Strengthening Cyber Resilience: How NormCyber’s cyber security managed service helped Britain’s biggest art charity reduce vulnerabilities by 50% within six months and achieve effective cyber risk protection at half the cost of an in-house team
Art Fund is the UK’s largest art charity, dedicated to supporting museums, galleries, and historic venues. Established in 1903, its mission is to preserve and promote the UK’s cultural heritage by funding projects that enhance accessibility and conservation of artistic and historical collections. Beneficiaries include the Tate Galleries, British Museum, V&A, Young V&A, and the National Gallery.
As a high-profile cultural institution, Art Fund recognised its vulnerability to cyber threats. High-profile attacks, such as the 2023 British Library ransomware breach, underscored the risks – disrupting operations, exposing sensitive data, and costing the institution £1.6 million in financial losses.
This heightened risk exposure solidified the understanding within Art Fund’s leadership that a cyber attack could severely impact its day-to-day operations and damage its reputation. However, with a lean in-house technical team operating on a 9-to-5 basis, the charity needed additional expertise and 24×7 coverage to safeguard its operations and protect the sensitive data of 135,000 members and donors.
“Seeing large-scale attacks hit our industry made us realise that we needed a robust cyber security strategy with more proactive defences,” said Yvonne Hanson-Mills, Chief Information Officer at Art Fund. “Cyber criminals don’t operate Monday to Friday. We needed the peace of mind that our IT estate was being monitored and protected, whatever the time or day. It was then that we began looking for a specialist to help give us this clarity and confidence.”
Art Fund chose NormCyber for its technical expertise, proactive approach, and personalised service.
“Norm’s personal touch and flexibility stood out,” said Yvonne. “As a small organisation, working with large providers can make you feel like a small fish in a big pond—but Norm took the time to understand our needs and tailor a service around our business priorities.”
Norm deployed a comprehensive suite of managed cyber security services, giving Art Fund real-time visibility into its security status via a personalised performance dashboard, Smartbloc:
A dedicated Focal Analyst was also assigned to Art Fund—acting as an extension of its IT and security teams to provide strategic guidance and continuous improvements.
Peter McAndrew, LiveOps Manager at Art Fund, has seen real change in daily business operations, thanks to the deep insight and actionable advice provided by Art Fund’s dedicated Focal Analyst.
“Before Norm, we didn’t have a dedicated person focused on cyber security. Now, our Focal Analyst, brings a real structure to our efforts,” said McAndrew. “We meet monthly, which is invaluable both in terms of understanding our cyber risk exposure and where to systematically allocate our time. The Focal Analyst model keeps us accountable and helps us systematically improve our defences.”
Following a swift deployment, and as part of the onboarding process, Norm conducted a thorough assessment of Art Fund’s IT estate, identifying priority areas of improvement.
“Within mere days of working with Norm, the team identified over 2,000 vulnerabilities. While it was eye-opening to see the scale of the risks, I was pleasantly surprised by just how quickly we were able to work with Norm to plug the weaknesses,” said McAndrew. “The level of detail Norm provides is impressive. The Smartbloc portal has completely transformed how we approach cyber security—giving us clear, evidence-backed metrics on our cyber posture. It empowers both technical staff and senior decision-makers to make informed, strategic decisions to continuously strengthen our defences.”
Additionally, Art Fund saw significant cost savings compared to building an in-house cyber security team.
“Replicating the expertise and 24/7 protection that Norm provides would cost us twice as much internally,” said McAndrew. “Plus, there’s a strong business continuity advantage—when in-house talent leaves, their knowledge goes with them. With Norm, we always have top-tier experts keeping us secure.”
Looking ahead, Art Fund is deepening its partnership with Norm, recently expanding its scope to include Incident Response Readiness Assessment—a live-play exercise simulating real cyber attacks to test and refine response strategies.
“We conduct monthly cyber security awareness training, but we know that responding to real-world threats requires continuous refinement,” said McAndrew. “Norm’s incident response exercises will give us invaluable experience in handling cyber threats in a controlled environment to ensure that should the worst happen, we have the confidence and capabilities to respond rapidly and effectively.”
In conclusion, Hanson-Mills said: “The measurable impact of Norm’s cyber security services has filled us with confidence and optimism for the future. We’re excited to continue collaborating with the team, fine-tuning our cyber risk management and incident response processes and remaining resilient against threats facing our industry.”
