Alice Hendy is speaking to Civil Society on a lunchbreak from her full-time role as cyber culture manager at multinational audit giant Deloitte.
Hendy has fitted in time around her day job to work on Ripple Suicide Prevention since setting up the charity three years ago.
“I work on the charity before I start work at Deloitte every day, during my lunch break, and after I finish, as well as weekends,” she says.
“So that’s kind of how I how I try to manage it. It does mean, however, that I am very, very busy. And I rarely switch off.”
Hendy founded the charity (stylised as R;pple) in 2021, months after she had lost her brother Josh to suicide, which is part of the reason why she is willing to dedicate so much of her free time to it.
“I think when something like this happens to you, you never know really how you’re going to react to it.
“The way I dealt with it at the time – and actually I would even argue the way that I’m dealing with it even now, three years later – is by trying to stop it from happening to other people.
“That became my purpose. It became my focus. It provided me with something to allow me to actually open my eyes and get up in the morning to do.”
Ripple has grown rapidly in its three years and Hendy is set to be presented with her MBE this summer for her work setting it up. But unlike some charity founders, Hendy has no plans to hand over the reins to someone else. Her dream, she says, would be to work on the charity full-time.
“However, we’re not quite there yet. So, maybe one day my full-time job will be running my charity and living my passion every day.”
Background in cybersecurity
After graduating from university, Hendy got a job as a cashier for Barclays. She quickly worked her way up into management roles at the national bank before applying to be its cybersecurity manager.
“The hiring manager actually came back to me and said: ‘Why have you applied? You’ve got absolutely zero qualifications and experience in cybersecurity.’
“I just said please give me an interview and just give me a chance. He said: ‘Yes.’ I went away, I did lots and lots of research. I was young at the time, enthusiastic, keen to learn and I just said I promise you I'll get up to the level that you want somebody to be at.
“They took a bit of a punt on me, to be honest, and I did it and they trained me up. And I’ve been in cybersecurity ever since.”
Hendy then moved onto senior cybersecurity roles at HSBC and QBE Insurance before her current position at Deloitte.
Reflecting on how her career enabled her to set up Ripple, Hendy says: “I almost feel like I was supposed to go into the field of cybersecurity in order for this to happen.
“Because if you were to say to me at school that I’m going to work in it, I’d have laughed at you.”
Charity launch and MBE
After Josh died in November 2020, Hendy discovered that months earlier her brother had carried out online searches around how he could end his life.
“I found that he had actually been visiting websites and forums that not only encourage you to take your own life, but actually provide you with tips on how to do it.
“I just thought why if somebody is that low and that desperate when they’re conducting those kinds of searches, why is there nothing that comes up to say to them: ‘Look, stop, pause, think about what you’re doing. And by the way, look at all of these amazing support services that exist to help you and to get you out of this.’
“So, because nothing existed, I created my own piece of technology. And that’s really where Ripple was born.”
In early 2021, Hendy set up Ripple and launched its main service, a web browser extension that intercepts harmful online searches relating to suicide and self-harm.
Three years on, the charity’s tool has been deployed by organisations across the UK, is used in 49 countries and is available in 14 languages.
The charity recorded an income of £332,00 in its second year, its most recently audited, and now employs four members of staff and three volunteers, including Hendy.
In January this year, Hendy was awarded an MBE for her work with Ripple, which she says was surprising but bittersweet.
“It’s something that obviously I didn't expect to receive but a nice recognition of all of the work that has been carried out since I lost my brother.
“On the other side of it, it was also pretty sad because I obviously rather not have any of this and not have the MBE and not have my life really going down this path and actually have my brother by my side instead.”
Importance of relationship building
Despite her charity’s growth and success, Hendy says she has not got everything right over the past three years.
“When I started the charity, as a one-person band, I was head of HR, marketing, social media, finance, and everything in between. So, it’s been a huge learning curve. There’s stuff that I did right and stuff that perhaps I should have done differently. But that’s all part of the of the journey, I think.”
Hendy says the best advice she could give to someone else setting up a charity would be “to have evidence, reasoning and justification behind absolutely every single decision that is made because you never know when you might need to go back on that”.
She also recommends holding regular meetings with trustees and getting “a decent accountant from the beginning”.
Hendy says the main skill she has brought to the charity, apart from her cybersecurity expertise, is relationship building.
This, she says, has enabled her to work with businesses, decision-makers and other organisation to deploy the charity’s tool.
Collaborating with other charities
Ripple has collaborated with more than 70 other mental health charities, often signposting people to each other’s services.
Hendy says she has found working with smaller charities to be “much easier” than larger organisations.
“They appear to be much more collaborative, and much more genuine, actually. And are often led and driven by personal experience and personal loss.
“When it comes to some of the larger charities, it’s difficult. They’re very protective of their brand, their franchise, and they run like businesses. So, I find it more difficult to work with those kinds of organisations.
“Ultimately, from my perspective, I couldn’t care less who provides somebody with mental health support, as long as they’re getting mental health support.”
Hendy would like Ripple to be more involved in policymaking, in particular around changes introduced as part of the recent Online Safety Act 2023.
“It’s a start in terms of improving online safety and the link between that and mental health, but in my opinion, it doesn’t go anywhere near far enough,” she says.
“And the government should be working with more small groups, working groups, who actually have the lived experience of losing people in this way to determine how they move forward and how they can help more people.
“They’ve got a strategy at the moment. But I don’t believe it’s ambitious enough. We’ve still got a very big problem with suicide in this country. And we all need to do more.”
Cybersecurity risk to charities
As a cybersecurity professional, Hendy says Ripple is well protected from online risks. But she says other charity leaders should do more to prioritise it.
“Cybersecurity is one of the biggest risks that they will face to their charity and their organisation.
“So, they need to make sure they have antivirus software, they need to make sure their staff are trained in spotting threats such as phishing emails and phishing calls. They need to make sure their website is pen-tested and that they have strong passwords for all of the accounts that they own.
Hendy adds that charities should take out specific cyber insurance and warns that the risks are increasing.
“The list is endless, to be honest, but it does need to be a priority. Because I’ve seen too many organisations during my time in cybersecurity, that just haven’t taken it seriously and who’ve actually then lost key records as a result of somebody who is playing with them behind the scenes for their own enjoyment.
“And with technology as it is, it’s only going to get worse. So, I feel really strongly that charities need to do as much as they can to safeguard and protect themselves from cybersecurity risks if they can, whatever the cost.”