Newsletter

Every CEO knows that cyber security matters. But when we talk to business leaders in the field, they can be a bit vague about CISOs and why they might be necessary. The feeling seems to be, ‘We’ve already got an IT person,’ as if that’s enough. 

Sometimes it is. And often it isn’t. We’re not in the business of selling unnecessary services, but we are in the business of helping CEOs make informed decisions. Especially since, according to government data, SMEs are among the least protected businesses. 

With that in mind, what does a fractional CISO actually do for a mid-sized business? 

1. Build your cyber strategy.  A fractional CISO will create the roadmap for what to protect and how to protect it – without overengineering or overspending. 
2. Translate cyber risk into business risk.  They will cut through the technical noise to communicate the potential commercial, operational, and reputational impact. 
3. Lead incident response. You’ll have a plan for before, during, and after a breach, minimising the expense and the disruption to the business. 
4. Ensure compliance. They will ensure you’re not blindsided by an audit or a fine.  
5. Take care of the techie stuff. A fractional CISO oversees the tech, freeing up the Board to focus on business goals. 
6. Mentor the security team. They will prepare your IT team to handle these issues on their own, so you’re not reliant on one person. 
7. Strengthen resilience, not just prevention. A secure business is one that can detect, respond to, and recover from incidents, not just try to prevent them. 

There are additional advantages to a robust cyber security strategy. For one, it affects valuation – anyone looking to invest in your business will take a very close look at your security profile.  

And in several cases, we’ve seen accreditation like Cyber Essentials and ISO 27001 lead to more business for clients. It seems that people prefer to work with companies whom they know take their security seriously. 

If you’d like to sense-check how prepared your business really is, we’ve pulled together a practical set of questions every CEO should be asking their IT team. It’s a quick read, but it can help highlight gaps and spark the right conversations: Top 10 cyber security questions to ask your IT team or supplier.

We hope the above sheds some light on the issue. If you’ve got further questions about fractional security leadership – or anything else IT-related – do contact us for a no-pressure conversation. We’d be happy to help. 

Legacy systems create ambiguity and paralysis – businesses become locked into them in a kind of Stockholm Syndrome. Breaking away feels too hard. 

But legacy systems can often be made to work well, sometimes relatively easily. To provide more clarity, we went back to our experts to ask how a CEO knows when it is absolutely necessary to invest in newer systems – like it or not. 

1. No more support. When you’re no longer getting updates, security patches, or technical support, your team may tell you they can limp along, but this is an intolerable risk for your business. Tell your team to find support or begin the process to replace the system rather than wait for a catastrophe. 
2. Staff are alienated. If the interface isn’t modern and intuitive, or workarounds are becoming onerous, or simple expansion is difficult, then the old system may be having an insidious and damaging effect. If attracting and retaining top talent is a strategic issue for your business, then providing a first-class systems and tech experience is part of the remedy.  
3. Systems can’t talk to each other. If the gap between the legacy system and your other systems has become an intolerable source of wasted time and effort, then it’s time to move on. An isolated issue may be a sensible compromise, but an obsolete system that holds everything else in its death grip has to be replaced.  
4. Too much specialised knowledge. We often come across situations where there’s just one person in the back who knows the system – and they’re eyeing their pension. Or a business invested in bespoke software and the sole person who knows it well has moved on. If the systems can’t be managed by several people or an external partner, it’s a risk that needs to be addressed before it becomes a crisis. 
5. AI is out of the question. If AI and other modern initiatives are made impossible by the legacy system, it’s time to take it to the tip. 

Old doesn’t always mean useless. But it’s critical to know when it does. If you want help sorting it out, consider booking an IT assessment for growth. It’s an expert discussion about how your specific systems may or may not be supporting your business goals.

A legacy is usually a good thing, especially if it comes from a rich uncle. A legacy system, however, is often a hindrance.  

Startups are uncluttered by the past and are lean enough to pivot. Enterprises can afford upgrades. But mid-sized businesses are sometimes in the middle – dragged down by legacy systems, yet unable to function without them. 

The real question is knowing when a system moves from a manageable compromise to a genuine business constraint. We’ve polled our experts to find out when a business leader might wait another quarter or year, or when it’s time to move on.  

Is growth disproportionately complicated? If launching products, onboarding customers, or adapting to changing markets is too expensive or too slow, then it’s time to turn the page. The drain may affect the bottom line, or it may just quietly strangle the efforts of your best people.  

Have you stopped trusting your data? Are different departments keeping their own numbers, are simple reports becoming difficult, or has ‘just in time’ routinely become ‘just too late?’ When underlying system data is no longer trusted, then the system is the issue. 

Are expenses escalating? If you’re spending to force other systems and processes to work around the current legacy, or training people in outdated ways of working, then you’re already feeding a black hole. And if replacing the system will be more expensive next year, then it’s time to upgrade. 

Are you anticipating exit? If so, the due diligence process will factor in at least double the expected expense of upgrading technology. Put simply, it is far cheaper to replace legacy rather than allow the buyer to reduce their valuation. 

Are you exposed to security threats? Old systems are frequently the target for attacks. If the vendor no longer provides security updates, you’re vulnerable, and your accreditations may be invalid. Complicated legacies are undoubtedly the source of cyber breaches, and the effects can be catastrophic. 

If you want help working through these questions, you might schedule an IT assessment for growth. It’s basically a meaningful discussion about how your systems may or may not be supporting your business goals.  

You’re also welcome to simply ask us a question or schedule a no-pressure chat. 

Either way, we hope your legacies bring the good kind of surprises. 

We love digital transformation, dramatic tech changes to bring about dramatic business improvements. But real innovation is impossible without doing some of the boring stuff first. Your IT plans should also include the simple tactics that can make a real difference, especially in a challenging business environment. 

Perhaps these steps will not make other CEOs seethe with envy. But they will help your business run better and pave the way for more dramatic improvements.  

1. Use what you’ve got to its full potential. Review your IT-related contracts, including your MSP and support agreements, to see if you’re paying too much. Or perhaps they’re not providing agreed-upon services. Is your business using the systems you already have to their full potential? Quite often we see unused functionality, especially in ERP or CRM systems. 
2. Are you paying for things you don’t need? Do your people need Slack, Teams, and Zoom? Are they using the tools they have bought, or do you even have multiple subscriptions to the same SaaS? Aside from bleeding funds, they create security issues.  
3. Automate time- and energy-wasting tasks. Where are the bottlenecks or manual workarounds that create frustration for your people? And, as above, are you already paying for something that can do away with these issues?  
4. Fix the long-standing issues. Legacy ways of working, badly integrated systems, messy data, unclear user permissions, inconsistent backups – these problems can float around for years and will hinder any move towards real transformation. Are people doing things this way because they always have? 

Small things matter. Simple wins create enthusiasm and can make big changes easier. A series of incremental evolutions can have a revolutionary effect. 

If you’re looking for a practical way to understand how AI can support your business growth, join our upcoming webinar. Our experts will share real insights on how organisations are using AI to improve efficiency, innovation and decision-making. Register here: AI for business growth: masterclass for CEOs.

It’s a strange time in the UK for mid-sized businesses. The ONS reports that the market is ‘broadly stable.’ We’re hearing some positivity as well, mainly that many businesses are hiring, and there is strong demand for AI and system streamlining initiatives. 

At the same time, unemployment is up, taxes and salary demands are up, and UK energy is shockingly expensive. Perhaps due to these contradictory signals, there’s simply a lot of uncertainty in the market, which is why many CEOs are asking us if they can do more with that they have. 

In most cases, the answer is that you most certainly can. A few ideas for doing more with less: 

• Use data to allow you to delegate. Directors of SMEs tend to control every aspect of the operation, often because they have the clearest view of what’s going on. But your own people will have untapped strengths, and often they’re dying to step up and help out. If you can provide them with the information and guardrails about decision-making, they can take tasks from your desk so you can re-focus on growing your business.  
• Prioritise. In uncertain times, internal clarity is a strategy. It’s simple, it’s useful, and it doesn’t have to eat up a lot of time. Go back to your business goals and then be ruthless about pruning whatever distracts you and your people from reaching them. Ensure your IT budgets and resources are focused on what matters to your customers and what makes your business competitive.  
• Lead by example. Foster a culture of openness with better communication, especially when it comes to your business goals. Also, consider cyber security – if leaders don’t walk the walk, neither will the rest of the team. If you’re not following best practices, how can you expect your people to? Most breaches are the result of poor culture and leadership, not technical errors. 
• Re-evaluate existing tools. If you’re already got ERP, are you using it to its fullest potential? Are there aspects of SaaS subscriptions you’re not taking advantage of? Are users properly trained and aware of how to make the most out of their systems? What can you do with the AI tools you already have? And don’t forget to delegate finding these answers! 
• And re-evaluate systems and processes. Does your current technology provide a platform for growth? Or is it a source of operational friction and wasted time? Where can you dismantle barriers to growth without investing in more technology? Are there any redundant or little-used systems you can do away with for quick wins? 

One final thought is that this is a process, and you don’t have to take it on yourself. One CEO we work with blocks out twenty minutes a day simply to investigate these questions with team leaders so that they’re thinking about doing more with less as well.  

If you’re looking for a practical way to understand how AI can support your business growth, join our upcoming webinar. Our experts will share real insights on how organisations are using AI to improve efficiency, innovation and decision-making. Register here: AI for business growth: masterclass for CEOs.

Either way, as ever, we’re always ready for a no-pressure chat about your business goals and how to reach them.  

When you talk to CEOs of mid-sized businesses, you tend to notice certain trends. One is that the mid-market sector remains the most interesting and dynamic in the UK. And another, paradoxically, is that many mid-sized businesses still haven’t quite figured out AI.  

In fact, across the sectors we work with, the same mistakes keep reappearing. We’ve outlined the six biggest AI issues we keep seeing in the field: 

1. Starting with the tool, not the business challenge. Teams adopt AI platforms before they are clear on what business challenge they are trying to solve. In other words, the question should not be, ‘What do we do with Gemini?’ Instead, it’s, ‘What problems are we facing, and what AI tools may solve them?’ 
2. Treating pilots as a strategy. Pilot programmes are, of course, how you test solutions. But they’re not the same thing as a considered AI strategy – one that looks at what tools you already have, your business and its objectives, what problems the tools may solve, and how to scale those that work. 
3. Underestimating data, exception, and integration complexity. The difference between pilots and the real world is complexity. Misunderstanding how the AI will work in the messiness of real businesses is where things can go wrong. Processes, systems, data and real-world exceptions need to be addressed before embarking on AI. And it will help in so many other areas of your business as well as giving AI firm foundations. 
4. Failing to assign clear ownership and resources. Again, as with any other project, AI will fail unless it’s absolutely clear who has ownership, and that that person has the resources and focus they need to deliver. Somebody has to be accountable, and everybody has to know who that person is! 
5. Letting hype drive decision-making. Salespeople are really good at instilling FOMO. And many of the bigger consultancies will have you assume that AI works for everyone, everywhere. Don’t rush into AI without a clear idea of its purpose and how you’ll measure ROI. 
6. Safety and security. Using tools legally, securely, and ethically is not simple, and it doesn’t happen by itself. You don’t want a shelf full of irrelevant policies, but you do need to know that your business assets are secure, you are not breaking the law, and your use of AI fits with the way you want to do business. 

So how can business leaders keep clear of these mishaps? One answer is with unbiased IT leadership – a CIO, CTO, or CAIO who (a) understands the tech and commercial aspects of mid-market AI implementations and (b) makes no external deals, so they always do what’s best for your business. 

If any of this rings a bell, may I recommend our AI readiness assessment. It’s a half-day workshop that provides a clear picture of your AI readiness and how it can solve problems for your business. If you’re interested, let me know and I’ll connect you with your Regional Director.  Or, as ever, you’re welcome to schedule a more casual conversation in the strictest confidence. We’d be delighted to hear about your concerns – or better yet what you’re doing right

You already know that acquiring a client is significantly more expensive than retaining one. And yet many businesses don’t realise a client is unhappy until the termination notice arrives.  

The signals may already have been there – in the number or tone of support conversations, a shift in payment patterns, or the transcript of an annual review – but no person in the business actually connected the dots. 

So how might mid-sized businesses use AI to recognise unhappy clients before it’s too late? 

• Sentiment analysis. Mid-sized businesses can run meeting transcripts through AI to identify ‘sentiment triggers’ – perhaps when a client sounds more tentative than they did six months ago. AI can flag this subtle shift and escalate the issue to the right people. 
• Early warning systems.  CFOs can use AI to monitor payment trends. A sudden change in behaviour may signal waning interest – again, this can be escalated to someone senior enough to rescue the situation. 
• Product coverage. Our clients are using AI to sift through large numbers of their engagements to make sure they frequently nurture and renew their existing relationships. Perhaps they need to re-assess which products and services they are providing; perhaps they need to reprice, cross-sell, or upsell. Often customers move on because a competitor provides something you could have – but didn’t.   

What’s also interesting is that mid-sized businesses most likely already have the data they need for these insights. And it doesn’t require expensive investments in more products – it’s possible to find the ‘silent signals’ with tools already available in your Microsoft or Google ecosystem.  

The upshot is that, once again, AI doesn’t replace humans. In this case, it can just help you to listen better to the needs of your clients. 

If you’d like some help getting started on these insights – and other AI initiatives – we invite you to book an AI assessment for mid-sized businesses. It’s a half-day workshop that provides a clear picture of your readiness to take advantage of AI. 

Book your AI assessment 

We’ll also be covering these topics and more in our webinar next month – watch your inbox for the invite. And in the meantime, we’re always happy to answer your questions; simply write me back, we’ll set up a no-pressure chat. 

In our previous newsletter, we discussed how important it is to have a senior business minded tech leader on your team when you’re venturing into M&A or any transaction.

This time, we’d like to share more specific examples of how our own experts have saved clients from stress and wasted time before, during, and after a transaction.

An IT roadmap to prevent years of futile projects

The commercial thesis for an acquisition depended upon merging processes across the group. But we saw that the actual tech stacks were incompatible. We suggested a hybrid integration plan, allowing the commercial plan to proceed without costly rewrites. The business might have wasted years had we not been involved.

When tech due diligence doesn’t happen

An acquisition went through, and Freeman Clarke was called in to help the buyer with the integration process. We found that the seller’s core product was built on Microsoft technology scheduled for retirement, and the buyer’s unplanned replacement approached what they paid for the acquisition. Apparently, the accountancy group leading due diligence lacked the expertise to spot the technical problems.

Obscured by the cloud

For a business looking to be acquired, the M&A advisors had promoted cloud migration for deep savings. But they didn’t understand the technical realities. Our own assessment showed cloud storage would double existing expenditures, even if you ignored the complexity of the migration. We were able to re frame the narrative for the seller around stability and predictability, and that cloud migration was not important for the next potential buyer.

Revealing barriers to entry

A buyer planned to acquire a company in a regulated industry to cross sell its existing products. But the advisors lacked the tech skills to spot compliance gaps. We identified the regulatory frameworks and quantified the numbers upfront. The acquisition went ahead anyway, with clarity on the buyer side.

The moral of these examples is to have an IT expert involved as early as possible. For a deeper discussion on the role of technology in M&A, you can now watch the recording of our M&A and Exit Masterclass. It is a sixty minute session with our panel of experts that brings a clearer understanding of how tech can genuinely make or break strategic exits and high value deals.

M&A and Exit Masterclass
Watch the recording

As ever, this session is shared in the strictest confidence. Viewing is private, and no identifying information is captured.

And if any questions come up beforehand, you’re welcome to contact us for a no pressure conversation, also in the strictest confidence.

At some point, every CEO will consider acquiring another business, or seek external investors, or look to sell. Each situation is different, but in every case business-led tech advice is critical, and yet often neglected. 

Our focus is to help make your business as attractive and valuable as possible – or to understand the real risks and implications of your planned acquisition. 
 
For example, on the sell side, we may be involved months ahead to fix issues that a buyer will use to chip your business’s value. Or when it comes to the SPA, we advise on issues like GDPR, license, intellectual property, and data warranties. 
 
Of course, lawyers are important, but without guidance from senior technical experts they may produce swathes of irrelevant and generic legalese (at no small expense!).
 
On the acquisition side, we often help assess a business during the early stages of a transaction – making sure the tech allows the buyer to hit the ground running or simply to kick the tyres on the integration plan. 
 
Accountants, lawyers, or due-diligence experts may raise long lists of red-flags which don’t actually matter – in the SME or mid-market, any business will have weaknesses. In some cases, red flags are really opportunities for the buyer to make simple improvements and create value quickly.
 
These are just a few specific examples. For a more in-depth discussion on the role of IT and tech in M&A, we recommend our upcoming M&A and exit masterclass.
 
It’s sixty minutes with our panel of experts that will bring you a better understanding of how tech can make or break strategic exits and high-value deals. 
 
M&A and exit masterclass. Watch the recording
 
We do understand these issues can be delicate for a CEO. Which is why your registration will remain private, and no identifying information will appear during the webinar.
 
You’re also welcome to contact us for a no-pressure chat, also in the strictest confidence.
 
Either way, wishing you a prosperous 2026. 

Next year, don’t add more promises to an already over-leveraged portfolio of commitments. Instead, consider how you’d treat a company under pressure: surface some non-negotiable priorities, resource them properly, and foreclose on the rest.

We recommend shifting from resolutions to priorities because an unachieved resolution creates a sense of failure. Focusing on priorities helps you to remember what’s truly important whilst allowing for flexibility – especially in times of uncertainty.
 
Business and technology change, but perhaps these three are always priorities: 
 
Keep your people happy. Nothing is more important than having the right team around you. Are you doing everything possible to create an environment where the right people can enjoy their work? When staff have to do tedious workarounds, and it continues year after year, they’re more likely to vote with their feet. Show your people you value them by making their jobs easier and investing in systems, processes, and tech.
 
Look after yourself. The term ‘self-care’ can suggest incense and chanting, but taking care of yourself – and those around you – must be a priority. You simply can’t run up a business when you and your leadership team are run down. Eat well, rest and exercise. Have a word with yourself. 
 
Plan for the worst. The evidence shows that an average company is affected by a calamity every three to five years. It may be a cyber breach, or a weather event, or something completely out of the blue, but something will happen. Make your continuity plans are ready and make regular reviews and exercises part of the annual routine. Knowing that you are prepared to handle disasters gives everyone more confidence to press ahead. 
 
One last point: if you want to make your priorities stick, they need to be other peoples’ priorities as well. Create your list, commit yourself, and communicate it widely and often.
 
As ever, we’re always happy to have a no-strings conversation about helping with your priorities, or anything else IT-related. Wishing you a safe and prosperous 2026, and that you stay on top of your key goals.