What if the best way to protect your business isn't copying what the successful companies do, but avoiding what the failures did wrong? Welcome to reverse benchmarking, the cybersecurity equivalent of learning from other people's face-plants so you don't repeat them. In this episode, Noel and Mauven flip traditional benchmarking on its head. Instead of asking "what are the best companies doing?", they explore the far more revealing question: "what did the disasters get catastrophically wrong?" From the Target breach via an HVAC vendor to ransomware attacks on UK holiday parks, the hosts dissect spectacular cybersecurity failures to extract practical lessons for small businesses. You'll discover why copying enterprise best practices often backfires for SMBs, how compliance creates dangerous false security, and practical ways to build your own "disaster library" of lessons learned. Plus, the hosts reveal why some of the worst cybersecurity advice comes from studying successful companies rather than failed ones. This isn't just negativity packaged as strategy. It's a systematic approach to identifying your business's genuine vulnerabilities by examining where others fell through the cracks. Because in cybersecurity, knowing what not to do is often more valuable than copying what others claim works. Why This Episode Matters One in three small businesses were hit by cyberattacks last year. The average cost? A quarter of a million pounds, with some reaching seven million. But here's the crushing statistic: 60% of small businesses close within six months of a cyber incident. Traditional benchmarking tells you to copy what big enterprises do. Reverse benchmarking shows you what kills businesses like yours, so you can avoid becoming the cautionary tale in someone else's podcast. Key Takeaways 1. Traditional Benchmarking Often Fails SMBs Copying FTSE 100 security on a shoestring budget is a losing game Enterprise solutions don't scale down effectively By the time you copy last year's "best practice," threats have evolved Context matters more than copying 2. Compliance ≠ Security Being compliant doesn't mean you're secure Compliance is like passing your driving test - it proves you know the rules, not that you'll never crash Checkbox culture creates dangerous complacency Attackers don't check your certifications before striking 3. The Statistics Are Sobering One third of SMBs hit by cyberattacks annually Average breach cost: £250,000 Some breaches: £7 million 60% of small businesses close within six months post-attack NCSC estimates 50% of UK SMBs will experience a breach each year 4. Real-World Disasters Teach Practical Lessons Target breach: Lost $162 million because HVAC vendor credentials weren't properly segmented Colonial Pipeline: Shutdown of major US fuel infrastructure from weak VPN password UK holiday park ransomware: Peak season attack forced cash-only operations Common thread: Basic security fundamentals ignored 5. Third-Party Risks Are Existential 61% of breaches involve third-party access Small vendors create backdoors into larger networks Your security is only as strong as your weakest supplier Segment vendor access ruthlessly 6. Practical Implementation Steps Build your own "disaster library" of relevant failures Hold quarterly "what went wrong" review sessions Map your business to failed case studies Ask "could this happen to us?" for every breach you read about Create no-blame culture for reporting near-misses Detailed Show Notes Introduction (00:00 - 01:24) Noel poses a simple question: in the pub, what do people talk about? Their wins, mostly. This episode does the opposite by examining failures instead of successes. The hosts introduce "reverse benchmarking" as the Darwin Awards of cybersecurity, learning from others' digital disasters rather than bragging about fancy firewalls. Key Quote: "Learn from other people's face-plants so we don't repeat them." What Is Reverse Benchmarking? (01:24