context.

MDR (Managed Detection and Response) adds human expertise on top: real life human people (security professionals) monitor your systems around the clock, interpreting alerts and acting on them. For a small business without in-house IT security, it’s a powerful safety net.

Your Microsoft 365 environment could need more attention than it’s getting

Many businesses are aware that running on Microsoft 365 is central to their operations. What some don’t realise is that keeping it secure isn’t a one-time job but an ongoing process.

Microsoft releases security updates, new features and policy changes on a near-monthly basis and sometimes even more frequently if they’re responding to emerging threats. These don’t apply themselves automatically as some changes can affect how the software behaves for end users and need to be configured carefully. Falling behind means your environment drifts away from best practice without any obvious warning signs until it’s too late.

Microsoft’s own Secure Score tool gives you a measure of how well your 365 tenant is configured against their recommendations. It’s worth knowing yours so you can spot where the gaps are. Actions like enabling multi-factor authentication (MFA), which alone blocks many account compromise attacks, can make an immediate and significant difference to that score – and to your defences against cyber-attacks.

Don’t forget to back-up

If ransomware hits and encrypts your files, the difference between a serious but recoverable situation and a business-threatening one often comes down to whether you have recent usable backups in place. Some businesses assume Microsoft 365 automatically backs up everything immediately and forever, which it doesn’t. It’s worth making sure you're comfortable with what's backed up and what isn't.

Where to start

Even though this is just the start, I do get that it can still seem a lot. My honest priority order for local businesses would be:

1) Get MFA switched on

2) Make sure your team knows what a phishing attempt looks like

3) Check your backups

4) Review your Microsoft 365 security configuration

None of the above necessarily requires huge budgets, just some time, attention, and the right IT support around you.

Russell Walker is Managing Director of AJT Managed IT Services, a Brighton-based IT support company supporting local businesses across Sussex. Find out more here.

This is part of a new series we’re running with Chamber members, picking out different experts working in the areas of business you most frequently ask us for advice or expertise on. Keep your eyes peeled for more installments on finance, marketing, sales, productivity and more.

If you want to contribute to the Chamber blog, contact us on hannah@brightonchamber.co.uk