Interview with Jude McCorry, Chief Executive of The Scottish Business Resilience Centre

The Scottish Business Resilience Centre (SBRC) was founded in 1996, when it was known as The Scottish Business Crime Centre. Today, the SBRC has a vision to be the catalyst that makes Scotland one of the safest and most resilient places to live, work and do business.

This year they welcomed their new CEO, Jude McCorry who has a solid background in technology, and comes directly from being Head of Business Development at The Data Lab. Jude gave us some of her time to talk about taking the reins of the Scottish Business Resilience Centre while entering a national lockdown.

You have only been in your new job for 7 months and in that time had to find drastically new ways of managing a team and solving unique problems. Looking back, can you sum up how it all went?

I started my new job as CEO the week of lock down, it wasn’t what I’d had in mind. My first job was basically to send everyone home and make sure that they could still work. To date, about half of my team, I’ve only ever met over Zoom or Teams.

So, it wasn’t an ideal start, but the team have been absolutely amazing, they totally got behind me, and together, we have pulled out all the stops and changed the direction of SBRC. We rapidly moved from a culture of being out and about meeting with clients, to getting completely online. We decided to focus on business resilience to help businesses understand what kind of support and funding was out there, our first webinar went out in March just days into the lockdown and we had 650 people sign up. We were only able to take 500 because of the Zoom license, so we started doing them every two or three days in order to support as many people as possible. It made a big and immediate difference and saved people sitting on phone lines for hours on end.

On the cyber side of things, people were calling in about different issues, from the logistics of working from home to concerns about security incidences. Over the last 6 months, we set up an incident response service which is supported by Scottish Government and Police Scotland. Overall, the time has gone very fast and it’s been very enjoyable, of course there’s been some teething issues and some frustrations, but we’ve achieved so much. I think we’ve been through the forming, the storming, and the norming stage now.

You previously worked at Data Lab. – working with industry and academia to maximize the value of data for Scotland. Tell us more about the value of data.

A lot of companies have plenty of data, let’s take Aggreko, the big generator company as an example. Some of their generators are running refugee camps or towns in remote areas of the world. If a generator was damaged by storms or had parts needing to be replaced, the town wouldn’t have any form of electricity, and would have to wait until roads became open and someone could come to make the repairs. Using the data that they had, they were able to predict any failures in the generator and fix parts before they failed. By being proactive instead of reactive and using a predicted maintenance program, the organisation now saves millions of pounds every year.

We worked with Unicef, looking at how data could be used to improve the lives of children not just in Scotland but around the world. We looked specifically at obesity which is a huge issue for children in Scotland, and we saw trends, such as breast feeding rates going up in Scotland linked to obesity going down. There were also trends when the simulated sports activity game, the Wii, was popular.  Other trends were seen when schools promoted the ‘mile a day’ challenge and obesity went down. The data can show us patterns with buyer behaviour, for example, in poorer areas, shops often have buy one get one free offers on very high calorific food, and there are sweets and huge bottles of fizzy drinks at the checkout. Whereas in more expensive areas, the supermarkets may have flowers to tempt buyers at the tills.

Data can be used for businesses to generate profit, but the thing that really got me out of bed in the morning was the data science that helped people for the greater good in Scotland and all around the world.

Have you always worked in the technology sector? What has been your experience as a female in the tech world?

When I left university, it was during the economic boom in Ireland and my first job was working at Dell computers. In Ireland, I didn’t feel that there was any difference between women and men in tech, probably because there were so many jobs in the industry at the time. When I moved over to Scotland, I did see there was a difference, especially in how many women were employed. The American multi-national organisations in Ireland were very supportive of women in their workplace, this was twenty years ago. They were flexible over working terms and holiday times and this encouraged working mothers. It is not something that can be taken for granted here in Scotland.

As a manager, I don’t want any women that work for me to feel under pressure because the kids are at home and they have more to balance than ever. I try and have the approach where I can say, ‘do what you need to do’. My children are now 12 and 15, so they can look after themselves, but I don’t know how anyone could have done those first few months with small children in the house. I see it as not the child interrupting the work, it is the work interrupting the home.

Can you talk about the hugely diverse cyber threats that businesses face.

My big fear is about our public services, particularly healthcare. We see the cyber attacks that have targeted hospitals and health care departments in the US and Germany recently and it worries me. A discussion about ransomware is the elephant in the room. It is a serious crime that needs to be dealt with and if it’s not tackled soon, it could change the cyber landscape immensely.

I want to help people become more cyber aware, it is easy to make a mistake and it should not be something to be ashamed of or considered a sackable offense. Even an organisation with 300 cyber people, can still have an incident. Senior management really need to wake up and take responsibility for cyber threats and make cyber security part of their job of running the business, rather than leave it with their cyber team. Cyber security is something that can literally save an organisation.

At SBRC, we’re very much into prevent and protect, we educate people about cyber threats and promote the Cyber Essentials scheme to organisations in Scotland as the baseline standard for cyber security. We also provide incident response for when a business has a security breach, so they can get help straight away. A crucial part of preparation is having a crisis management plan to assure that your business would be able to keep running if you were attacked.

Can you talk about the unique model of collaboration that makes the Scottish business resilience centre so successful.

The difference between us and the rest of the UK model is we only have one police force so it is easier for us to do a Scotland wide collaboration. I always say it’s like the Goldilocks economy, its not too big, not too small, its just right. We’ve got a lot of people in Scotland that want to make a difference and want to make that collaboration work. The rest of the UK is now starting to get into a rhythm of doing the same thing, working together and sharing information. The message then to the cyber criminals is – ‘we’ve got our house in order, this will be a difficult place for you to operate.’

Where do you think the Scottish Business Resilience Centre should focus in the future?

I think COVID forced us to look at our purpose and our function as an organisation. This year, business resilience in Scotland has been about making sure that as many businesses survive the pandemic as possible. We pulled together the business network, we did the mentoring, and we did the webinars. This allowed us to engage with 5.5 thousand new businesses over the last few months, additionally, we’ve had 5000 views on the Youtube channels. I think the lesson we can take from it is that business resilience and cyber resilience has to be innovative, we need to be agile and move with what is happening in the world.

Community building was another big thing, rather than just concentrate on the city centres of Edinburgh and Glasgow, we have been making a very concerted effort to make sure we are covering all of Scotland as cyber effects everyone.

What is your vision for Scotland for the next 5 years?

One thing I’m very proud of in Scotland is the way people work, they are very supportive and very collaborative. In a period of intense worry and isolation, we managed to bring people together through webinars and round tables and fireside chats and enable a conversation about what was available and how companies could survive.

The other good thing about Scotland is the connection, not just between businesses, but groups of cyber experts, the police, the fire service, the government. Everybody’s focused on the same vision which is to create a culture in Scotland that is safe to do business both on and off line. When you set up in business in Scotland, you are not just going to be left to your own devices, there is a lot of support and connections.

Can you tell us about any Scottish Business Resilience Centre upcoming events?

Exercise in a Box is an online tool from the National Cyber Security Centre (NCSC) which helps organisations test and practise their response to a cyber-attack. Over the last few months, SBRC have been delivering free Exercise in a Box sessions to organisations across Scotland to help them assess how resilient they are to cyber-attacks. December dates have just been released on the website which will cover the highlands and Islands and Inverness and Aberdeen. There are also some open sessions that anybody can join and then into January, sector specific sessions, eg food and drink, transport, NHS.

Details about Exercise in a Box sessions are available on the website. There is also a phone number for incident response, or to get some help and advice.