Avanade on Preparing Organizations for a World of Stronger Cybersecurity Expectations

Episode notes

What does the UK’s new Cyber Security and Resilience Bill actually mean for mid-sized businesses that sit quietly inside complex supply chains, often assuming the rules are aimed at someone else? In this episode of Business of Cybersecurity, I sit down with Jason Revill, Global Security Practice Technology Lead at Avanade, to unpack why this legislation represents a genuine shift in how cyber risk will be judged, enforced, and felt across the UK mid-market. While much of the public debate has focused on critical national infrastructure, Jason explains why managed service providers and mid-sized firms are now firmly in scope, particularly those that underpin larger enterprises. Mandatory incident reporting, tougher expectations, and turnover-based penalties are changing cyber resilience from a technical concern into a board-level business issue. We explore why outsourcing cybersecurity no longer reduces accountability, even though nearly half of UK mid-market firms rely on third parties to manage their defenses.