This session delivered a candid and practical look at cybersecurity risks impacting lighting design firms, emphasizing that cyber threats are no longer abstract or limited to large corporations. The discussion opened with a real-world account from Jill Cody, who shared how her firm experienced a targeted cyberattack involving email compromise, attempted payment diversion, and the theft of sensitive personal data. Her experience underscored how quickly damage can occur—and how critical fast response and expert IT support are in limiting harm.

A central theme was preparedness. Panelists stressed that basic cybersecurity hygiene can significantly reduce risk. Best practices included using strong, unique passwords for every account, implementing password managers, enabling multi-factor authentication (MFA), and monitoring suspicious login activity. Endpoint protection, full-disk encryption, and automated backups—especially offline backups—were highlighted as essential layers of defense rather than optional upgrades.

The session also reframed cybersecurity as a business investment, not an IT afterthought. Participants were encouraged to budget intentionally for cybersecurity tools, training, and expert support. Security awareness training and basic policies help ensure staff recognize phishing attempts, social engineering tactics, and emerging threats before damage occurs.

Cyber insurance emerged as a critical safety net, particularly for small and mid-sized firms. Travis Stroud explained how modern policies cover ransomware attacks, data breaches, business interruption, forensic investigations, and negotiation support. With average ransomware-related downtime reaching nearly a month, insurance can mean the difference between recovery and closure.

Finally, the panel looked ahead to evolving threats, including AI-driven attacks and deep fakes, and introduced Zero Trust as a growing framework focused on continuous verification. The takeaway was clear: cybersecurity is an ongoing practice. Firms that adopt layered protection, stay informed, and act proactively are far better positioned to protect their people, data, and livelihoods.