At Manchester Digital, we regularly shine a light on our members to understand more about their roles and their work within Greater Manchester’s digital and technology community. This week, we’re speaking with Lucy Cox, Business Development Manager at Celerity.
Tell us about your role at Celerity and how it connects to cyber security and threat management in your day-to-day work?
I'm a Business Development Manager at Celerity, which means I spend most of my time talking to organisations about where their biggest risks are and helping them figure out what to do about it. Cyber comes up in almost every conversation. Whether that's SIEM, data security, or recovery, the threat landscape is impossible to ignore right now.
How has Celerity's growth strengthened your cybersecurity capabilities, and how is it changing the conversations you're having with clients around evolving threats?
Growth has meant we can have much more joined-up conversations. We're not just selling point solutions, we can talk about the full picture from detection through to recovery. Clients are responding to that. They're tired of managing five different vendors with no-one taking overall accountability.
How are organisations' expectations shifting when it comes to protecting against, responding to, and recovering from cyber incidents?
The shift I'm seeing is from prevention to resilience. Organisations have accepted that breaches will happen the question now is how fast can you recover and can you prove it. That's a big change. It's moving the conversation from IT teams into the boardroom.
What are the most common cyber threats or vulnerabilities you're seeing across your client base right now, and how are businesses adapting?
Ransomware is still the big one, but what's changed is where it hides. We're seeing attacks that sit dormant in backup environments for months before they trigger. A lot of organisations don't realise their recovery data is already compromised. The ones adapting well are the ones testing their recovery regularly rather than just assuming it works.
How do operational resilience and managed services translate into practical threat detection, response, and risk reduction for your clients?
It means someone is watching 24/7 so they don't have to. A lot of our clients don't have the internal resource to run a SOC effectively so managed services close that gap. On the resilience side, it's about making sure that when something does go wrong, the recovery is clean, fast, and proven. We're getting recovery windows down from hours to minutes, which completely changes the business impact of an incident.
Are there particular sectors facing more acute cyber security challenges at the moment?
Financial services and public sector are under the most pressure right now as they are heavily regulated, high-value targets, and often running legacy infrastructure that's hard to modernise quickly. NHS is a big one. The consequences of a breach aren't just financial, they're operational and in some cases affect patient safety. That changes the urgency of the conversation entirely.
But retail is worth calling out too. Just look at the high-profile attacks we've seen recently, the reputational damage is devastating and in some cases irreversible. No one is immune.
With AI, cloud adoption and FinOps continuing to grow, how are these trends impacting the cyber threat landscape?
Cloud sprawl is creating visibility gaps that attackers are exploiting. The more complex the estate, the harder it is to know what's exposed. AI is a double-edged sword, it's making threat detection faster, but it's also making attacks more sophisticated. The organisations that are ahead are the ones treating cloud cost management and security as the same conversation, not separate ones.
How important is collaboration within regional ecosystems when it comes to tackling cyber threats?
Really important. Threats don't respect geography but intelligence sharing does help, especially for smaller organisations who can't afford to learn every lesson the hard way. Being part of the Manchester ecosystem means we're having those conversations early, which matters.
For organisations looking to strengthen their cyber resilience in 2026, what's one practical step they should prioritise?
Test your recovery. Most organisations back up religiously but never actually test whether they can restore. By the time they find out it doesn't work, it's too late. It sounds simple but it's still the most overlooked step and fixing it doesn't have to be expensive or disruptive.
Thank you Lucy!
To find out more about Celerity, click here.
