1) Larger employers should introduce relevant apprenticeships and recruit people from different sectors who have transferable skills, such as behavioural science experts, psychologists and those with an intelligence background

2) Companies must be honest about their in-house security expertise and understand which tasks, such as penetration testing, they need to outsource

3) Employees must be made aware of the risks from phishing scams and the potential impact to the business of clicking dangerous web links

4) Companies should proactively educate their customers so they and the business are protected

5) Those at the top of an organisation need to be fully informed about the cyber security risks so they appreciate the need to invest adequately in the specific skills their business might need.