Your Guide

E15b3f8b 5d12 4302 8365 8a2ad10fad01 headshotcopy700k

John Byrne

My name is John and I have over 30 years’ experience as a financial risk assessment expert in the insurance industry. My last role was as Chief Risk Officer of an insurance business that I co-founded at Lloyd’s of London. I am currently co-founder of an InsurTech firm that provides a cyber risk management platform to medium-sized businesses.

Questions? Comments? Email me!

About this course


Discover how to create the first Cyber Resilience Plan for your small business in 30 days without cybersecurity expertise

Learn the 5-Step Framework for Cyber Resilience

Welcome to Surviving Cyber: The Jumpstart Course

Register for the Jumpstart Course

UK Companies - Register Here

The last few years have brought a dramatic increase in cyber risk, and the pace of change is quickening. If compelling evidence was needed of the threat posed by cybercrime, the global ransomware cyberattacks of 2017 (Not Petya and WannaCry) provided it. There were several massive data breaches the following year and every year since then. The pressure for changes in the regulatory environment had been building and culminated in the introduction of the GDPR in 2018 which dramatically changed the data protection legal obligations of all businesses.

Most recently, in 2020, the risk environment deteriorated further when the global pandemic brought enforced and unplanned working from home to millions of workers and dramatically increased cyber risks, both personal and corporate. Ransomware has now reached epidemic proportions and many small businesses have been targeted. Phishing attempts against small companies have grown exponentially with email systems constantly targeted. The consequences of these attacks can be devastating for small businesses.

Many small business owners and managers recognise that their business is now a digital business and that digital transformation has “changed the game” for their businesses. As a result, Cybersecurity, Data Protection, Privacy and Trust are now mainstream business-critical issues and cyber risk is unavoidable.

As we approach 2022, it is increasingly clear that small companies are highly vulnerable to cyberattacks and that all small companies should aspire to become cyber resilient. Resilience is the ability to withstand and survive the inevitable cyber incident when it happens because it really is a matter of “when” and not “if”.

Why do small companies struggle?

It may surprise you to learn that there is widespread agreement on the technology controls that small companies need to implement if they wish to significantly reduce everyday internet-based risks. Given the extremely hostile threat landscape, it might be reasonable to assume that small business owners and managers would prioritise the effort to become cyber resilient. Sadly, that is not the case and many small company owners and managers still struggle with cyber risk. Some of the reasons why are as follows:

  • Lack of resources: small business owners and managers are constrained from managing this risk by a variety of factors, none of which are their fault; lack of time, lack of expertise, lack of financial resources, and a lack of focus on this complex topic when so many other business-critical issues compete for attention, to mention just a few.
  • Lack of understanding: The most limiting factor of this complex and ever-changing area is lack of understanding. Managers cannot manage a risk that they do not understand, and employees will make critical errors if they are not trained. There is also a lack of understanding of the benefits offered by cyber insurance.
  • Lack of a Framework: small business owners and managers have not been given all the pieces of the puzzle packaged in a complete system that’s appropriate and compelling for small businesses.
  • Lack of a Strategy: whatever resources are available to address cyber risk are often directed to ad-hoc IT spending in response to events. They are not the result of a coherent strategy to manage the risk.
  • Lack of Governance: The Board of Directors is responsible to manage all the risks of a business and cyber risk is just one of those risks. Even if day-to-day responsibility for managing this risk is delegated to an employee or a third party, the Board retains ultimate responsibility in company law and owns the problem.

Achieving cyber resilience requires small companies to undertake a journey and that requires a Plan.

Do you need a Plan for Cyber Resilience? 

The owners and managers of all small businesses should be concerned about cyber risk and want to be empowered to manage it. However, the topic is of special relevance to “knowledge-based businesses” because the consequences of a cyber incident are especially grave for these businesses.

This group includes businesses that provide products and services based on their intellectual property and includes firms of accountants, lawyers, insurance brokers, business consultants, financial advisors, architects, engineers, surveyors, and those involved in the medical and IT industries.

These owners and managers run their businesses professionally, however, cyber risk presents an important new challenge for them. The potential financial loss, legal liability, loss of trust and loss of reputation that could result from a cyberattack could be catastrophic for these businesses.

To see if the issue is relevant to you, ask yourself the following questions:

  • Do you worry about the potentially catastrophic impact a cyber-attack could have on your business?
  • Are you a very busy person, time challenged and with limited technology skills?
  • Do you worry that cybersecurity is expensive and have a limited budget to incur the expense of IT experts?
  • Do you worry about the many sources of cyber risk and the types of loss that can result from cyber-attacks?
  • Do you fear the fact that cybercriminals are experts, always ahead of you and that the environment for this complex topic, that you don't fully understand, is constantly evolving?
  • Do you hope that the measures that you have taken to protect your business are enough, but still have a nagging concern?
  • Have you outsourced your IT function to an IT Service Provider in the hope that a third party can take this responsibility for you?
  • Are you beginning to feel pressure from your stakeholders (Board of Directors, customers and/or regulators) to provide evidence of an acceptable cyber posture?
  • Do you want to be able to manage this risk, like any other business risk, without needing to become a cyber expert?

If you have answered 'YES' to any of these questions, you need a Cyber Resilience Plan! If you don’t have a plan in place, read on for a solution that you could apply in your small business.

Register for the Jumpstart Course

UK Companies - Register Here

My experience with cyber risk

First, allow me to introduce myself. My name is John Byrne. I am an entrepreneur, a Chartered Certified Accountant, an insurance practitioner and an ex-banker. I spent the first 28 years of my career in corporate roles with international banking and insurance groups as a financial risk assessment specialist.

For the last 14 years I have been an entrepreneur, during which time, I co-founded an insurance underwriting business at Lloyd's of London, where I was Chief Risk Officer. Since I exited the Lloyd's business in 2015, I have worked on start-up projects, and I am currently co-founder of an InsurTech firm providing a cyber risk management platform to medium-sized businesses.

I have both personal and business experience of cyber risk from my corporate years, my entrepreneurial journey and especially my focus on cyber risk during the last 3 years. I hope that my experience makes me a suitable guide for small business owners in today’s hazardous environment.

In the late 1990s, when cyber insurance first began as an add-on to professional indemnity policies, I was an underwriter at one of the leading global companies involved in this area. Later in my career, while Chief Risk Officer of the Lloyd’s business, I was involved in setting the risk strategy, including exposure to the emerging cyber insurance area.

On the personal side, in 2012, my LinkedIn account was one of the millions impacted by a massive data breach where passwords were stolen, and in 2013 my personal email account was hacked. I came close to suffering a painful financial loss when my pension advisor received an urgent fraudulent email request, supposedly from me, to transfer my pension fund to a third party. Knowing that a cybercriminal had complete access to my personal emails felt like a personal assault and that violation of privacy made a lasting impression.

 At the time, however, I was busy in my business, had limited time to devote to this problem and limited knowledge. My knee-jerk reaction to these events was to leave Linkedin, change passwords on all my online services, and disengage with all social media platforms. In essence, I chose to disengage from the rapidly digitising world around me. I didn’t know it at the time, but I was making a mistake

The challenge of the last 3 Years

I was vividly reminded of the threat posed by cybercrime when the global ransomware cyberattacks of 2017 happened. In 2018, my personal data was compromised in 4 of the largest global data breaches. This experience convinced me that the world had changed irreversibly and that living in denial was no longer an effective strategy. This was when I decided to focus my energies on cyber risk with the intention of creating an offering that would add real value to small businesses in their efforts to manage cyber risk.

Initially, I struggled to come to grips with the complexity of the technology of cybersecurity as it was not an intuitive subject for me and its. Even insurance, the area where I had highly relevant expertise in risk management, was challenging. Cyber insurance policies used technology, legal and insurance jargon which made them hard to read and understand. I could see why the take-up rate for cyber insurance amongst SMEs was a very low 10%. I decided to educate myself further in all these areas to help others.

Researching the opportunity for my cyber risk management InsurTech company brought the opportunity to learn about the world of cybersecurity and the critical issues for SMEs. During these 3 years of cyber focused effort, I created many surveys, conducted many market research interviews, issued reports and interacted with the SME community in the UK and Ireland. I also engaged with the community by providing demonstrations of the cyber risk management platform under construction.

 This work helped me to understand the realities of small businesses, the problems they face with cyber risk and how their owners and managers think about the issue. I could see that they were confused about where to start. Their efforts to address the problems that cyber risk was causing in their business were ad-hoc and reactive to events. There was no plan, few proactive steps and no clarity of vision on cyber risk.

The Power of a Complete System

By interacting with these businesses and seeing their struggles, I learned the importance of having a complete system. I realised that small business owners and managers couldn’t do just one thing; they need a complete system incorporating the right mindset, a simple strategy, and the tactics to implement it. If small business owners and managers could see the entire picture of cyber risk and had an effective system that they could understand, it would make good business sense to implement it. This complete system could then lead these small companies towards cyber resilience.

This insight changed the way that I look at cyber risk in small companies forever.

And here’s the good news that may surprise you…

The essential steps that small businesses need to take are well known and are neither difficult to take nor expensive to implement. Your small businesses can address this problem once you know the step-by-step process and have a plan to implement it.

The system needed to begin with technology risk but also needed to consider people risk and governance risk. I formulated my strategy, called “The 5 Steps to Cyber Resilience”, using my experience and learning as a simple strategy that leads small businesses towards cyber resilience. I then implemented it in my own small business and decided to tell others what I had learned on my journey and the approach that I believed would work well for them. I decided that an online course was the best way to package the knowledge.

So, in late 2020, I created a Coaching Course to teach this material live on Zoom to a small group of business owners and managers in the UK and Ireland in a hands-on group coaching model. The course was an intensive, interactive experience that took place online over a 5-week period ending with a one-to-one coaching session for each participant with me to discuss the Pathway Plan they had created during the course.

Based on the success of the initial Coaching Course, I have now added an alternative approach that will help small business owners and managers to quickly jumpstart their cyber risk efforts. That’s why I’m excited to offer you that alternative approach now.


The Jumpstart Course: How to Create the first Cyber Resilience Plan for your small business in 30 Days without cybersecurity expertise

This self-study online education course gives the owners and managers of small businesses the jumpstart they need to create their first Cyber Resilience Plan. This may be their first Cyber Resilience Plan, but it will not be their last. The Jumpstart Course is a short, targeted course concentrating on the essential steps that are achievable in a relatively short period.

This course delivers a transformation in the way that you think about and manage cyber risk in your businesses. You will discover:

  • How to achieve a Mindset shift in thinking about cyber risk from negative to positive. This will allow you to see the benefits of “raising the bar” for your cyber standards.
  • How three components (Mindset, Strategy and Tactics) form an overarching and coherent structure for your Cyber Resilience Plan.    
  • My 5-Step Framework to Cyber Resilience. This is your strategy for managing cyber risk in your business.
  • How to implement the 5 technology controls of Cyber Essentials so you can reduce your exposure to the most common internet threats and create the tactical plan for technology risk in your business.
  • How to create your first Cyber Resilience Plan with your Tactical Plan building on the Action Points of the course. Your plan provides a roadmap for your implementation efforts.

 It will help you to leave worry about cyber risk behind as you are empowered to manage cyber as a business risk without having to invest a lot of time and money.

What You’ll Get

The course material is organised into 4 on-demand Sections covering:

  • Section 1: Mindset  

Increasing understanding of the sources of cyber risk and types of losses suffered by different business types. Introducing the Surviving Cyber Mindset that will prepare you to handle this key business risk.

  • Section 2: The 5-Step Framework 

How to adopt a strategy that leads to cyber resilience using a 5-Step Framework for managing Technology, People and Governance risks.

  • Section 3: Significantly Reducing Technology risk

How to significantly reduce your exposure to the most common internet threats using Cyber Essentials, a UK Government approved methodology to create a tactical plan for Technology risk in your business.

  • Section 4: Your Cyber Resilient Plan

Creating your custom-built Cyber Resilience Plan using our template and the results of your Action Points from the course.

Each topic builds on the previous one. Each Section includes teaching, presented through a series of pre-recorded videos, a Poll to gather your views, a Q&A feature, Slide deck handouts, supporting documents and Action Points. The Action Points help you to apply the concepts to your business and to take immediate action.

All the content is held on Ruzuku, the Learning Management System, and much of it is downloadable. Audio files along with written transcripts are provided for each video. The course video material adds to approximately 3.75 hours of content. All content is available on joining the course and lessons can be completed at your own pace. There is also a final end-of-course quiz where you can test your learning.

This course contains what you need to know and nothing that you don’t. You’ll learn the key concepts and get the tools needed to create your first Cyber Resilience Plan. You’ll leave with clarity about your business and new confidence about your ability to manage cyber risk.

Register for the Jumpstart Course

UK Companies - Register Here

Can You Afford to Wait?

Take a moment to think about the kind of small business you want to be in five years’ time. You might envision a digital business that is cyber resilient and enjoys high levels of trust with all its stakeholders. This is a business that is fit for the digital economy.

Really visualize what that future looks and feels like.  Got it? Now, answer this question honestly:

If your business continues on its current path, is it on track to reach that future cyber resilient state?

If not, then NOW is the time to change that.

Join The Jumpstart Course today and give yourself the process and tools you need to start making your cyber resilient digital business a reality. You can confidently set out knowing that you have a plan.

Naturally, there are alternatives available when you consider how you wish to address cyber risk. You could buy many cybersecurity products and services, in the hope that you are reducing risk. The cost of this option depends on the specifics of your business. It’s hard to quantify but it could be s substantial cost.

You could delegate the cyber risk management decision making to your IT Service Provider and rely on that company to do what’s best for your business. However, the cost of this could be catastrophic if your IT Service Provider does not have the requisite cybersecurity skills to deliver “what’s best for your business”.

Finally, you could continue with no Cyber Resilience Plan in place hoping that your business is not hacked causing the loss of your business and potentially, your livelihood. The financial cost of this outcome is potentially catastrophic, not to mention the personal price of continuing to worry that someday your business will be the victim of a cyber-attack.

The Jumpstart Course is available now to my “first-year” customers at a price of just  € 242 (exclusive of Irish VAT where applicable). The price for UK based companies is GBP £215 and Irish VAT will not apply.

Click on the relevant link below to register for the course. The course fee can be paid by credit card. Invoices will be issued to the relevant business once payment is received.

If you decide to invest in the course, you receive the outlined benefits and the bonuses. If you complete one module per week,30 days from now you could have completed your new learning, and have begun to implement your first Cyber Resilience Plan.

In doing so, you will significantly reduce your exposure to Technology risk and will even have started to consider People risk and Governance risk. You will have moved away from worry and will feel empowered by the action you are taking and the progress you are making. You are now in control of this problem and have begun your journey to Cyber Resilience. Investing in the course will then have delivered a strong return on investment by reducing your exposure to a cyber catastrophe in your business.

 If you decide not to invest in the course, your life will be the same. Nothing changes except, perhaps, the threat environment may worsen as cyber risk continues to evolve. You will have at least the same risk that a cyberattack could happen at any time and your worry may well increase until you decide to tackle the issue.

Plus, You’ll Also Receive…

Included with your purchase of The Jumpstart Course are the following Bonuses:

  • An email 'hotline' to submit your questions: This will allow you to send feedback to me on the course and receive feedback from me on any difficulties you may face with the course material.
  • A downloadable PDF called “Criteria to use for selecting an IT service provider for cyber risk services.” This is a checklist to guide a conversation with your current or proposed IT service that will allow you to assess their suitability for cyber risk services.
  • A downloadable PDF called “Suggestions to reduce your exposures to popular Social Media platforms.” This will provide practical suggestions on privacy and security settings that you might consider for some popular social media platforms and allow you to review your exposure to social media platforms by considering the privacy and security settings you use.

These Bonuses are not sold separately but are included with the course for free as added value.

Your Satisfaction is Guaranteed

This course teaches you a step-by-step system for creating your first Cyber Resilience Plan. What you learn will move you forward on your journey to cyber resilience. But I don’t expect you to take my word for it!

I want to make the buying decision easy for you. Because I am confident that The Jumpstart Course will add value for you and that you will be satisfied, I will take away any risk attached to your decision to invest in the course by offering a 30-day money-back guarantee, no questions asked.

That way you get 30 days to review the entire course and test out the materials. If you’re not fully satisfied, just let me know. Email me at and let me know if you decide that the course did not deliver what you expected and you want a refund.

Register for the Jumpstart Course

UK Companies - Register Here


The testimonials that follow are from students of the Live Coaching course. The content for the Jumpstart course is taken directly from the Coaching course.    

“Cybersecurity is of paramount importance to both our firm and our clients. This course took us through a process that helped us to identify potential weaknesses so that we could strengthen our cybersecurity. It also reinforced the fact that the solution has to come from the top down and it must encompass all our people and all our systems. This course is an eye-opener and if you are a business owner, I would highly recommend it”. 

Ken, Partner - Accountancy Practice 

"I previously thought that cybersecurity was something our IT provider would look after. The potential risk to our business and our clients from a Cyber-attack was something I had not considered before. Thanks to the Surviving Cyber course, I now see that is not exactly the case. Cybersecurity was an important issue before COVID-19, but having staff working from home has highlighted the seriousness of the risk for me. Thankfully, after completing the Surviving Cyber course I am now fully Cyber risk-aware. What the course has brought to me is a real eye-opener. I believe the understanding and knowledge I gained is of immense value to my business. The content of the course and the way John delivers it is clear and concise and I have actioned what I have learned. The IT guys have been on site for a full assessment of our hardware, software, firewall etc., and I now have Cyber insurance in place. If we are unfortunate enough to find ourselves attacked someday, I now have a clear Cyber pathway and I’m confident I can manage the risk.” 

Martin, Managing Director - Wealth Management Company

In my role as CTO for an emerging Marketing Automation company, IT security and Cyber Risk are increasingly important to me. I came across the Surviving Cyber course as my company had previously done some successful IT Risk Analysis Work with John Byrne. John is a very professional person with an engaging manner and a keen knowledge of IT Security and Cyber Risk Management.

The course itself was very interesting and well structured. Over five weeks, John led us through a series of presentations and activities to introduce us to the key topics around Cyber Risk. The course was very interactive with John taking an interest in how the topics could be applied to our companies. There was always time for questions at the end of the presentation. In the final week, there was an opportunity to have a session with John to devise our own ‘Pathway to Peace of Mind from Cyber risk’.

I’d highly recommend the course for both IT and Management professionals who would like to gain an insight into this important area in quite a short period of time.

Mark, Chief Technology Officer - Digital Marketing Company 

"As a Trustee and non-executive Board member of a UK Charity, I have always been uncomfortable about my lack of appreciation of the variety of cyber risks that the Charity faces and how to manage these risks. The Surviving Cyber course provided a clear and intelligible progression from cause to effect and then suggested a potential response. I believe that the course provides an initial basis from which to build an effective risk management posture. It is the first course I've seen that is designed to bridge the knowledge gap between being cyber unaware and cyber informed. I now have the foundational knowledge to have a meaningful discussion with the information security professionals implementing the cyber risk management plan for our operation – Peace of Mind indeed."

Richard, Chair of the Trustees - UK Registered Charity 

Prior to the Surviving Cyber course, I was naive to cyber risk, to say the least, and certainly how exposed I was even as a one-man Ltd company. I took the course primarily as an opportunity to educate myself more on the risks cyber presents to myself, my clients and indeed the wider market. The course ended up being much more than just education. 

The Surviving Cyber course is exceptionally well put together. A progressive and ‘building block’ approach to each weekly session, with accompanied contextual tasks, allowed me to assess my own performance and application of measures to reduce cyber risk within my business and for my clients. 

I finished the course with a clear pathway to peace of mind, and an answer to the crucial question; “How can I best protect myself and my Business from Cyber risk”. John’s guidance helped me produce a worked plan that is directly relevant to my business with clear actions I can take in the short-medium and long-term, with specific guidance provided on a one-to-one basis by John.

I would highly recommend the course to anyone interested in reducing their cyber exposure – which really should be everyone! 

George, SME Business Consultant

Your Future

Now is the perfect time to build the cyber-resilient small business that you want. The threat to your business and your personal livelihood is real and getting worse. Small companies have never been more vulnerable to cyber risk. Failing to address the issue could have catastrophic consequences.

However, your small business does not need to become the victim of cybercrime and you, as the business owner or manager, do not need to suffer the personal breach of privacy and other negative consequences that a cyber incident involves. You can dispel the fear, insecurity and worry that can result from being unprepared for this business-critical event.

The Jumpstart course gives you the essential knowledge and tools that you need to get started and leads you through the creation of your first Cyber Resilience plan. Through the course, you can discover the many benefits to be gained from addressing cyber risk in your business. I will be your guide through the step-by-step process.

Join the Jumpstart Course today to learn how. Click on the ‘Register for the Course’ button and complete your information.

I can’t wait to see you inside the course and help you create your first Cyber Resilience Plan in the next 30 days.

Register for the Jumpstart Course

UK Companies - Register Here