The Big Interview: Scottish Business Resilience Centre chief executive Mandy Haeburn-Little
The acknowledgement, which followed the news that she would be standing down from the post in August, praised her “sterling work and inspirational leadership” under which the SBRC had undergone “a complete transformation, establishing itself as a hub of innovation and business improvement”.
She was understandably pleased with such recognition. “It was just so unexpected – I was hugely, hugely touched,” she enthuses, keen to highlight the partnerships and people who backed her vision.
Having arrived at the non-profit organisation in 2011, she believes that while it has been a great privilege to have worked at it, “there comes a time when you need to think about whether it’s the right time for other people to come through – and I think it is that [for me]. “I’ve always done what I can to encourage other people’s skills.”
Her departure comes at what she sees as a timely moment in the centre’s evolution, but also as she is increasingly called on to take to elsewhere in the UK and beyond the SBRC’s “really dynamic” cyber-crime prevention model that has been praised for its marriage of business and law enforcement.
“In order to do that well – and I think actually it will spread internationally – I need to step back now from the day to day.”
The SBRC started out as the Scottish Business Crime Centre in 1996, and was renamed in 2013 to reflect its broader remit. It is bankrolled by private and public partners including the police, the Scottish Government, the Scottish Fire and Rescue Service, and various business investors and members.
The organisation has also been tapping into academia, harnessing the expertise of ethical hackers at Abertay University – in a move that has, she says, been highly successful.
“It’s meant that businesses that otherwise wouldn’t have access to state-of-the-art innovation have been able to have those students with them and it’s also helped to pay the students through university.... That model attracts a lot of attention,” she explains.
Furthermore, it was announced in November that the university was to lead a new £11.7 million project to create a cybersecurity research and development centre, run with SBRC, as part of the Tay Cities Deal.
The “cyberQuarter” was billed as being a cluster of academic and industry activity, with Haeburn-Little at the time saying the investment would benefit every citizen in Scotland.
Further milestones on SBRC’s path under her guidance include its relocation after 18-plus years in Stirling to “showpiece” headquarters at the Oracle Campus in Linlithgow.
The step, supported by Scottish Enterprise, was announced in February, and seen as enabling SBRC to extend its current remit and gain capacity to grow. It also meant the centre sharing space with key partner Police Scotland, and being handily close to offices of ScotlandIS, the trade body for Scotland’s digital economy.
The SBRC, whose members include Royal Bank of Scotland, Standard Life Aberdeen, several credit unions, KPMG and Diageo, is working to respond to the growing cyber threat that has crept up the agenda both on the corporate and consumer side.
A study published in April spanning more than 5,400 organisations across seven countries found that 61 per cent reported one or more attacks in the previous year, up from 45 per cent in the preceding 12 months.
The report from insurer Hiscox also revealed that in relation to cyber-readiness, few organisations had “expert” status, while about three-quarters were ranked as unprepared “novices”.
Haeburn-Little sees that the biggest remaining cyber risk is down to people, adding that a great deal could be prevented with better guidance. Those seeking to cause harm “don’t have to go through an audit committee or any sign-off,” she points out. “If they see the opportunity to create a new fraud, a new scam, they’ll just do it – they act absolutely immediately”.
It’s a case of “making sure that while the bad guys work around the clock, so do the good guys”.
Haeburn-Little’s work at SBRC has seen her help with the creation of the London Digital Security Centre, a joint venture between the Mayor of London, the Metropolitan Police Service, and the City of London Police, and based on the Scottish organisation’s model.
Also emulating the latter is the Manchester Digital Security Centre, with Haeburn-Little helping the city’s police force with its development. The facility is described as set to “protect communities, promote economic growth and overall safety in the city”.
Scotland very much punches above its weight in this cyber security field, but despite its rich history of innovation, it characteristically still hides its achievements under a bushel, Haeburn-Little adds. “It’s almost as if Scotland creates a marketplace that everybody else values more than we do… I know from taking the centre to London and the work I’m doing in Manchester, that actually the work that we’re progressing now with policing is really state of the art,” she continues. The SBRC approach is also being taken up in Yorkshire, and there are several other requests from overseas.
“Everybody wants the model, so for me it’s about thinking about Scotland and saying, ‘we have fantastic activity, we have the ability to work directly with the private and public sector’ – for me that’s been a huge driver.”
Scotland has an advantage in its relative ease in getting government, policing, technology, and academia round the table, she adds. The much larger scale on offer elsewhere provides a “huge, huge market”.
After her departure, Haeburn-Little’s duties are to be split between the current chief operations officer Lynsae Tulloch and Eamonn Keane, who resigned from Police Scotland to become the centre’s first full-time head of cyber security and innovation. Social enterprise and public safety specialist Chris Thewlis has also recently been appointed to SBRC’s policy board.
Haeburn-Little has said that she intends to be a consultant on business resilience, and aims to still do contract work with SBRC through her ethical hackers. She also expects no interruption in the organisation’s work as it changes leadership structure.
Before joining the SBRC her jobs included being head of customer services and communications for Edinburgh Trams, and running her own business advising on topics including business turnarounds and reputational risk analysis.
In the last few years, she has rekindled her hobby of painting (“it’s a complete relaxation to me”), reflecting the fact that she had originally wanted to go to art school. After mulling a career as an interpreter, she spent the early years of her career in radio.
“I loved interviewing and broadcasting, and was hugely privileged to be part of a team that won four Sony awards… If I got my chance again I would probably go back to investigative reporting or running a chat show.” Asked who she would like to interview, she said she would like to give greater attention to entrepreneurs.
Another forum for such attention is the SBRC-hosted Scottish Cyber Awards, which this year take place in November, and has previously honoured the likes of insider threat specialist ZoneFox (which was bought last year by cyber security giant Fortinet).
“I see that very much as my crusading role, drawing attention to other people’s successes and other people’s brilliance,” says Haeburn-Little.
A passionate advocate of fostering digital skills, especially among females – she believes that rather than scare businesses into action regarding cyber security, the strategy should be to nurture basic knowledge so that people don’t get caught out by scammers.
And as for where she would like Scotland to rank in cyber security in, say, five years, her target is unsurprisingly, “really, really high up, and I hope that the work that I do leading on from this will help with that.
“I’m expecting to see that network of cyber centres grow in the next five years… I’m not going away, and I look forward to continuing to raise the flag for innovation and entrepreneurship.”