Most companies hold a great deal of sensitive data, whether that is login credentials for systems and sites and their own confidential information, or confidential information that belongs to their customers and suppliers. In the worst case, all of this data can be lost and then accessible to an attacker who intends to exploit the company and its suppliers either immediately (for example by theft) or by further attacks. It is never possible to be 100% from a determined, skillful and well-resourced attacker, but it is certainly possible to make a successful attack harder, detect when an attack is underway and to reduce the impact of any success by the attacker. We have seen many of these attacks carried out and can help by designing and implementing systems that protect against them, as well as by implementing protective controls.