Three services.
One clear journey.
Start with a Healthcheck to know where you stand. Move to Risk Improvement to put findings into practice. Add an Awareness Workshop to bring your team along too.
Cyber Security
Healthcheck.
A guided 30-question assessment across six core security domains. Designed for UK SMEs that want to understand their cyber risk — clearly, confidentially, and without the consultancy theatre.
You complete it online in around 30 minutes. We send you a detailed report and a complimentary hour with your consultant to talk it through. No commitment beyond that.
The six domains we assess
User & Access Controls
Individual accounts, MFA, admin privileges, leaver processes, password policy.
Endpoint Security
Device encryption, antivirus, patching, supported OS versions, auto-lock.
Network & Cloud Security
Firewalls, Wi-Fi encryption, secure remote access, cloud permissions, exposed management interfaces.
Email & Communication Security
Spam filtering, phishing resilience, SPF/DKIM/DMARC, secure file sharing, reporting routes.
Backup & Recovery
Backup coverage, off-site copies, restore testing, ransomware protection, access control.
Policies & Awareness
Written policies, staff training, incident response, reporting culture.
How it works
Request access
Get in touch and we'll issue a secure access link tailored to your business.
Complete the assessment
30 plain-English questions across six security domains, with confidence ratings before and after.
Receive your report
A detailed Word document with your overall score, domain breakdown, RAG-rated findings, and prioritised recommendations.
Free consultation
A complimentary hour with your consultant to talk you through the findings and answer questions.
Healthcheck pricing
Up to 5 staff
£299
6–20 staff
£499
20+ staff
POA
All prices exclude VAT. Includes the assessment, the detailed report, and a complimentary one-hour consultation.
Cyber Risk
Improvement.
Cyber Risk Improvement is where the Healthcheck findings become action. It answers the question every SME asks after seeing their report:
"Now that we know where the risks are — what do we actually do about them?"
We turn findings into a calm, prioritised, business-appropriate programme of work. No fear-based consulting. No vendor pressure. Just practical progress.
This is for organisations that…
- Know there are cyber security gaps but not where to start
- Want help deciding what to fix first
- Don't want enterprise tools or fear-based consulting
- Need practical support, not just another report
The six-step process
Phased, measured, and tailored to your business reality.
Review & Prioritisation
Purpose
Translate assessment findings into a clear, achievable improvement plan.
You receive
Prioritised Cyber Improvement Plan — plain English, business-impact focused, no vendor pressure.
Improvement Roadmap
Purpose
Create a structured, phased approach to risk reduction.
You receive
Cyber Risk Improvement Roadmap — clearly phased, time-based, colour-coded by priority.
Control Design & Guidance
Purpose
Define what good looks like without overwhelming you.
You receive
Implementation Guidance Pack — step-by-step explanations, decision points highlighted, options presented (not mandates).
Implementation Support
Purpose
Help changes actually happen — hands-on, or in liaison with your existing IT provider.
You receive
Implementation Oversight — progress tracking, risk-based sign-off, adjustments where business reality changes.
Validation & Risk Re-Assessment
Purpose
Confirm that improvements have actually reduced risk.
You receive
Updated Risk Status Summary — before vs after comparison, colour-coded improvements, residual risk clearly explained.
Handover & Next-Step Guidance
Purpose
Ensure the business is confident going forward.
You receive
Cyber Improvement Summary — agreed view of what is good enough, what can wait, and what needs ongoing attention.
Improvement pricing
Every business is different. Pricing is scoped against your specific Healthcheck findings — phased, proportionate, and aligned with your budget and timeline. No commitment to the full programme; pick the phases that matter to you.
Cyber Awareness
Workshop.
A half-day workshop delivered in person at your office. Built for SMEs, told through real stories from real breach response — not generic e-learning slides.
Six focused modules, around two and a half hours including the wrap-up quiz. Practical, conversational, and aimed at the people who actually need it: every member of your team.
What makes it different
Real breach stories
Drawn from a decade of cyber consulting to global insurers, energy companies, and civil engineering groups. Not abstract scenarios — things that actually happened.
Plain English, no jargon
The people in the room need to act on what they hear. We talk like humans, not analysts.
Built around your reality
The same six modules, but the examples and emphasis are tuned to the size, sector, and concerns of your business.
a day.
Deliberately scoped around running a business. A full day means shutting up shop. A half day means your team is back at their desks by lunch — and your business doesn't stop.
We've found half a day is the sweet spot: long enough to do real learning, short enough that nobody resents being there. The six modules below are timed and paced so people leave engaged, not exhausted.
The six modules
Practical, conversational, and built around real-world UK SME experience.
The Cyber Threat Landscape
Real-world UK SME case studies, top 5 attack types, what attackers want and how they operate. Backed by current UK breach data.
Phishing & Social Engineering
Spotting suspicious emails, Business Email Compromise examples, safe verification steps, and a live phishing email breakdown. Includes a "Phish or Legit?" quiz.
Passwords, MFA & Access Control
Why password reuse kills security. Password managers (1Password, Bitwarden, Keeper). MFA — how and why. Principle of least privilege.
Safe Internet, Devices & Remote Working
Secure Wi-Fi vs public hotspots, VPN explained, USB risks, mobile security, remote work hygiene — screen locks, encryption, secure file sharing.
Data Protection, GDPR & Compliance
UK GDPR principles, ICO breach reporting, real-world fines, customer data as a liability and an asset.
Incident Response & Security Culture
What to do if you suspect a breach. Encouraging reporting, the no-blame culture, who to contact, what evidence to collect.
Workshop logistics
- FormatHalf-day, in person at your office
- Group sizeUp to 15 staff per session
- DurationAround 2.5 hours including the wrap-up
- CoverageSouth East UK base; happy to travel further
Not sure where
to begin?
Send us a note. We'll come back to you within one business day with a clear next step — whether that's a Healthcheck, a quick call, or simply some honest advice.