Do you know which areas of your business present a cyber risk because of the way they operate or handle company information?

This was one of the issues raised at Lifeline IT’s recent ‘IT Risk’ roundtable, where attendees discussed how to identify potentially vulnerable parts of an organisation and mitigate the cyber threat.

The obvious departments are ones such as finance and accounts, which hold banking and payroll details and can be targets of invoice fraud and fake supplier bank changes. Other obvious risk areas are IT, which frequently has access to privileged data, and HR, which holds sensitive personnel information.

However, there are often overlooked parts of a business that present a security threat to an organisation because of how they function. Marketing departments can often go under the ‘risk radar’ but there are various reasons that give cause for concern:

• They often rely on third parties and agencies, so interact heavily with external contacts and suppliers who may not have the same IT protocols as their organisation.
• They manage large volumes of customer data, often using many SaaS platforms for email marketing, analytics and CRM. These platforms host sensitive data and provide another entry point for potential cyber attacks.
• Widespread use of AI – 85% of marketers use AI for content creation (Source: Coschedule ‘The State of AI in Marketing 2025’) – which can potentially breach compliance rules if used incorrectly.
• Marketing departments manage social media accounts, which provide opportunities for hackers to use ‘social engineering’ techniques,
• They often process campaigns and approvals quickly, which can increase the risk of human error.

Commented Daniel: “Marketing is one of those areas where the guard rails may not be as secure as they could be. It’s always a challenge when certain departments may be working in a different way to others within a company and the key is to make things as secure as possible without stifling creativity or workflow.

“One solution that we have implemented successfully with several clients is data segmentation. This is when all departments have separated data in addition to regular user access controls, which helps to reduce the cyber threat.”

If you want to know more about data segmentation within your organisation, contact one of the Lifeline IT team.

Read Daniel’s thought-leadership article in Business Travel Magazine about how organisations can protect themselves from cyber threats when travelling overseas: https://thebusinesstravelmag.com/combatting-cyber-crime/