Cyber Security Report Cards
Get a detailed assessment of your cybersecurity risks and tailored recommendations to strengthen your defences. Improve your security with clear, actionable steps that fit your organisation and gain peace of mind knowing how you can be protected from the latest threats.
How does it work?
- An online meeting to discuss your organisation, its ways of working, policies, approach to risk and how your IT systems are setup. We'll also have an opportunity to talk about any particular concerns you may have about your current situation.
- We carry out a range of technical checks on your email servers, website and selected devices, either remotely or at your premises.
- We produce our draft report and discuss our findings with you to agree any next steps to improve your security.
- Receive the approved final report. Our Advisory Service can work with you to implement the required changes.
Essential
£ 350+VAT
- Cyber Risk Profile
- Email Security Check
- Website Security Check
- Single Device Security Check
- External Scan of 1 IP Address
- Policy Review
- Remote Technical Checks (Site Visit Extra)
Enhanced
£ 750+VAT
- Cyber Risk Profile
- Adversaries and Attack Methods Profile
- Email Security Check
- Website Security Check
- Website Vulnerability Scan
- Multi-Device Security Check (5 max)
- External Scan of 2 IP Addresses
- Policy Review
- Remote Technical Checks (Site Visit Extra)
Elite
£ 1800+VAT
- Cyber Risk Profile
- Adversaries and Attack Methods Profile
- Email Security Check
- Website Security Check
- Website Vulnerability Scan
- Multi-Device Security Check (10 max)
- External Scan of 8 IP Addresses
- Internal Vulnerability Scan (256 IPs)
- Policy Review
- Cyber Essentials Gap Analysis
- Single Site Visit Included
Large or complex organisations
For organisations with multiple sites or greater than 250 staff, please contact us.
What's included?
The starting point for the Cyber Security Report Card is determining the risks to your organisation, your appetite or aversion to risk and your risk tolerance. We take into account the sensitivity of the data you hold, the potential impact of data or system unavailability, and to what extent incorrect or manipulated data could affect your operations. The profile considers both physical and information security as there are interactions between the two.
We use the Cyber Risk Profile as the basis for determining which categories of adversaries may target your organisation, then identify which attack methods they are likely to use. Characterising adversaries assists in prioritising a search for potential weaknesses in your systems or processes that could be exploited.
This checks whether your email servers are configured to send and receive emails in a secure manner. It also checks whether you have the appropriate countermeasures to stop cybercriminals sending emails purporting to come from your organisation.
We check your website is using the most recent standards to allow the public, your customers and other organisations to securely connect to you.
We'll undertake a scan of your website to identify misconfigurations, out of date software and common web application security risks.
This involves a check of selected devices to ensure:
- the Operating System is licenced, supported and appropriately updated;
- malware protection is installed, active and receiving updates;
- installed software is licenced, supported and appropriately updated;
- data is encrypted on the device, if possible;
- vulnerability patches have been applied where required; and
- administrative rights are not unnecessarily granted to normal users.
We can carry out these checks remotely with your assistance via video conferencing software.
IP address scans can reveal the services that have been made available to the public over the internet. Many of these services are innocuous and have been legitimately made public, but some services may have been inadvertently made accessible or made available in an insecure manner. The results will list all services publicly available so you can decide which of them ought to continue to be public and which need restricted access or updates.
The Internal Vulnerability Scan starts with an IP Address scan of your internal network, then takes this further by evaluating the software versions of services and identifying vulnerabilities including those exploitable by errors in configuration or where access is permitted using default credentials.
We review your policies, either the written copy or verbal confirmation of particular policies you have in place. This focusses on device management, information security, software updates, password policies, the induction process for new employees and deactivating accounts when someone leaves.
Many of our customers use the Security Report Card as a way to gain insight into how close they are to complying with Cyber Essentials requirements. The Elite package includes a full gap analysis highlighting where you may fall short of meeting this proscriptive standard. We will provide guidance on how to meet all five essential controls. Please note, the Gap Analysis cannot guarantee a pass of the Cyber Essentials assessment.
Have a look at a sample Cyber Security Report Card
See what changes we've recommended and get an idea of how we can help you.
Get started now
Essential
£350+VAT
Recommended for organisations with up to 10 people. Includes Cyber Risk Profile, Email and Website Security Checks, Device Security Check, IP Address Scan and Policy Review.
Enhanced
£750+VAT
For organisations with 10-50 staff. Includes everything in Essential increased to cover more devices and IP addresses, plus an Adversaries and Attack Methods Profile, and Website Vulnerability Scan.
Elite
£1800+VAT
For organisations with up to 250 employees. Includes everything in Enhanced scaled up accordingly, plus an Internal Network Vulnerability Scan and Cyber Essentials Gap Analysis.
Large or Complex
Contact us
For organisations with multiple sites, greater than 250 staff or complex networks and system architectures, please contact us.