The Scottish Action for Mental Health, better known as SAMH, is the largest mental health charity in Scotland. The not-for-profit organisation provides over 70 different kinds of mental health service to cover everyone, from children to the elderly, across the whole of Scotland.

SAMH offers a comprehensive range of support from walk-in centres, crisis intervention, rehabilitation, counselling and advice. It also campaigns for better support from the government for vulnerable people and collaborates with the private sector to raise much-needed funds to improve quality-of-life.

Like organisations in the private and public sectors, not-for-profits are targeted by cybercriminals. Research indicates that 66% of high-income charities report that they have experienced some form of cyber security breach or attack in the last 12 months. After being the victim of a ransomware cyber-attack several years ago, SAMH put its trust in Quorum Cyber to contain the attack and facilitate recovery. Subsequently, they worked with the Quorum Cyber team to strengthen SAMH’s cyber security measures to minimise the risk of future attacks. “You think your organisation is ok until something happens,” says Jason Bryce, Chief Operating Officer at SAMH. “Quorum Cyber’s team were very professional and brought calm to a frantic and stressful situation.”

Satisfied with the service it had received, SAMH went on to sign a multi-year managed detection and response service, Clarity Extend.

Continually strengthening cyber security

To continually enhance SAMH’s cyber security, Quorum Cyber mapped and measured key areas of cyber defences across the entire organisation to better understand any potential weaknesses and identify where improvements could be made. “Quorum Cyber understood the level of defence that our organisation needed based on what we do and the IT estate we have,” explains Jason. “They provided peace of mind and a plan to enable us to reach our goals, but they didn’t oversell and gave us lot of useful, practical advice about how to manage and improve our security.”

The charity additionally commissioned an independent review from another company, which provided “extremely positive” feedback regarding Quorum Cyber’s work and the outcomes achieved by SAMH.

In 2025, Scotland’s largest mental health charity extended the partnership by a further two years. Naturally, it followed good governance by talking to other cyber security companies to compare benefits and costs and chose to remain with Quorum Cyber. “The great services that Quorum Cyber has always given us made them a serious candidate,” says Jason.

Top criteria for a strong partnership

Reflecting on the renewal process, he lists quality of service, price, trust, and confidence as his top priorities when considering service providers.

In today’s inhospitable and unpredictable digital environment, cyber risk remains the number one risk for SAMH. And unlike financial risks, cyber risk comes with no warning flags or indicators to help the organisation plan for the future. Cyber-attacks can happen suddenly when they are least expected and disrupt operations virtually overnight.

Benefits of a Microsoft-first partner

As an almost entirely Microsoft house, all of SAMH’s devices and accounts are covered by the Microsoft Defender suite and managed through Microsoft Intune using Enterprise Mobility and Security (EMS). This is a suite of tools and technologies designed to manage and protect mobile devices, applications, and data within an organisation.

This also makes Quorum Cyber – a Microsoft Solutions Partner for Security with deep Microsoft expertise and experience – a great match for the charity.

“Quorum Cyber’s deep understanding of Microsoft simplifies our decision to adopt the service and helps reduce spending on other vendors,” explains John Stoner, Head of Information Services at SAMH and chair of its Information Security Committee and Audit and Risk Committee.

John conveys valuable information he receives from the monthly service reviews and from Quorum Cyber’s customer platform, Clarity, into reports and meetings. “An external Security Operations Centre (SOC) shows that we take cyber security seriously when applying for funding and gives our trustees reassurance,” he says. “We’ve also moved to a true cloud-first infrastructure which has vastly removed our attack surface and need for infrastructure protection.”

SAMH also values Quorum Cyber because it’s a threat-led cyber security company that can apply the intelligence and lessons it learns from hundreds of other customers across a variety of sectors to help proactively protect the charity. “We value the Threat Intelligence team’s advice on what kind of attacks they see in the not-for-profit sector, and across other sectors that might reach us, either today or tomorrow,” says Jason.