Remember the Green Cross Code Man?

If you grew up in the UK in the 1970s or 80s, you’ll remember him – the superhero (played by David Prowse) who taught an entire generation of children how to cross the road safely. Stop, look, listen. Simple. Memorable. Brilliant.

He sprang to mind this week, as I sat on a panel at the Business Services Association’s Cyber Resilience event. And I thought, cyber security needs its own Green Cross Code Man.

Cyber security is about people

At mark-making*, our B2B More Human philosophy underpins the work we do – the idea that business to business marketing works better when you remember there are humans on both sides of the transaction. We apply this thinking to everything we do for our clients.

But I’ll be honest: until recently, we’d never applied it to cyber security.

We treated it as a technical problem. We got our Cyber Essentials certification, wrote the policies, implemented the controls. Ticked the boxes. Job done.

Then we engaged with the South East Cyber Resilience Centre (SECRC) through our client Nationwide’s National Ambassador Programme, and everything changed.

The training we received wasn’t death-by-PowerPoint about technical protocols. It was brilliantly human. Real stories about real attacks. Practical examples everyone could relate to. Our trainer had us all chanting: “Cyber security is everyone’s responsibility.”

That phrase stuck with us so much that we’ve put it in our company handbook, and we’re actively working to embed it in our culture.It was the light bulb moment when we realised that cyber security is fundamentally about people, not just technology. We should have been applying our B2B More Human philosophy here all along.

The silver bullet question

Last week’s panel brought together an impressive group: Sharon Gould from Nationwide (our long-standing client of over 20 years), representatives from CGI, Sir Robert McAlpine, and HP, plus Joanna Goddard and the team from the National Cyber Resilience Centre Group and the police-led Cyber Resilience Centre Network.

I was there representing the SME perspective – the view from a 12-person brand strategy and creative agency trying to do the right thing.

During the discussion, I was asked: “If you had a silver bullet – one thing you could do to help fight cyber crime – what would it be?”

My answer came immediately: bring back the Green Cross Code Man.

We need a national campaign that makes cyber security visible, normal, and human. That makes it everyone’s responsibility – not just IT departments, not just security experts, but everyone. At home, at work, everywhere.

Stop, look, listen before you click that link.
Stop, look, listen before you download that attachment.
Stop, look, listen before you share that password.

The principles are the same. The need for human-centred awareness is the same.

The sky’s the limit question

Later in the discussion, we were asked: “If you could give a business anything – sky’s the limit – to help them fight cyber crime, what would it be?”

Our host thought I’d say, cash, technology, or more sophisticated systems.

I didn’t.

I said: education and awareness.

Because here’s what I’ve learned: cyber security is fundamentally about people.

You can have the best firewalls in the world. You can spend millions on security systems. But if someone in your team clicks the wrong link, downloads the wrong attachment, or thinks “that’s not my problem, that’s IT’s job” – you’re vulnerable.

This applies everywhere:

In our personal lives: We need to understand that the links we click, the passwords we reuse, the updates we ignore – these matter. 

In small businesses like ours: We need to make cyber security relevant to everyone. Our designers need to understand it. Our account managers need to understand it. Not just our tech-wizard, Russ. The SECRC training showed us how to do this in a way that was engaging and practical, not intimidating and technical.

In large organisations: The National Ambassadors like Nationwide, CGI, and Sir Robert McAlpine are doing something remarkable. They’re reaching out to their supply chains – often small businesses like ours – and offering human support. Not mandating requirements. Not adding to the compliance burden. Actually helping.

Nationwide’s approach was effective because it was genuine. They contacted us about their support for the National Ambassador initiative and were contributing to the cost of businesses attaining Cyber Essentials. That’s practical support that actually helps.

The transparency challenge

One of the most important topics we discussed at the panel was transparency.

Too many businesses who’ve been victims of cyber crime don’t talk about it. They’re ashamed. Worried. They think it means they failed.

But this silence is part of the problem.

Cyber criminals rely on this silence. They rely on businesses quietly paying ransoms, quietly rebuilding systems, quietly pretending nothing happened. They rely on each of us making the same mistakes in isolation, learning nothing from each other’s experiences.

We need to change this. We need to talk about cyber security openly. Share our stories. Learn from each other’s experiences. Make it normal to discuss.

Businesses of all sizes need to feel comfortable sharing their experiences – not in a naming-and-shaming way, but in a “this happened to us, here’s what we learned, maybe it can help you” way.

This is fundamentally human behaviour. We learn from stories. We learn from each other. We learn when we’re open about our mistakes and near-misses.

Making it human: the work of NCRCG and the National Ambassadors

The National Cyber Resilience Centre Group and the Cyber Resilience Centre Network are doing exactly what I’m talking about – making cyber security human.

Real conversations: When Russ joined a drop-in session, Patrick, a Detective Chief Superintendent and Director of the SECRC, had an actual conversation with him. Not a form. Not a compliance checklist. A conversation about what might help us.

In-person, practical training: Savva, a brilliantly-engaging senior trainer from SECRC,  came to our offices and delivered training that everyone valued. It was eye-opening, captivating, and Savva did an incredible job of making it relevant (because it is) to everyone on our team, not just the techies.

Ongoing, accessible support: We know we can reach out if something looks odd. The human contact continues. It’s not a one-and-done certification.

No cost: This is fully funded support designed to genuinely help businesses improve their cyber resilience.

The National Ambassadors are extending this human approach into their supply chains. Nationwide’s programme is a perfect example – they’re not imposing requirements, they’re offering genuine support because they understand that their security is connected to their suppliers’ security. And they’re doing it in a human way.

What every business can do

Thirty years ago, my business partner Ali and I set up mark-making* straight out of university. We’ve grown, learned, and adapted. We became a certified B Corp because we believe business should be a force for good.

Cyber security is part of that responsibility, not just to protect ourselves, but to protect our clients, our community, our sector.

Here’s what I’d encourage every business to do:

1. Make it human. Apply the same thinking to cyber security that you apply to everything else. If you believe in putting people first, apply it here too.

2. Make it everyone’s responsibility. Not just IT. Not just the boss. Everyone. Put it in your handbook. Talk about it in team meetings. Make it normal. And don’t forget to share with family and friends, young and old.

3. Engage with your local Cyber Resilience Centre. Even if you already have Cyber Essentials. Even if you think you’re sorted. The human support they provide adds something that certification alone can’t. Visit nationalcrcgroup.co.uk to find your local centre.

4. Be transparent. Share your experiences. Talk about near-misses. Help others learn. Break the silence that cyber criminals rely on.

5. If you’re a large organisation, consider becoming a National Ambassador. Reach out to your supply chain in a human way. Offer genuine support. It protects you while helping others. Find out more about the National Ambassador programme by emailing Joanna Goddard.

6. If you’re an SME, engage with National Ambassadors who reach out. Don’t dismiss it as box-ticking. It’s genuine help, and it works.

And finally, a word from the Green Cross Code Man

Stop and step back from the day-to-day. Make time to review your cyber security position – not just the technical controls, but the human element. Is it everyone’s responsibility in your business, or just IT’s problem?

Look to your local Cyber Resilience Centre for practical, human-centred support. Free training, ongoing guidance, real conversations. Find them at here.

Listen to others’ stories about cyber security. Share your own experiences. Break the silence. We learn from each other.

The Green Cross Code Man made road safety everyone’s responsibility. Cyber security needs the same – make it meaningful, make it memorable, make it human.