Six Degrees - Experts & Thought Leaders

New independent research from Six Degrees, the secure, integrated cloud services provider, reveals a dangerous disconnect between retailer cyber confidence and real-world cyber resilience.   Data from the Six Degrees Retail Whitepaper shows that while most UK retailers are highly confident about their security posture, one in five admit their current defenses wouldn’t prevent a cyber-attack. This disconnect has far-reaching impacts because the retail sector faces an increasing volume of attacks, with respondents themselves claiming to be more at risk than they were a year ago. Six Degrees’ research maps respondent cyber security confidence against the National Cyber Security Centre’s (NCSC’s) 10 Steps to Cyber Security, a framework covering key areas including risk management, identity and access management, and data security. Real-world impact of cyber-attacks Retailer confidence remains high in each category, peaking at 84% for risk management. Yet, even in the weakest area – supply chain management (76%) – confidence remains strong. This is surprising considering supply chain attacks top the list of incidents reported by respondents in the last year. Despite reporting high confidence in their cyber security posture, respondents are clearly experiencing the real-world impact of cyber-attacks. Logistical disruptions, including the inability to restock goods, are the most common consequence. Meanwhile, one third of retailers report a decline in customer satisfaction – often centred on dispatching, delivering, and arranging the return of goods. Around a quarter also cite issues related to insurance, reputation, and legal risk exposure. Cyber security confidence and capability “Retailers feel the impact of cyber-attacks acutely because recovery is often slow. Only 13% of retailers fully restore operations within the first week, and just 29% within three weeks. More than a third take between one and six months to return to normal,” says Vince DeLuca, CEO of Six Degrees.  “You would expect slow recovery times to shake confidence and prompt a rethink of cyber security strategies – but our data shows that isn’t happening. This disconnect highlights a deeper issue: when cyber security reporting doesn’t reflect reality, businesses remain exposed.” Elsewhere in the report, findings shine a light on further issues created by this misalignment: when asked where they would prioritise additional investment, IT pioneers continue to rank cyber security highest (32%), ahead of cloud infrastructure (26%), connectivity (23%) and AI and automation (20%). This clearly demonstrates that cyber security confidence and capability aren’t aligned. Underlying cyber weaknesses If confidence were as strong as reported, the focus would likely shift towards other investment areas. Instead, the data shows that cyber security remains the most urgent priority, increasing in importance among respondents who have suffered from a cyber-attack in the last 12 months. This indicates that even confident retailers, when questioned further, recognise underlying cyber weaknesses – and this creates problems for IT leaders within retail organisations. Data within the report shows that respondents who claim high levels of confidence find it harder to secure priority cyber funding, with almost a third citing competing business priorities as the top barrier. Cyber confidence gap Vince DeLuca concludes: “The message to retailers is clear: cyber security confidence does not equal resilience. Confidence statements are easy to make, but do they withstand scrutiny against real-world threats? True resilience requires time, commitment, cultural alignment, and leadership from the top.” “And it’s never static – resilience can erode quickly without regular checks, assessments, and benchmarking built into defence strategies. Threat actors have consistently targeted the UK retail sector throughout 2025. Retailers who act now to close the cyber confidence gap will take a decisive step toward preventing their organisation from becoming the next headline in 2026.”

Six Degrees is pleased to announce the appointment of Mike Drolet as its new Chief Operating Officer (COO) and Tony Healy as its new Chief Information and Technology Officer (CITO). Both appointments bring an impressive track record to Six Degrees. As the Chief Operating Officer, Mike is focused heavily on the transformation and delivery of technology and services to the customers. Extensive experience With extensive global experience, he brings a wealth of knowledge in the deployment of innovative technology With extensive global experience, he brings a wealth of knowledge in the deployment of innovative technology and the delivery of strong, customer-centric results. Mike has held multiple COO positions within the technology, professional services, and consulting industries, and his tenure includes global roles with Geometric Results, Inc (GRI), Pontoon (a subsidiary of the Adecco Group), Infocrossing (a Wipro Company), and Deloitte. New CITO Tony is an award-winning Chief Information and Technology Officer with a proven track record of leading global technology functions across complex, fast-paced environments. He brings extensive experience from multiple private equity-backed organisations operating in pharma, transportation, retail, infrastructure, software, and professional services. Tony has delivered large-scale digital transformations, executed M&A integrations, and embedded cyber and data strategies that drive measurable business outcomes. He is known for shaping high-performing teams, modernising technology platforms, and aligning innovation with commercial growth. Drive new innovation Regarding his new role, Mike Drolet, COO, Six Degrees, said: “I’m delighted to be joining the Six Degrees team as Chief Operating Officer at such a pivotal time. I’m passionate about technology and delivering meaningful outcomes for our customers; I look forward to working with the extremely talented teams at Six Degrees to drive new innovation and deliver cutting-edge services and value to those we serve.” Ready to meet the future Tony Healy, CITO, Six Degrees, said: “I’m excited to join Six Degrees as Chief Information and Technology Officer. My focus will be on aligning our technology, cyber security, and product strategies with our broader business goals – delivering successful product launches, improving customer satisfaction, and ultimately driving organic growth.” “I’m particularly passionate about harnessing the potential of data and AI to drive innovation and value for Six Degrees and our customers, and I look forward to shaping agile, high-performing teams that are ready to meet the future head-on.” Authority comments Commenting on Mike and Tony’s appointments, Vince DeLuca, CEO, Six Degrees, said: “I’m really pleased to welcome Mike and Tony to Six Degrees. Their appointments will help us to achieve key strategic pillars including delivering for our customers now and in the future; reaching new markets; and elevating our service portfolio."  "With their combined experience in transformation, innovation, and delivery, I believe we now have the right leadership team in place to realise our vision to be the most trusted and innovative managed services partner, empowering our clients’ success.”

Secure, integrated cloud services provider, Six Degrees, announced that it has achieved SD-WAN Specialisation as part of the Fortinet Engage Partner Program. Through the Secure SD-WAN Specialisation, Six Degrees’ sales and technical teams have expanded their knowledge in SD-WAN deployment scenarios using Fortinet’s Secure SD-WAN solution. As such, Six Degrees is able to help customers conceptualise, enhance, and troubleshoot their SD-WAN deployments. SD-WAN solution In a fast-moving industry, specialisations focused on market opportunities enabled by the Fortinet Engage Partner Program help partners be recognised and valued by current and potential customers as trusted partners who have the expertise, services, and technologies they need to fulfil their business needs. At Six Degrees we understand the critical importance of embedding security from the ground up Simon Crawley-Trice, Chief Executive Officer, Six Degrees, said: “At Six Degrees we understand the critical importance of embedding security from the ground up across our entire portfolio. This is why Fortinet sits at the heart of our SD-WAN solution, enabling us to deliver secure, high-performance, cost-effective hybrid networking to organisations throughout the UK." Fortinet’s SD-WAN Partner Specialisation Crawley-Trice added: “As one of a select few UK partners to achieve Fortinet’s SD-WAN Partner Specialisation, we demonstrate our technical capabilities and commitment to maximising the benefits our customers realise from Fortinet’s industry-pioneering cyber security technology.” Chris Briers, Senior Regional Manager, MSSP–UKI, Fortinet, said: “Fortinet’s Engage Partner Program provides Six Degrees with a valuable, flexible platform to build a profitable and highly differentiated security practice. By achieving the SD-WAN Partner Specialisation, Six Degrees has demonstrated the knowledge and skills necessary to become a partner of distinction.”

Every day, millions of people worldwide use their personal credentials to prove their identity and access a range of services, from databases in their workplace to the banking app on their smartphone. But while this ensures only authorised people have access to certain systems, the use of this personal data opens users up to cyber risks, primarily in the form of identity theft. On Identity Management Day, Source Security spoke to seven IT and cybersecurity experts to discuss their experiences and advice on identity management, including James Brodhurst, Principal Consultant at Resistant AI, who reinforces that: “Securing identities is more important than ever, as fraud and identity theft has impacts for businesses as much as for individuals.” Effective identity management He recommends that businesses and other organisations that use consumer identities as an integral part of operations must address the significant challenges of managing identities and recognise that there is no single solution to all possible cyber threats. Effective identity management is only achieved through a broad range of technologies and data. Businesses have a critical role to play in mitigating cyber threats, as does society as a whole" This is an important first step for organisations to know who they are interacting with, and subsequently distinguish between genuine or illicit actions. “Businesses have a critical role to play in mitigating cyber threats, as does society as a whole. Initiatives such as Identity Management Day serve to increase our collective awareness of the issues and threats we’re facing, and also safeguard sensitive data.” External cyber defences “Why is identity theft so common?” ponders Andy Swift, Technical Director of Offensive Security at Six Degrees. “Well, the simple answer is stealing account credentials is big business. There is a massive industry out there of people stealing and selling credentials on the dark web. I don't suggest you venture to the marketplaces through which stolen credentials are sold on the dark web, but if you did you'd find lists of credentials with different attributes – whether they've been tested, whether they have access to financial data – that dictate price.” “Most stolen credentials are sold to people looking to launch phishing and onward phishing attacks, giving them access to compromised mailboxes to send emails from. Secondly, there are hackers who want to launch attacks – ransomware, more than likely – from within a network without having to navigate its external cyber defences while also evading the long wait for brute force attacks, phishing attacks and other noisy activities to pay off.” Access sensitive data Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target" “And thirdly, there are people who want to simply target external administration interfaces they have identified (RDP for example) which they can in turn use to pivot through to internal networks, or even just target the external host directly.” Gregg Mearing, Chief Technology Officer at Node4, adds: “Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target. In 2020 alone there were 193 billion credential stuffing attacks globally. Attacks commonly start with a database of stolen credentials, usually with usernames, emails and passwords – although phishing emails and suspicious websites are also used to steal corporate credentials. Once they have gained entry into the organisation's system, the attacker can move laterally, completely unnoticed, to access sensitive data, remove files or plant malware.” Most common threats “Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene, 65% of people still reuse passwords across multiple accounts. There can be no doubt that employees are the first line of defence for an organisation against a cyber attack. If trained properly, they can act as a human firewall. However, poor cyber hygiene, a lack of best practice when it comes to managing credentials, and a limited understanding of the most common threats can make an organisation’s employees its greatest weakness.” Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene" Alongside credential stuffing and phishing, Liad Bokovsky, Senior Director of Solutions Engineering at Axway, explains how API attacks are yet another way criminals are executing identity theft: “In fact, last year API attacks increased 348%, and companies affected included some of the largest corporations – Facebook, Instagram, and Microsoft.” Protecting customers’ data “Companies need to do a better job at protecting their customers’ data. In a recent survey, 82% of UK consumers confirmed they would stop doing business with a company if it suffered a data breach that exposed their personal information.” “Thriving and surviving in today’s hyper-connected economy increasingly depends on having sufficient API maturity in place to ensure that anything connecting to an organisation’s servers – devices, apps, customers – is managed appropriately to keep APIs, customer data and the company’s reputation safe. This means having technology and processes in place to make sure that API design, implementation, and management are done properly.” Owning smart devices This needs to change and with the UK no longer required to adhere to EU-GDPR legislation" Michael Queenan, CEO, and Co-Founder of Nephos Technologies, explains how the huge volumes of personal data being created every day are putting consumers at risk: “Whether shopping online, setting up a social media account or simply reading a news article, we are regularly being asked for our identifiable information. With 10% of UK homes now owning smart devices – e.g. an Alexa or a Ring doorbell – our data is constantly being collected, even within our own homes. Should it fall into the wrong hands, it could be used for identity theft or fraud.” “This needs to change and with the UK no longer required to adhere to EU-GDPR legislation, it presents an opportunity to rectify how personal data can be shared. Ultimately, I believe individuals should be responsible for their own data and how it is used.” Ensure data privacy “A possible way of achieving this is through identity-centric blockchain, whereby everyone has a national email address associated with their blockchain identity that permits access to their personal data. This would ensure that only you get to decide who has access – your data, your choice!” This would ensure that only you get to decide who has access – your data, your choice" Steve Young, UKI Sales Engineering Director at Commvault also comments on how identity management is vital for meeting data regulations, thereby supporting data management throughout the business: “In the world of data management, you’d be forgiven for thinking that the focus is all on backups and recovery. But while these are absolutely crucial elements, another key aspect of data management is identity management – only through understanding it will businesses be able to drive their data management to the next level. Identity management is necessary to ensure data privacy.” Latest data regulations “Many people will be most familiar with its function as a way to restrict access of employees to certain files and resources that may hold sensitive or classified information. But what is becoming more important today is how identity management also helps prevent cybercriminals entirely outside an organisation from gaining unauthorised access to a system and initiating a ransomware attack, for example. Because of this, identity management helps businesses be compliant with the latest data regulations, as it ensures that any customer data collected and stored is kept secure.” So, what solutions should IT leaders be prioritising to strengthen their identity management measures? Six Degrees’ Andy Swift recommends multi-factor authentication (MFA): “MFA provides great defence against identify theft, but it's also a reactive technology: for it to be effective, an attacker must already have obtained stolen credentials.” Cyber security training Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management" “That's why comprehensive cyber security training and education on best practices is quite possibly more important than any technology could ever be alone. There's no silver bullet when it comes to achieving strong identity management, but the importance of threat awareness and training cannot be overstated.” “We advocate for the best practices that ensure cyber hygiene and protect personal and professional identities and credentials to prevent credential-based attacks from continuing,” concludes Tyler Farrar, CISO at Exabeam. “Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management, but organisations must build a security stack that is consistently monitoring for potential compromise." "Organisations across industries can invest in data-driven behavioural analytics solutions to help detect malicious activity. These analytics tools can immediately flag when a legitimate user account is exhibiting anomalous behaviour indicative of credential theft, providing greater insights to SOC analysts about both the compromised and the malicious user, which results in a faster response time.”