As new legislation tightens the rules on digital risk, Jibba Jabba’s Ashley Harris and Rich Davies outline why every business – regardless of size – needs to take cybersecurity seriously in 2026.
Cybersecurity is no longer an optional extra – it’s now an operational necessity. And for many businesses across South Yorkshire, particularly those in regulated sectors like law and accountancy, time is running out to get ahead of sweeping changes to UK law.
The Cybersecurity and Resilience Bill, now working its way through Parliament, marks what’s been described as “the biggest shift in UK cyber security law in years”. For Ashley Harris, Managing Director of IT services provider Jibba Jabba, it’s a wake-up call that businesses can’t afford to ignore.
“This isn’t about selling on fear,” he says. “It’s about awareness. Cybersecurity is now a necessity, not a nice-to-have. Businesses need to understand that this is moving from the server room to the boardroom – it’s not just an IT issue anymore. It’s a management-level responsibility.”
Regulation is Coming – Are You Ready?
The Cybersecurity and Resilience Bill – which received its first reading in November 2025 – will legally require certain standards to be met across a growing range of industries. While initial enforcement is likely to begin between 2026 and 2027, Ashley stresses that forward-thinking businesses should act now.
“If you’re in a regulated sector, you not only need to be certified but your IT provider needs to be certified too,” he explains. “The government is making this a requirement because past rollout of standards like Cyber Essentials hasn’t been taken seriously. Now they’re enforcing it through legislation.”
The Bill is wide-ranging, covering not only critical national infrastructure but the wider economy too. And with reputational risk, potential fines and even insurance invalidation at stake, failing to act could come at a high price.
“There’s two types of business: those that have been attacked, and those that are about to be,” adds Director Rich Davies. “We work in the industry and we get targeted more than most. It’s not just big brands – smaller businesses are just as vulnerable.”
Jibba Jabba’s All-In Approach
To help businesses navigate this new landscape, Jibba Jabba is rolling out new cybersecurity packages that shift away from traditional ‘vanilla IT support’ to a comprehensive, all-in-one solution.
“Rather than offering endless bolt-ons, we’re developing flat-fee packages that just include everything,” Ashley says. “From phishing training and endpoint protection, to round-the-clock monitoring and certification support – we take care of it all.”
These packages are designed not just to protect systems, but to ensure businesses meet the standards required under new regulations. That includes supporting clients in achieving Cyber Essentials or even ISO certifications, with independently audited checks to validate compliance.
“We’ll perform an initial security audit to assess where a business is now,” Ashley explains. “From there, we fill in the gaps – including the paperwork and policies that are often overlooked. A lot of this is about governance, not just technology.”
He adds: “What we offer isn’t an insurance policy – but it does offer peace of mind. The goal is to minimise risk and demonstrate due diligence to regulators if something does happen. The biggest question after a breach will always be: ‘What did you do to prevent it?’ If the answer is nothing, you’re in trouble.”
A Business Issue, Not a Tech Problem
One of Jibba Jabba’s key messages is clarity. They don’t deal in scare tactics or jargon – their focus is on helping clients understand cybersecurity in real terms.
“We cut through the noise,” says Ashley. “This isn’t about throwing acronyms at clients – it’s about putting cybersecurity into plain English and helping businesses see the real-world impact. It’s not about flashy software – it’s about being smart and prepared.”
And the risks of not being prepared are stark. Whether it’s data theft, service disruption, or customer trust erosion, the impact of a breach can be long-lasting. According to Ashley, “If you’re a solicitor or an accountant, you hold some of the most sensitive personal data there is. A breach doesn’t just hit your bottom line – it can destroy your reputation.”
The company is already ahead of the curve, having passed all the requirements expected of Managed Service Providers (MSPs) under the incoming legislation. Many others, they warn, have not.
“Tech has to be taken seriously at senior level now,” Ashley concludes. “This is about protecting your business, your clients and your future. Don’t wait for it to be law. Get ahead of it – and get protected.”
Head to jibbajabba.co.uk for more information on how to protect your organisation
Cybersecurity & Resilience Bill: What You Need to Know
What is it? A new UK law introducing tougher cybersecurity requirements for a wide range of industries, especially regulated sectors such as legal and financial services.
When does it come into force? Expected to become law later in 2026, with phased enforcement into 2027.
What does it cover? Everything from 24/7 system monitoring and software updates, to policy documentation, logging and risk management.
Why act now? To ensure compliance ahead of enforcement, avoid reputational damage and reduce risk of fines or invalid insurance.
