UK Middle East

London Office 33 James’ Street

+44 (0) 20 7495 1234

Manchester Office 10 Mount Street
M2 5NT

+44 (0) 161 839 0064

Our News

Our expert in-house capability provides accurate, up-to-date and incisive research to deliver swift, precise outcomes. Targeted individuals are engaged with care and professionalism and the client opportunity presented in a clear and well-prepared format.

Our News

Our expert in-house capability provides accurate, up-to-date and incisive research to deliver swift, precise outcomes. Targeted individuals are engaged with care and professionalism and the client opportunity presented in a clear and well-prepared format.

A Q&A with our cybersecurity and risk advisor, Andy Watkin-Child

Laptop showing keys and blue light

Andy Watkin-Child is an internationally renowned cybersecurity and risk expert, who acts as our advisor of cybersecurity and risk. A 20-year veteran of cyber security, risk management and technology, Andy has held international leadership positions in first and second lines of defence for a number of large companies and is a Board member of the Security Institute. He is founding partner of Parava Security Solutions – an independent cyber security risk management advisory firm – and The Augusta Group, a US based advisory company.

He sat down with Rebecca Hopkinson, Howgate Sable’s client director and head of cyber security and risk management, to discuss the cybersecurity landscape.

RH: Thanks for joining me, Andy. Can you give us a snapshot view of what’s happening in cybersecurity and risk management around the world right now?

AWC: The issues around cybersecurity and risk management have been growing in impetus in recent years, but in the last 12 months or so they have really amplified because various Governments and governing bodies, as well as banks and insurers, have started to lay out their plans and guidance for cybersecurity risk management affecting businesses all over the world.

U.S and EU regulators have started to develop cybersecurity risk management regulations and enforcement programs.  Regulations that require companies that trade with the U.S and EU, require access to U.S capital markets or manufacture digital products or services supplied to the EU or U.S to implement cybersecurity risk management.  U.S agencies are also developing regulatory enforcement programs that are focused on cybersecurity regulation and compliance.

The cyber insurance industry has been evaluating how it manages cybersecurity risk.  Increasing premiums, reducing coverage and as an example, Lloyd’s of London – one of the biggest B2B insurers – has recently changed its policies to clarify that it will not pay out where a nation state is behind an attack. This naturally presents a huge worry to organisations and has prompted action among many.

RH: What, in your opinion, are the biggest cyber risks facing businesses? 

AWC: Cyber has become a national security risk and an offensive weapon of choice for hostile states – cheaper, easier to run and equally as affective as kinetic warfare.  No matter what sector your business, you will rely on a digital infrastructure to manage it and, sadly, most organisations defences have not generally kept pace with developments in hacking. We must not forget that NATO reaffirmed cyberspace as a domain of operation as far back as 2016.

Businesses can be crippled by a cyber attack. They can be taken offline for months, reverting back to pen and paper approaches and in the meantime losing their competitive edge. They can lose data – and in doing so, risk the Information Commissioner (or similar body outside of the UK) heaping criticism on them. Legal battles can continue for years following an attack. The reputational impact can be colossal, but the physical impact of loss of digital infrastructure even more so.

RH: You mentioned hostile states; is this the only risk?

AWC: Hostile states are certainly a considerable risk, but nation state hackers are just one group.  Hackers include Nation State Proxy’s, Cyber Criminals, Hacktivists, terrorists and script kiddies.  These groups have different motivations and look for different outcomes that are not always about money.   $Lapsus – a hacking group of between 16 and 21 years old – successfully attacked Microsoft, Nvidia, and Samsung on Okta in early 2022.  But the biggest threat by far, however, is from ransomware. Ransomware involves a hacker gaining access to systems, encrypting your data and demanding a sizeable ransom fee for the encryption keys to release it – which they invariably do not provide.

RH: Are there particular sectors which need to focus on upping their cyber defences?

AWC: All sectors need to be aware of the risks of cyber attacks and should be investing in developing a thorough cyber security approach, led by a CISO-type role (Chief Information Security Officer). Typically, this has fallen to IT teams to resolve but actually it requires a different skillset. Cyber security and risk will naturally work closely with IT, but its importance is of enough significance that it needs a dedicated team to strategise and oversee its roll out.

In terms of sectors, any business operating in defence should have watertight cyber security. So too should ‘mission critical’ firms such as those in infrastructure, energy or financial services. A cyber attack at a business like this would be a very serious matter indeed – it would undoubtedly lead the news agenda for months, and would cause substantial damage to the business’ home nation.

RH: What should the CISO role encompass?

AWC: A successful CISO will have a combination of technical and business skills, the proposed EU and U.S cyber regulations will require them to have risk management experience and be able to support boards manage and report cyber risks to regulators. It’s important that this person has an up-to-date understanding of the risks to the business and the technical know-how to see how these can be prevented. But a CISO also needs to speak the Boardroom language and be able to demonstrate the importance of the work.

Doing cybersecurity effectively is rarely cheap, so Boards will need to be bought-in in order to fund it. That’s where a good CISO makes all the difference – there’s little point in having someone in a cybersecurity role if they cannot convince a Board to invest in it properly.

RH: What’s next for cybersecurity – what do you predict the next big trends and changes to be?

AWC: Cyber regulation, regulatory enforcement, international cooperations and a move towards cybersecurity risk management are the biggest changes ahead. I’ve been working in this sector for 20 years and it’s only recently that I am starting to routinely see CEOs, NEDs, Chairs and so on proactively asking about what needs to be done. Until now, I’ve been the one banging the drum – now people are starting to seek out advice and make changes.

Legislature should not be underestimated; when the words national security and cybersecurity are mentioned in the same sentence then it’s time to pay attention! Where the US and EU go, the UK will almost certainly follow and businesses would be well advised to get ahead of the game now.

The Bank of England said just this month that cyber attacks are the single biggest risk to the UK banking system. This summer, Norges Bank Investment Management CEO Nicolai Tangen said he was more worried about cyber attacks than the changing markets. These are just two examples of the well-respected voices airing their concerns about the impact of a successful cyber attack.


Andy acts as an advisor to Howgate Sable’s clients and is available to them to discuss their needs. Please do get in touch with your contact at Howgate Sable to arrange a discussion, or contact us here.

The EMI Practice at Howgate Sable really took the time to understand our situation and find exceptional candidates who could fulfil challenging international leadership assignments for a truly global company with a history that spans well over 200 years.

It was a first class experience and positive outcome on many levels.


Barry McDonnell – Director of Manufacturing at De La Rue International

I have worked with the Howgate Sable team on several occasions whilst hiring mission-critical executives. Partnership is the byword for this organisation – they act as an extension of my team and work hard to support me not only in the technical solution, but in the sense of a deep understanding of my specific requirements. Delivery is the key measure of our talent partners and Howgate Sable have always achieved what was asked of them.

Jesper Berg – SVP HR, ABB

Having worked with Howgate Sable as a client and as a candidate I can confidently say their ability to deliver on complex searches is second to none. They not only have a detailed knowledge of the marketplace but also understand the importance of cultural fit. 

Bridget Lea – O2

I was particularly impressed with Howgate Sable’s knowledge and network in the aviation sector, the quality of the candidates provided at shortlist and the availability of Nick and the team to provide us with advice and guidance on candidates when required. Nick was particularly effective in understanding our needs as a Company and being flexible in adapting requirements and plans.

Paul Hutchings – Thomas Cook Group Airlines

I have recently worked with Nick from Howgate Sable to recruit a new Head of Aircraft Operations for Thomson Airways. I was particularly impressed by the wide-reaching search undertaken and the quality of the candidates put forward. The skills match to the brief was excellent and I am delighted with the individual we selected.

Dawn Wilson – Thomson Airways

From their initial call to me the Aviation practice team at Howgate Sable demonstrated a significant difference. Straightforward and to the point, the extent of their network and deep insight into the industry was immediately evident. The added value I have received as a candidate is tangible. An almost instant rapport quickly developed into a focused business relationship which is open, honest, respectful and above all trustworthy.

Carl Gissing