We already have an IT provider. Why would we need a cyber risk assessment?

Because it is independent of whoever runs your IT. It tells you whether the protection you are paying for matches the risk you actually carry. If your current provider does not run regular assessments, does not raise cyber risk with you, and has never checked your setup against your insurance requirements, this is the fastest way to find out where you stand.

How does a cyber risk assessment affect our cyber insurance?

Most policies now require specific controls to be in place and will reduce or refuse a claim if they were not. The assessment shows you whether the controls your insurer expects are actually there, before you need to make a claim rather than after.

How much does a cyber risk assessment cost?

A fixed price, based on your size. You will know the number before any work starts.

Find the cyber risks
most likely to hurt your business

An independent cyber risk assessment shows you where the business is exposed, what a breach or outage would cost and what to fix first. You get a plain-English report and a prioritised plan, not a technical document written for the IT team.

Book a Technology Strategy Call

Cyber risk assessment for business leaders

Why now

Cyber risk has climbed sharply. Attackers use AI to make phishing and impersonation harder to spot and to run attacks at far greater scale. Insurers now expect proof that proper controls are in place before they pay a claim.

The Cyber Security and Resilience Bill is widening who is held responsible for security, bringing IT providers into scope for the first time. The expectations on business leaders are rising. A cyber risk assessment tells you whether you're meeting them.

What you get

You get one report, written for the people running the business rather than the IT team. It covers four areas.

Risk summary

The main risks ranked by business impact, in priority order.

Microsoft 365 and identity review

Accounts, access, email, device controls and the misconfigurations we see most often.

Incident readiness

Whether the business knows who acts, who decides and how to communicate during an incident.

Prioritised action plan

The fixes that matter, ordered by urgency, effort and risk reduced.

How we run it

Three steps, from your go-ahead to the walkthrough. We assess the entire business, so there's nothing for you to scope or leave out.

01

Fixed price up front

We price the assessment on your size, your user and device numbers, and confirm it before any work starts.

02

The assessment

We run technical scans across your devices, people and applications, check where personal data is held, scan the dark web for leaked passwords and safely simulate common attacks. It runs over the course of a month, with no disruption to your team.

03

Report and walkthrough

We pull the findings into one report and present it to your leadership, so the priorities are clear and someone owns each next step.

Who it's for

You're about to apply for Cyber Essentials or another framework and want to know where you stand first.
You want an independent second opinion on your security, separate from whoever runs your IT.
You have an MSP, but they don't run regular assessments, don't raise cyber risk with you, and have never checked your setup against your insurance requirements.

If nobody has checked your setup against what your insurer expects, you could be paying for cover you can't claim on.

What you do with the report is up to you

You own the report. Most businesses either bring us on board to close the gaps, hand it to their current provider as a list of fixes, or use it to compare providers on the same set of facts.

Any of those is fine. The point is that you decide with a clear picture in front of you, not a sales pitch.

Common questions

What is a cyber risk assessment?

A structured, independent review of where your business is exposed to cyber attack. We run technical scans across your devices, people and applications, check your Microsoft 365 setup and look at how ready you are to handle an incident, then tell you which risks matter most and what to do about them. You get a written report and a prioritised plan.

How is it different from a cyber security audit or a penetration test?

An audit checks your controls against a fixed list. A penetration test actively tries to break into a system. This assessment sits earlier and wider than both: it tells leadership where the real business risk is and what to fix first, so any spend afterwards goes to the right place.

We already have an IT provider. Why would we need this?

Because it's independent of whoever runs your IT. It tells you whether the protection you're paying for matches the risk you actually carry. If your current provider doesn't run regular assessments, doesn't raise cyber risk with you, and has never checked your setup against your insurance requirements, this is the fastest way to find out where you stand.

How does this affect our cyber insurance?

Most policies now require specific controls to be in place and will reduce or refuse a claim if they weren't. The assessment shows you whether the controls your insurer expects are actually there, before you need to make a claim rather than after.

Will it disrupt the team?

No. The scans and review run in the background. We may need short access to your systems and a brief conversation with whoever looks after your IT. Your staff carry on as normal.

How much does it cost?

A fixed price, based on your size. You'll know the number before any work starts.

How long does it take?

We run the assessment over the course of a month. We then pull the data together into the report and meet to present the findings about a week later. Start to finish, you're looking at four to five weeks.

Talk through where the risk sits

Book a Technology Strategy Call. 15 minutes to discuss what you've already got covered and whether a full cyber risk assessment is the right next step.