Sarah Armstrong-Smith is the Chief Security Adviser at Microsoft Europe Talks To European Busineess Magazine

Sarah Armstrong-Smith for European Business Magazine Sarah Armstrong-Smith is the Chief Security Adviser at Microsoft Europe and one of the UK’s most influential figures in cybersecurity. Since her appointment in 2020, she has played a pivotal role in shaping Microsoft’s digital transformation and cloud adoption strategies. With a career spanning over two decades, Sarah has held senior positions including Group Head of Business Resilience & Crisis Management at the London Stock Exchange Group and Head of Continuity & Resilience at Fujitsu.

In this interview, Sarah reflects on her journey – from tackling the Millennium Bug to guiding multinational organisations through complex cyber threats. She discusses the evolving landscape of cybersecurity, including AI-driven risks, the influence of media on public perception, and the importance of understanding attacker psychology.

Q: Since joining Microsoft as Chief Security Adviser for Europe in 2020, you have navigated significant global challenges. What would you consider your most meaningful professional achievement in this role, and how has it shaped your perspective on security and digital transformation?

Sarah: “Well, for me, I actually joined Microsoft one week after the UK went into lockdown. So, my entire Microsoft career to date has been from this very office! It’s been interesting to be in the middle of a global pandemic, joining a new company, but also seeing the inner workings of Microsoft.

Microsoft is a massive organisation with over 160,000 employees worldwide, but beyond keeping the company running, we also had to ensure our customers were operational. Then there was the massive acceleration to the cloud, particularly collaboration tools like Teams.

It was incredible to see how Microsoft rose to the occasion, supporting customers and new users. In my role, I work with strategic and major customers across Europe, acting as an executive sponsor across different sectors. It allows me to understand their challenges, especially around cloud adoption and digital transformation.

No matter how bad things get—and we have had major crises over the years—I always focus on opportunities. What can we learn? What can we do better? That’s why I am proud to work at Microsoft.”

Q: As a cybersecurity expert, you have witnessed the evolving threat landscape. What do you see as the most pressing cybersecurity threats businesses face today, and what proactive measures should organisations take to mitigate these risks?

Sarah: “Cybercriminals are opportunistic and thrive in a crisis. Over the last 12–18 months, we’ve seen a massive increase in phishing attacks preying on people’s fears and emotions. Attackers pretend to be your bank, a charity, or an organisation offering support. They try to trick you into giving up credentials or clicking malicious links.

We have also seen a rise in ransomware attacks, particularly targeting healthcare and critical infrastructure. It was shocking to us that during a pandemic, attackers still targeted hospitals and emergency services because they believed those institutions would be more likely to pay.

Businesses need to adopt an ‘assume compromise’ mindset. No matter how strong your cybersecurity is, attackers will try to find a way in. The focus should be on preparedness: what happens if someone accesses your systems? If your data is leaked, what’s the impact? Where should you prioritise your security efforts?

Cybersecurity isn’t just about defences—it’s also about crisis response. If your network goes down, can your business revert to manual processes? How do you communicate with customers and partners? The response strategy is just as important as prevention.”

Q: Your experience working on the Millennium Bug provided valuable insights into large-scale digital risks. What key lessons did you take away from that experience, and how have they shaped your approach to cybersecurity and business resilience?

Sarah: “I think having a background in business continuity has enabled me to think about the big picture. I was always considering worst-case scenarios—what is the worst thing that could happen? But we also need to think more broadly. We need to consider incidents that are not just relevant to our own company but those that impact cross-sector and even global changes.

I think back to 9/11 as a really good example of a major incident on a massive scale that we hadn’t seen before. The way it was televised and the shock that came with it really brought home the impact of terrorism and how important business continuity is at that level.

Bringing that forward to now, the global pandemic has really emphasised how interconnected and dependent we all are. That applies to small businesses as well as large enterprises. When we consider these threats, it’s not just about business continuity but also cybersecurity and attacks. We have to think holistically, much more broadly. This is where resilience to all these types of threats comes to the forefront.”

Q: The media plays a significant role in shaping public perception of cybersecurity threats. To what extent do you believe media coverage amplifies fears, and how can businesses and individuals cut through misinformation to make informed security decisions?

Sarah: “Potentially. Sometimes the media can really help, but they can also hinder. The problem is scaremongering, blowing things out of proportion. People have a tendency to believe what they read on the internet without fact-checking, and that has become more difficult due to the sheer number of information sources available.

Where do you go to get factual information? People read things on social media—Facebook, Twitter—and it is really hard to decipher fact from fiction. The media can sometimes exaggerate things. It’s important to find the right sources of information and utilise intelligence to cut through the noise and get real, actionable insights.”

Q: Your career spans over two decades in cybersecurity, data protection, and digital transformation. What initially drew you to this field, and how has your journey evolved over the years to encompass critical areas like fraud prevention, crisis management, and business resilience?

Sarah: “I have been working in the technology environment for over 20 years now, and I trace this back to 1999. I was actually working for a water utility company during the Millennium Bug in 2000. Many companies were running large transformation programmes to recode a lot of their computers and servers because the theory was that, at the stroke of midnight, a number of systems would go into meltdown due to the way the Year 2000 had been coded.

For me, from a young age, I’ve always been driven to keep asking ‘why’ and to question everything. What if the systems go down? What if we can’t get people to work? What if all of these things happen? At the time, I didn’t realise I was looking at business continuity. It just felt like common sense to keep asking these questions. That was the start of my career.

I always look at that moment as the point where my career began. From business continuity, I then pivoted over the next 20 years into disaster recovery, cybersecurity, fraud prevention, crisis management—all of which fall under the banner of resilience. That’s how my career has evolved, and it’s been fantastic.” This exclusive interview with Sarah Armstrong-Smith was conducted by Mark Matthews.

The post Sarah Armstrong-Smith is the Chief Security Adviser at Microsoft Europe Talks To European Busineess Magazine appeared first on European Business & Finance Magazine.