Your Business Blueprint to Scale, Secure and Succeed

Adam Cliffe: Coming out of COVID and resourcing. If you haven't watched the - I think it was the last episode with Xavier, I recommend you go watch that as we talk a bit about resourcing. But there was a clear pattern of resourcing problems which I think prevented a lot of businesses from scaling during that period. Do you feel like we've come out of that now and that there's a lot more resourcing available or the right people with the right skillset? Is that era over and we're good? Is that a part of why this year we've been able to sort of scale a lot quicker?

Ashley Darwen: On top of the framework, I think it's two parts. I think you're right. I think that it's starting to change. Like recruitment in COVID was tough, like it was tough to find the right people and I think during that period we started to scale Brisbane a lot quicker, and that was one from a customer base but from two. The resource pool for us was a lot bigger and it's hard to find good technical people. So, I think that helped for us. But in turn, yeah, I think that's starting to shift as well.

But in a service-based business like us, as you scale, it's the chicken and egg thing where you don't want to put on people too quickly because that hits your bottom line. So, but if you leave it too late then that starts to affect service. So, I wouldn't say we always have it right, but that's probably something that we learned, that we need to put on people a lot quicker. So therefore, service delivery doesn't lack. But during that COVID period and post-COVID that was a little bit tougher because you just couldn't get the recruitment was tough and for us we really focus on the culture side. So, you know, in our industry to get the right personality fit is hard on itself and during that time. That was just additionally harder.

Adam Cliffe: All right. So, let's talk about the technology that these businesses might need if they're opening a new location or they're going through a merger and acquisition. How important is it that the technology can actually integrate, and what would that look like?

Ashley Darwen: So, I suppose, like we were talking about before, communication is going to keep the culture. Communication is the big driver for that. I think how technology can enhance that. We need to make sure that what's at the main location from a technology point of view whether that be equipment or internet connectivity to make sure that we replicate that at any other location, because what you don't want is that when that location you know comes on board if it's through an M&A or whether you've set up a new location, because what you don't want is them to feel like there's a second class to their technology and you want to make sure that when you're using Teams, that the video is there so they feel part of the culture of the bigger location or the main location.

Adam Cliffe: Yeah, and I think from, I guess, a managed service provider aspect to it. You want them to be using the same technology that integrates, whether it be through an M&A or a new location, from a cybersecurity perspective, an ease of support. There's nothing worse than supporting two or three different systems for the same business because they're you know different location, or you know they're. I mean, that might, might be a temporary thing if they're doing an M&A and you know they need to bring this software across. But I guess from a bigger picture, it makes sense right to integrate the exact same technology across yeah, and that might come over time.

Ashley Darwen: You know, at first at least get the connectivity there everyone using the same equipment, being able to video chat and be part of the culture and then, longer term, is planning the integration of software or whatever that might be. So sometimes you can't change it straight away, but there needs to be at least a bit of a roadmap to bring everyone back on the same page. So, then everyone's looking or using the same software or connectivity or whatever it might be.

Adam Cliffe: Yeah, and on the technology front too, I want to talk about disaster recovery. Obviously, it's summer in Queensland. Yep, cyclones and that are pretty big up your neck of the woods in North Queensland, Brisbane's got floods, yeah, every few years, unfortunately. What do you think are some easy-to-do disaster recovery stuff that businesses should really already have or, if not, should really be looking at sort of implementing?

Ashley Darwen: Yeah, I suppose the big thing is making sure that, whatever service provider you have, that they are actually monitoring your backups, that there is a cloud backup going up at least once a day. So, in the event of a natural disaster, how quickly are you in need of getting that data? Or starting to use it and then working out to make sure that that's actually possible first, and what the plan is with your provider, whoever it is, to make sure that, “Okay, this is the plan. In the event of a cyclone, we're still going to need this data.” How's that going to work? And then, what's the time frames?

Adam Cliffe: Yeah, I like the way you think about that. It's like using what we use in the industries like RPO and RTO, which is a recovery point objective and a recovery time objective. So obviously the time aspect is a bit, you know, you'd be governed by when the cyclone ends or the flood ends. But then obviously working out once it ends, how quickly can we get back to business as usual?

Ashley Darwen: Correct, and that's going to be different for each organisation. You know, when you're looking at aged care, they actually need it during the cyclone pre-cyclone during the cyclone post-cyclone. So, it's making sure that you know that that's available when they actually need it. For a different industry it might be not until the cyclone passed and they got power back on, which is a lot different. So, it just depends on whatever industry. But I think it's setting expectations both sides, so the service provider knows and then the organisation knows, so you know, everyone can plan to go, okay, well, when the cyclone's finished or during the cyclone, we need to make sure that, you know, all systems are up and they're going to be able to access the data that they need.

Adam Cliffe: Yeah, and as Simon said from Escalate Consulting, he was on episode one I think, said is that you've got to test it.

Ashley Darwen: Correct. It's all good to have these plans, but you've got to test them.

Adam Cliffe: Yeah. So, I'm pretty sure from memory he says at least annually or if there's a trigger. So, I think that's a crucial point too. It's great to have these disaster recovery or business continuity plans and at least planning for these scenarios, but at least test them as well.

Ashley Darwen: Yeah, I think if the organisation's got a governance cycle whether it's an annual governance cycle or whatever, it might be is that should definitely be in that cycle so it can be tested and, like I said, the expectations are that everyone knows what they need to do and when they need to do it.

Adam Cliffe: Yeah, well said. What else would you say were the biggest challenges, either in the past or even still, that have a massive impact on scaling a business?

Ashley Darwen: I think one of the biggest challenges for us is as we grew, and you onboard more customers and you deliver services. I suppose, if you scale too quickly, how much internal process and procedures are put in place to ensure that, you know, what you delivered when you were smaller, you know, when we were five and six people, to make sure that they still get the same experience when we're a lot bigger. But we just need to have those processes in place. So that was probably the biggest thing for us and if you, as you do know me, I'm not detailed at all.

Adam Cliffe: So, making sure that there's people that that's what they do and that that's their skill set is critical to make sure that happens, yeah, definitely, and I guess, just on that sort of topic around, you know, getting that balance right. Like, how did you, like, what clicked for you to, to go, “Oh, to get here, I need to do this.”

Like, was there something that, like, you know, just clicked one day, or was it just systematically working through it? Like, what led you to, I guess, and this might even be part of the answer, but what led you to then start thinking about adopting some type of framework?

Ashley Darwen: Yeah, I think the framework was important. Like we said EOS before, and before we did EOS, we actually used the scaling up framework and I think that was a crucial point in time for us to say, hey, this is where we are at now, instead of just looking at, you know, day by day, by day, let's look at the next 10 years, so that sort of set us up on a trajectory that we know, we knew where we wanted to get to.

I suppose for me, it was the biggest thing that not necessarily clicked was having people that were much smarter than me internally, and I think that was probably the key change for me is having people that were more detailed than I am, that knew how to deliver processes and things like that, and that's probably was the key change, not necessarily something that clicked, but, you know, letting go and delegating the things that you know you're not good at, and having those people, the right people, in the right seats, to make sure that you know you can move forward on what you want to do.

Adam Cliffe: Yeah. So, I guess it's like you know, having the strategy up there and then having the right people to execute on that strategy.

Ashley Darwen: Correct. Yeah, but unless that's documented, no one knows where we're going exactly.

Adam Cliffe: So, in terms of scaling like, is there a right time?

Ashley Darwen: I don't know if there's a right time. Some people, you know, a business has to want to scale, like, not every business wants to scale. If that's not what you want to do, then there's no point doing, I think, for us…

Adam Cliffe: Why would one not want to?

Ashley Darwen: You'd have to want to. It would be up to each individual. For me, it was always about helping as many businesses as we could. You know, from when I started, that's what I wanted to do. So, for us that was just a just a natural progression to help as many businesses as we can, and that was part of the excitement. So, for us that was always a thing that we wanted. For other businesses, that might not be something that they want to do, so I think it's up to the individual on where they want to go.

Adam Cliffe: Yeah, definitely, and I think also, like when we talk about scaling, there's the organic side of scaling and then there's the I guess, merger and acquisition side. We've gone through a couple in the past. What are your thoughts on M&A, mergers and acquisitions in general? How would you go about? Maybe, if you're thinking about doing it like what would your first sort of steps be, and after that, if you could talk about any sort of like lessons learned that you've sort of come across, going through a couple yourself?

Ashley Darwen:Yeah. So, I think first you got to decide if that's what you want to do, if you, if you want to scale, that that makes sense, that you want to acquire or merge with another business. I think for us it was all about geographical locations. You know, we started in a small country area. We wanted to get into other locations, so that was a natural progression for us.

I think the biggest lessons learned that we, or that I've seen, is, you know, is around the culture fit. You know, in a service-based business, you know we're only as good as the staff that we have, in the team that we have. So making sure that there's alignment between the team coming in, that's probably the biggest thing that people forget and making sure that once that transitions happen, that there's clear expectations, that there's good culture alignment that's probably the big thing, because once you do that, then when you're, the services that you're delivering to customers are going to stay consistent with what they had before. So that's probably the biggest lesson that I've seen over there.

Adam Cliffe: Yeah, it's like that. It's like that old saying. What is that? Culture eats strategy for breakfast. And I think it's probably a testament to our success in that respect that we've always been really focused and held a high priority on the cultural aspect.

Ashley Darwen:Yeah, yeah, and you have to. In a service-based business, you know the team is representing the company. So, yeah, that cultural alignment is so crucial.

Adam Cliffe: Yeah, so just going back to the EOS framework, like a big component of that is obviously having a clear vision of where you want to go. And I think a lot of business not a lot, but you know there's probably quite a few out there that probably struggle with a vision. You know they're very much in the day-to-day operational. It's very common, and it's probably hard to take a step back and work out where you kind of want to head.

Do you see, I guess in that small medium business space where they don't have a framework, whether that be EOS or scaling up or whatever framework it is, but they're kind of just spinning their wheels doing the day-to-day operational stuff, maybe they're actually on the tools and whatnot as a common thing from your perspective, and would you then say adopting a framework would be one of the sort of critical pieces of starting to develop a clear vision?

Ashley Darwen: And being able to systematically work through that. So, we got to a point, you know, I think it was 2014, 2015, where the business probably plateaued for a year or two. And same thin, we sort of sat there in the day-to-day operation, the business, and we adopted the scaling up framework in 2015.

And, you know, sat down and go, “Okay, well, this is where we want to be, you know, in a year or three years.” And then when you look at a 10-, 15-year and you think that is definitely unachievable, but you work back in scaling up or EOS, whichever one year you use, you know you go back to five, you know 10 years, to five years, to three years, to one year, then to 90 days, and all of a sudden there's some traction and you start ticking off those things and you can start seeing things and you're getting closer and closer to that one-year goal than that five-year goal. So, you know it starts becoming that. You know that 10-year, when you start getting that traction, you know that 10-year goal actually thinks I actually might be able to get there and then you know, for us, when we got to five years and when we did that goal, we had a 10-year plan.

You know we're five years out from, or six years out from, that 2030 plan. Now, all of a sudden, we're actually ahead of where we thought we were going to be. So, you know, it did take a little bit of time but all of a sudden, you know, we actually might get there.

Adam Cliffe: Yeah, yeah. And how do you get your, I guess your leadership team on the same page, singing from the same sort of song sheet, so you can collectively obviously work towards, you know, that vision? Obviously, it's an important piece.

Ashley Darwen: Yeah, and look that probably hasn't been something that we actually nailed straight away. So, you know, with as part of that framework, you know scaling up as a one-page plan, all of a sudden you put that in, you know, and everyone's actually looking at it and gone. Well, you know, if it's hard for you to articulate, which it is for me, having that one-page plan and everyone's actually looking at the same thing, that sort of a game-changing moment for everyone to go, “Oh, actually, this is what's in his head,” or “This is this is what we think we can do.” So, all of a sudden, everyone can see it. This is what we think we can do. It's on paper. So that's probably where everyone clicks in and goes “Yep, let's go and do it.”

Adam Cliffe: Yeah, and from my perspective, I guess with the EOS sort of framework and it's probably like this for others, is when you sort of break it down into those rocks and those milestones that you are accountable for and see that contribute to the bigger picture of the organisation and then being able to actually track that and go, that's where that's actually going to make a big difference to hitting our overall sort of target and goal. So, from my perspective, being on the SLT, I can actually clearly relate my impact on the overall success of the company and the goals that we've set for those, you know, five-year things and I think what you, what becomes a lot clearer is there's change that you can see in like one and three years.

Ashley Darwen: That actually is a lot. You can get there a lot quicker than what you thought you were going to get to. So, and then when people start seeing that they're going actually “Yeah, let's keep going.” So, you know, the momentum just starts, and it just keeps going.

Adam Cliffe: Yeah. So, as someone who's got quite a lot of experience in building.

Ashley Darwen: I wouldn't say quite a lot.

Adam Cliffe: A fair bit, mate, don't sell yourself short but as someone who's got a fair bit of experience in operating a business across multiple geographic locations. Obviously, we've got Bowen, Townsville, Brisbane, like offices. What advice would you give to another small medium business? It doesn't have to be in the IT or managed services space. What advice would you give them if they were to say they had a Brisbane office and they were looking to go Sydney, Melbourne, Adelaide, something like that? What one piece of advice would you offer them?

Ashley Darwen: So, we probably learned from doing the wrong thing.

Adam Cliffe: Well, that's the best teacher, isn't it?

Ashley Darwen: Yeah, so I suppose it just comes down to communication. That's the biggest thing and I think for us, all of our teams are all split across multiple locations. So, even if you're in one team most of the time, if you're in a different office or some of our staff work remotely from home because they're not in one of our locations, the communication is the biggest thing. I was never a fan of meetings, but, that's what you have to do, like we have daily huddles and then we have weekly meetings. The daily huddles, I think, are a game changer to making sure that everyone stays connected, because you've got to remember that if people are in not a location, they're working from home.

That's something that we need to make sure that they're connected, and not only from making sure that we can disseminate information, if they need it, but it's also making sure that you know their team leaders or whoever can check in on them to make sure that they're doing okay. Personally, especially in COVID, like that was a big thing, where everyone was stuck at home, is that we, we have a duty of care to make sure that our team's okay. So, we're not only using it for work-related and information like that, but also making sure that everyone's mental health is good and making sure and checking in like that. So, I think, yeah, if nothing else, if you're split locations in different areas, the communication is the biggest thing that you need to make sure that's right.

Adam Cliffe: Yeah, and I think when I started up Brisbane it was critical, like you know, having, you know, yourself and the team in Townsville to really help guide me in terms of how to hit the ground running. I think it was instrumental in the success of ADITS in South East Queensland. And you know, look at it today. You know, we're in this nice studio and we've got a really nice office now that we've just moved to this year. So, yeah, I think that communication part is critical. I would also probably say making sure you've got the right people to be able to sort of execute that, especially if you're not franchising but you know just starting, not franchising but you know just starting up a separate location, you know, making sure that those people can have the support and have the capacity to be able to sort of execute on that, because there is a lot to it.

Yeah, and you've got to make sure, like you said, that those people that you put in those locations are the right culture fit for the business. Yeah, exactly. They have the same values, because they're the ones that are actually going to replicate the values of the business in their other locations, in in any new location or yeah, or new team, which would probably be an amazing idea if you could actually get someone already within the business to set up that other location if you could, because that way they're already sort of entrenched in your business practices and processes and can kind of hit the ground running already knowing the standard or the expectation 100%. So obviously I touched on Brisbane office and how we moved here sort of this year. I just want to sort of discuss more around some other challenges that we've kind of and highlights that we've faced this year. What have been your biggest ones that stand out to you?

Ashley Darwen: Look, it's been a big year. I think we've -

Adam Cliffe: Like every year is a big year, isn't it Ash?

Ashley Darwen: Every year is definitely a big year, I suppose, for us moving to Brisbane office. When we started in Brisbane we started in a shared office space. We then moved to an office location that we thought was going to last us for five years and I think we had it for two. So, then we moved to this location, and we've already seen that. You know we've got more and more people coming into our Brisbane office now, so that's probably been a big highlight for us and, I think, longer term for us, you know from, like we said before, around recruitment, we're lucky that we have multiple areas that we can pull, you know, good team members from. So that's, I suppose, a big highlight for us this year.

Adam Cliffe: In terms of challenges this year?

Ashley Darwen: What sticks out as being quite challenging, for lack of a better word. Again, and without harping on a bit, I think recruitment is still a challenge. You know, in our industry, finding people with that good culture fit and that have good personalities, that can communicate, that's always been a challenge for us. But, you know, post-COVID it's been a lot harder. So, I think one of our biggest challenges still is getting the right people. That still would be for us the number one challenge.

Adam Cliffe: Yeah, and I think also, you know, some of our other highlights around our cyber program that we've developed and obviously, you know, going to market with the Privacy Act reasonable steps assessment I think is quite remarkable, considering I haven't heard any other provider sort of go down that path, and we've really kind of pivoted and said not only do we think cyber is really important, but protecting you, the privacy and the data is just as. So, you know, sort of two sides of the same coin. So, I'm really proud of what we've done with that. And if you haven't watched episode four with Nicole Stephenson around data privacy, I highly recommend you do it. It was a fantastic conversation.

And I think, just in challenges too, you know, obviously the resourcing is probably going to be a forever challenge, right, and I think it's going to ebb and flow as to how much of a challenge it sort of presents each year, depending on market conditions and circumstances. But from a technological aspect, you know AI is a big challenge because no one's got it figured out. Everyone's got a differing opinion on it. Some people think it's going to destroy the world, other people think it's going to take everyone's jobs. Some people think it's going to destroy the world. Other people think it's going to take everyone's jobs. Other people think it's just going to augment jobs. I think the truth is probably somewhere in the middle and there's a balance.

I think the reason why it's such a challenge is because it's got such hype behind it. You've got tools like Copilot, ChatGPT. You've got confusion around what even is AI. What's AI versus automation? What's the difference and what do I actually want? And then you kind of got the businesses that see all the articles, see all the hype and go “I want it” but don't actually understand the business objective or what they're actually trying to solve with AI. And I think it puts an extreme challenge on us as service providers and consultants and trusted advisors in terms of addressing this, because there's so many different components to it, all the way down from is your data good enough? Is it secure? Have you got the controls in place? Have you got classification? And that's like even just talking about it from a technological perspective, just even going back to a business objective like what are you actually trying to achieve? So, I see that as like going to be going into 2025 as well. Yeah, another big challenge.

Ashley Darwen: Yeah, I think in our industry next year and probably for the next three years, I think for us the biggest thing is going to be educating the business community around governance, risk and compliance and AI. That's going to be our two big challenges that we're going to have to do and, as you said, no one's mastered it yet, but we're going to have to work really hard to understand what businesses require from AI and just making sure. You know, we've had that lengthy conversations about this to and from and we haven't agreed on all of them, but I think AI is something definitely that is going to enhance businesses and that can be a differentiator. But I think this is something that we actually agree on with, it is that we need to make sure that their data is safe first before you even start that journey. There is some the data governance piece. The data governance piece is going to be really important before they start their AI journey.

Adam Cliffe: And then even on the governance risk and compliance side and the privacy aspect to it, you know, and the latest guidelines from the OAIC around, not just you know commercially available AI, like your Copilots and your ChatGPTs, but even your custom developed stuff, like they've got guidelines for both now, and it's not just a simple case of, “Oh, we'll just roll it out in the business and we'll get it trained on all this data and whatnot,” like, there needs to be, you know, like privacy impact assessments, like how is this going to like? Do we have consent, yeah, you know, from our stakeholders to actually use their data to train this large language model or something like that? So, there's so many different elements to it, that sort of bleed into other areas as well, like your GRC and your privacy, and then your cyber security and, yeah, even just your normal sort of business operations yeah, and the and the other thing on top of all that.

Ashley Darwen: You know, some industries have regulations around it, but then there's also the legislation requirements for, you know, 80% of businesses that we look after. There's that piece, too, that they've got to be mindful of and we need to educate them on to make sure that they're compliant with their regulatory compliance for their industry, but also the legislation compliance too, to make sure that they're compliant with their regulatory compliance for their industry, but also the legislation compliance too, to make sure that they're compliant with that before we do anything else as well.

Adam Cliffe: Yeah, and just on that topic, I guess we did a 2024 customer survey with our clients and there's some pretty interesting data out of that and I know we just spoke on, I guess, the GRC, governance, risk and compliance and the privacy aspect and those rank really highly with our customer base as the impact of what it means for them. What do you make of that, like, do you think that the messaging is finally sort of getting out there in the wider business community about the importance of making sure your privacy is good and your data secure and, you know, you're being compliant with legislation?

Ashley Darwen: Yeah, I think where we're starting to see and I know we we've tried to do a lot of education to our customer base around their obligations and also, you know, the risk that they have, because not only is there those things, but there's also the reputational harm that can go with. You know the risk that they have because not only is there those things, but there's also the reputational harm that can go with. You know, in the event that something happens or there's a breach or something like that and do you think that reputational harm part?

Adam Cliffe: The reason why that's kind of cropped up is all the data breaches that we've seen in 2024? It's been a big year of data breaches.

Ashley Darwen: It has, but they're the ones that we know of, I think that we're actually going to see. I think that's the tip of the iceberg. I think we're actually going to see more and more over the next 12, 24 months, and I think the business community is not ready for that yet.

Adam Cliffe: What makes you say that? Why do you think we're going to see more? Is it an under-reporting thing currently?

Ashley Darwen: I think it's an education thing. I still don't think that, and this is this is just my opinion, but I still don't think that some businesses are aware of what their obligations are. I think we're seeing what's being reported, but I don't know if that's the actual stat numbers, you see ASIC doing a little bit in this space in the past.

Adam Cliffe: You know Joe Longo's come out and said you know, directors can't just bury their head in the sand and cyber matters, especially the board, and you know, we've seen such a massive ramp up in the OAIC, which is the Office of the Australian Information Commissioner. Yep, we've seen a lot come out of that office in terms of obligations. This is what you must do and it's kind of been. I feel like 2024 has kind of been the year of education and I think 2025, my personal opinion is going to be the year of enforcement, correct? So, I guess the takeaway from this is, if you're not doing the right things in terms of your cyber and your privacy and your data, you might want to get on top of it before it bleeds into that sort of gear, of enforcement.

Ashley Darwen: Yeah, and you know, internally, that's our stance is where you know our obligation is to make sure that all of our customer base is ready for that and they're prepped for their requirements, but also making sure that you know, from a reputation of risk, we understand the risk and that we're mitigating as much as we possibly can for them, on their behalf.

Adam Cliffe: And I think that's the important part, isn't it? It's a risk-based conversation, correct, and it's about mitigating and accepting those risks, but at least being aware of it and doing your reasonable steps in terms of what are our actual risks around it and what are we willing to accept? What are we willing to mitigate? What are we willing to transfer?

Ashley Darwen: Yeah, and it's different from industry to industry. Some industries, if you look at manufacturing, they may not have any personal information on Australian individuals, where, if you look at a social services organisation, they have a much higher risk because the data that they have is more sensitive than what a manufacturing industry would have. So, every business is different. It's about understanding the risk, educating you know that organisation on this is what could happen, how do we mitigate it and going from there.

Adam Cliffe: The flip side to that is that manufacturing might have some IP.

Ashley Darwen: Exactly, they might not have the sensitive or they still have risk, and it might be IP risk or there's financial risk, you know, because manufacturing normally has higher invoices, and you know that can be changed. So, there's definitely risk, it's just different.

Adam Cliffe: Different type. Every organisation has different risk. Yeah, so going into, I guess, 2025, I think it's going to be the year of enforcement, what do you see businesses doing more of? Do you think they're going to take on more education around the cyber awareness stuff? Are they going to, you know, do those steps required? Do you think they're going to sort of go down more the AI or is there a combination? Is there anything else you think?

Ashley Darwen: My personal opinion is what I think will happen is I think businesses, like you said, are educated around governance, risk and compliance. I think there's some changes that need to be made to most of think businesses, like you said, are educated around governance, risk and compliance. I think there's some changes that need to be made to most of those businesses, which I think we'll see over the next 12 months. I think there'll be some conversations around AI and maybe some piloting in organisations around what it can do, what it means for them. But I still think that cyber security is still for at least the next 12 months, especially around privacy and legislation. I think that's going to be the focus and then I think, post that once that's done, then the push in AI or automation in an organisation is going to be the focus from a technology point of view.

Adam Cliffe: Yeah, no, I agree, and I think cyber's not going anywhere. But I do think that privacy is kind of stepping out from the shadows of cyber and it's becoming its own sort of force, yeah, to be reckoned with. And I think we're going to see, and I think that's again comes down to that data governance piece and, you know, it's a gold mine, right, like, if, like for attackers and hackers out there, that is the part that they're trying to get to so they can hold you to ransom and all that sort of stuff, right. So, I think privacy and not just privacy in terms of that, but privacy in terms of consent and disclosure and use and all the different APPs and the privacy I think it's really going to come out from the shadows and not be sort of like the second cousin of cyber anymore. I think it's going to be the sibling of cyber. I think we're going to see it become more of a standalone thing, which I think is great, because I think they're so complimentary. They're two sides to the same coin and it'd be great if you could tackle both at the same time. I think that is probably the best stance you can do.

And then I think that AI is going to just keep doing what it's doing and it's just going to keep sort of probably maturing in the background and, you know, the hype will probably still go on as new sort of tools and technology and I know we've had conversations around this, and I think this is probably where we're going to see probably more of it land in the forefront, and that is around the AI in the line of business apps that our customers use on a daily basis. I think when they start introducing AI into those applications, you're going to see more of a shift and more of an uptake, and I think that's probably going to be the key driver. I think that maybe might then go oh, we've got this data now that we never used to be able to get because of AI. How do we use that? Or do we funnel that into something else that can give us some other data-driven metrics?

Ashley Darwen: Yeah, and I think, just back to your point around data governance, I suppose the thing to remember between privacy and cyber security is that, from a privacy point of view, that's actually the legislation, that's what we actually need to be compliant to. So, I think that's why you're going to see more of it coming up, because, yeah, people are obligated to comply with that legislation requirement. Yeah, I think. In terms of AI, I think you're right. You'll see. I think the biggest change will be when line of business applications that are specific to the industry start implementing AI, because that's where all of that data is. So, I think that's where you'll see some changes happen. Having said that, in Copilot and things like that, as long as it's in the 365 ecosystem, then, depending on where your data sits, I think that'll depend on how quickly you can transition and use AI or automation for the organisation.

Adam Cliffe: Yeah, so there's quite a bit to take away from this conversation, but if you had to, I guess, narrow it down to the top three things that you think businesses should be doing in 2025, what would they be?

Ashley Darwen: So, three things. Like we've just said, cyber security still needs to the maturity there. I don't think businesses are there yet and I think that needs to be a focus for all levels, especially the, the CEO, CFO, CEO level, yeah, and if they have a board, they need to be really focused on asking questions around where we're at in the journey. What's our maturity? What's our risk? How are we mitigating that? I think that needs to be number one and I think the second one. I know you asked me for three, but the two big ones for me is just AI and automation, and probably more around the automation side of businesses being more efficient. I think that's going to be a game changer in the next 12 months.

Adam Cliffe: Yeah, and I'd say, third, one would be around the data governance and the privacy stuff yeah, I think that ties back into the AI piece again. It's so complementary to the cyber piece. Yeah, thank you so much for joining us, Ash.

Ashley Darwen: It's been a pleasure. Thanks for having me.

Adam Cliffe: No worries, mate, thank you. Always good, too good, as I'd say.