The movie hit theaters Oct. 26th.

With the growing prevalence of high-profile data breaches, cybersecurity has made a seemingly permanent home in popular culture.

Friday night, my wife and I snuck out for a date night. Not a lot is in theaters this time of year, although the new Johnny English starring Rowan Atkinson recently came out. I am a bit late to the game when it comes to the trilogy, but I rather enjoy the way it blends slapstick with dry British comedy.

The latest chapter was particularly interesting to me because it hinges around cybersecurity. The film sees English called out of retirement after a series of cyber attacks have compromised each MI7 agent. He uses his unparalleled… err… wit to identify and apprehend the attacker who is seeking nothing less than global power. 

What can we learn from Johnny English about security?

3 Cybersecurity Takeaways from Johnny English Strikes Again

[Spoilers below]

1) Know what data permissions you are giving (and to whom)

Early on in the film, the Prime Minister, played by Emma Thompson, finds herself a bit stuck. The British government is faced with dozens of cyber attacks, each increasing in its impact on the nation, from turning all of the stop lights in London red to turning up the velocity on the famous London Eye. No one knows what to do regarding all of the attacks, nor do they have a cybersecurity plan in place to keep them from continuing to happen. The data breaches and hacks continue to happen, impacting the greater population of England.

Then, almost serendipitously, the answer to all of the Prime Minister’s problems appears. A silicon valley executive named Jason Volta, played by Pete from the later seasons of The Office (Jake Lacy) can resolve their predicament if he just moves their data over to his servers. Not a huge twist – it’s a comedy, not a mystery. The PM, in desperation, cedes control of all of their data and applications to the very person causing the disruptions.

Then, later in the movie, the PM inadvertently gives Volta control over the entire nation state by not reading the terms of service. Thank goodness for Mr. Bean… I mean Johnny English, who comes to the rescue.

For the sake of security, know what data you are sharing and know who you are giving it to.

English has a bit of trouble with VR.

2) Always use multi-factor authentication

The lovable Bough, played by Ben Miller, married between episodes 2 and 3. His wife is actually the captain of a nuclear submarine, which comes in handy as English and Bough enlist her help to track down the Dot Calm, the villain’s yacht.

Late in the movie, English dials manually into the MI7 phone system a little too close to the sub. Like commercial aircraft just a decade ago, new-fangled technology like cell phones can, uh, interfere with more antiquated technologies. Signals can get crossed. Inadvertently, though previously forewarned, English’s selections throughout the phone system options [un]surprisingly matched those numbers needed to authorize a nuclear launch.

Without multi-factor authentication, or when the Captain called to confirm the order, a warhead would have been incorrectly fired. I’ll skip over the part where the government official answering the phones accidentally put the two active phone receivers across from each other resulting in English unknowingly ordering the strike and the sub’s captain then taking action. Cybersecurity means making it hard for both malicious attempts and accidents to leave you exposed. 

Leaving your accounts to chance, where someone only needs to get lucky once, is a risk you shouldn’t take. Enable multi-factor authentication and avoid would-be mishaps or breaches.

3) Decentralize your access and infrastructure

Arguably, the whole crisis could have been averted if the government had structured its environment in a more distributed way. The fact that the PM was a master key to the whole of Britain’s digital infrastructure made her a magnet to targets. A successful breach would allow for any malicious party to do tremendous damage and even leverage it to take over a country.

Hosting all of the city’s traffic light data and commands in a single location made it easy for Volta to bring the entire city to a grinding halt. Had the city of London distributed the data, the impact would have been limited to just a couple of intersections. Your cybersecurity plan is only as effective as the infrastructure you put in place. 

Make it hard for the bad guys. Limit the impact a single hack can have. That way a well-intentioned government official or a poorly architected infrastructure can’t leave you completely exposed.

Emma Thompson, Rowan Atkinson & Ben Miller

The Main Takeaway: Getting lucky isn’t a cybersecurity plan

The premise of the series is a bumbling agent mishandling each scenario to surprising success. Fun? Yes. Recommended? Hardly. Unless you are Johnny English, being fortunate shouldn’t be your plan when it comes to cybersecurity. Fumbling yourself into the right position probably won’t happen.  

Instead, proactively plan your response to what could happen. Review accounts regularly for changes. Monitor your credit history. Assume insecurity by default.

We can learn a lot from Johnny English… mostly around what not to do. Still, I recommend seeing the movie if you are looking for a laugh.

Want to get a more complete picture of what you should do? Take our free security assessment.

Happy security from JupiterOne!


JupiterOne is simplifying how organizations manage their cloud-based infrastructure. Learn how you can make strengthen your security posture without adding unnecessary complexity.

Schedule a Demo