Encrisoft
← Back to blog

The businesses most likely to be attacked are the least able to afford protection

Board Notes
The businesses most likely to be attacked are the least able to afford protection

For a few years, my job was making sure billions moved without anything going wrong. The companies that need that kind of protection most are the ones who can never afford it. Here is what we are doing about it.

For a few years, part of my job was making sure billions of dollars moved without anything going wrong.

When you work on systems like that, security is not a feature you bolt on at the end. It is the floor everything else stands on. One mistake and real people lose real money, fast, and there is no undo button. So I learned, up close and a little nervously, what good security actually takes. The tools. The people. The constant watching.

And I learned something that has bothered me ever since: almost nobody can afford it.

The companies that get the best protection are the ones that already have money, staff, and a security team on the payroll. The corner shop does not. The twelve-person startup does not. The local accountancy firm, the small charity, the family business running its whole operation off three laptops and a shared inbox, they get none of it. They run on hope.

And here is the cruel part. Those are exactly the businesses an attacker finds easiest to hit. The people most likely to get hacked are the ones who can least afford to be. It is the security version of needing money to borrow money, and it has never sat right with me.

That gap has been around for years. Now it is about to get worse, because the rules are changing.

New UK cyber regulation is going to expect more businesses, and the suppliers they work with, to spot security incidents, deal with them, and report them quickly. Honestly, that is fair. The threats are real and they are getting cheaper to launch by the month. But it means a whole wave of ordinary companies are about to be told they need the defences of a security team, with no realistic way to hire one. Hope was already a bad security strategy. Soon it will not even be a legal one.

So here is the thing that changed, and the reason I am spending my life on this right now.

For the first time, software can genuinely do a real share of the work a security analyst does. I do not mean a chatbot that answers questions about security. I mean something that actually watches your systems, notices when something is wrong, responds when it goes wrong, and keeps the records, while you stay firmly in control of how far it is allowed to go.

That is what we are building at Encrisoft, and we call it Enara. The simplest way I can put it: a security team you switch on, instead of one you hire. It is live today inside our first product, and it is going to get a lot more capable from here.

I am not going to pretend we have it all figured out. We are early. Small team, a couple of paying customers who took a chance on us, and a to-do list that would make you laugh. But the thing we are aiming at feels more right than almost anything I have worked on: take the protection that today only the big players can afford, and hand it to everyone else.

I am going to use this space to think out loud. What we are learning as we build, where I think security is actually heading, and the odd opinion other people would rather not say in public. No press-release voice. Just the view from inside the work.

If you run a small company and this stuff quietly keeps you up at night, you are exactly who we are doing this for.

Stick around.

Share this article