Vendors love throwing around "InfoSec," "CyberSec," and "IT Security" like they're selling completely different solutions. Half the time it's the same thing with three different price tags. The other half? You're buying protection that doesn't address your actual risks. With 50% of UK small businesses hit by cyber incidents in 2025 and 60% closing within six months of severe data loss, getting this wrong isn't just expensive—it's potentially fatal to your business. Noel Bradford (40+ years wrangling enterprise security at Intel, Disney, and BBC) and Mauven MacLeod (ex-Government Cyber analyst who's seen threats at the national security level) cut through the marketing rubbish to explain what each approach actually does, what they really cost, and which one your business needs right now. No vendor pitch. No corporate speak. Just the brutal truth about what works for UK SMBs. This Episode is Sponsored by Authentrend Special Listener Offer: £40 per FIDO2 security key (regular £45) - Valid until December 22nd, 2025 We only accept sponsorships from companies whose products we already recommend to clients. Authentrend's ATKey series provides FIDO Alliance Level 2 certified, phishing-resistant authentication at competitive pricing. Same cryptographic protection as premium brands, without the premium price tag. Why we're comfortable with this sponsorship: We've been specifying Authentrend keys for UK SMB clients for months because the math works. FIDO2 hardware security keys stop the credential phishing attacks that cause 85% of cyber incidents. At £40-45 per key (two per employee for backup), you're looking at £80-90 per person for protection that actually works. Learn more: authentrend.com What You'll Learn Understanding the Differences What Information Security actually covers (hint: it's not just digital) Why Cybersecurity isn't the same as IT Security (despite what vendors claim) The CIA triad explained without the jargon Real-world examples showing when each approach matters UK Business Reality Current threat landscape: 43% of UK businesses breached in 2025 Why small businesses (10-49 employees) face 50% breach rates Average incident costs: £3,400 (but the real number is much higher) UK GDPR, Data Protection Act 2018, and what actually applies to you What It Actually Costs Starting from scratch: £5,000-£15,000 annually for 10-20 employees Phishing-resistant MFA: £80-90 per employee (one-time, includes backup keys) Cyber Essentials: £300-£500 (your best bang for buck) Managed security services: £300-£450/month realistic pricing When £2,000-£3,500/month managed detection makes sense Free government resources you're probably ignoring Authentication Security Reality Why SMS codes and app-based MFA still get phished How FIDO2 hardware security keys cryptographically prevent credential theft Real cost comparison: £80-90 per employee one-time vs subscription services costing hundreds annually Special offer mentioned in episode: Authentrend keys at £40 until December 22nd Implementation Without the Bullshit Why IT Security basics beat fancy cybersecurity tools every time The five controls that address 90% of UK SMB threats Common mistakes that waste your security budget How to prioritise when you can't afford everything Vendor red flags and what to actually look for Regulatory Requirements Decoded ICO data protection fees: £40-£60/year (mandatory) What "appropriate technical and organisational measures" really means Why recent enforcement shows reprimands over fines for SMBs Insurance requirements and how to reduce premiums How phishing-resistant authentication affects cyber insurance premiums Key Statistics Mentioned 50% of UK small businesses (10-49 employees) experienced cyber incidents in 2025 £3,400 average cost per cyber incident (excluding business impact) 60% of small businesses close within 6 months of serious data loss 85% of cyber incidents involve phishing attacks 43% of all UK businesses experienc