Cyber Risk Assessment

Always on, reducing your cyber risk

Cyber Risk Assessment consultants

Secon’s Cyber Risk Assessment (CRA) helps organisations build a secure ecosystem that enables trust and resilience. Using our Security Advisors’ expertise and experience, we help our clients:

  • Uncover the flow of critical data that supports their business outcomes
  • Identify the critical data that currently lacks visibility and control
  • Determine their detection and response capabilities when handling sophisticated cyber attacks

Our approach

Our approach is aligned to NCSC Cyber Risk Assessment Framework (CAF) version 3.0, the NCSC’s 10 steps to cyber security, and Cyber Essentials.

These combined frameworks and guidelines are used to measure the overall cyber security posture of an organisation to prevent and manage advanced cyber attacks.

How we do it

We first engage with your business leaders to identify what exactly you need to achieve your business outcomes. Once we establish all business-critical elements, we align our questions to support your desired outcomes.

Secon’s team then engages with IT security personnel to measure exactly how much visibility and control you have to protect, detect, and recover from a cyber attack. We ask the right questions that get to the heart of how well you’re currently protecting your data.

  • Protect – How well protected is your data and operations against cyber criminals?
  • Detect – Cyber criminals are known to circumvent protection. How well equipped are you to spot a cyber criminal that has found a way into your environment?
  • Recover – How easily could your organisation recover from a cyber attack or related system failure?

Using the data gathered during the exercise, we build our Cyber Risk Assessment report.

What’s covered

Secon’s Security Advisors engage with IT security personnel to thoroughly check the security tools, human resources, processes, and technology deployed under 12 risk areas:

  • Endpoint
  • Servers
  • Virtual Workloads
  • Web
  • Email
  • Cloud (IaaS/PaaS)
  • Cloud Apps
  • Network
  • Mobile (Phone/Tablet)
  • Mobile (Laptop)
  • Brand
  • Identity and Access Management

Why Secon?

Benefits of working with us

cyber risk assessment consultants

Unique recommendations

Our Security Advisors have extensive experience supporting clients on their cyber security journeys. By working with us, you’ll receive a unique Cyber Risk Assessment report that contains a set of recommendations aligned to your business-critical processes and assets. These clear, prioritised, realistic recommendations give you the full picture of what it takes to achieve cyber security maturity.

Visibility and control

We provide you with complete visibility and control over the customer data currently being handled by your third-party service providers during the Cyber Risk Assessment.

Industry standard guidelines

We help align your security controls and processes to both the UK’s NCSC guidelines and IT security vendors’ best practices.

Clear and straightforward

Our high-level Cyber Risk Assessment report is for C-level consumption, helping management to make sound decisions and maximise your current cyber security and IT investments.

Frequently Asked Questions

How much of my team’s time will be needed to complete a Cyber Risk Assessment?

Engagement with your team may require up to 14 hours to cover all risk areas and business-critical elements across your organisation. The Cyber Risk Assessment report will be presented and delivered within three weeks once all required information from your security administrators and contributors are gathered.

Will my organisation’s critical information be kept confidential?

Yes, all communications and gathered data from your organisation will be kept confidential and secure.

Can you map Cyber Essentials’ (CE) principles to your Cyber Risk Assessment findings for us to use in our CE certification preparation?

Yes, we can. If you’re interested how else Secon can support you on your journey to achieving CE certification or another security compliance standard, click here to learn more about our Security Compliance Reporting.

Will Secon need to be onsite to run the Cyber Risk Assessment?

No, all engagement and data gathering for Secon’s Cyber Risk Assessment will be conducted over a remote session using a Q&A format.

Do you assess the security awareness training of my staff during the Cyber Risk Assessment?

Yes, and this includes both security and non-security personnel.