Security that doesn't get in the way.
Layered security that your insurer - and your staff - will put up with.
Most breaches aren't cinematic. They're a tired member of staff clicking one link on a Wednesday afternoon, or a finance director paying an invoice that looks exactly like the supplier's. Your insurer knows this; that's why they now quietly insist on Cyber Essentials, MFA everywhere and a written incident plan before they'll renew.
How we do it.
We build for the way breaches actually happen - layered, sensible defaults that protect the business without making staff roll their eyes or file helpdesk tickets to get their work done.
MFA everywhere, conditional-access policies, managed endpoint protection, email and DNS filtering, and a quarterly vulnerability scan with a written remediation plan. Audited against a short, human checklist - not a 200-page compliance document nobody reads.
When something does slip through, you get an incident response playbook written for your business, with phone numbers of who does what. We'll run the response. You'll get a plain-English after-action within 48 hours.
If you're targeting Cyber Essentials or Cyber Essentials Plus certification specifically, that runs as a separate fixed-price project - see the Cyber Essentials service page.
What's included.
- Managed endpoint protection on every device · Windows, macOS, mobile
- Email security and anti-phishing · impersonation + DMARC
- DNS filtering on-network and off-network
- MFA rollout + conditional access policies across M365 / Entra ID
- Quarterly external vulnerability scan with remediation plan
- Staff phishing simulation + short, un-corporate training videos
- Incident response playbook, written for your business
- Annual tabletop exercise for the senior team
What you get out of it.
- Insurer-ready: passes the security questionnaire insurers now routinely send at renewal
- Staff actually use the controls rather than routing round them
- Fewer phishing click-throughs after training - measurable, not anecdotal
- Written after-action when something does get through - no finger-pointing, no mystery
Who it's for.
Any business with more than a handful of staff, customer data, or a cyber-liability policy to keep in force. Particularly relevant for professional-services clients whose own customers now ask for evidence of controls in tender responses.
How it's priced.
Tiered per user - a standard tier for most SMEs, a hardened tier for regulated or higher-risk clients. Included by default on managed-IT contracts above a certain size.
Things people ask.
01 Do we need Cyber Essentials as well?
Most clients benefit from it - many insurers and public-sector tenders require it. The cybersecurity service covers the day-to-day controls; Cyber Essentials is a separate certification project that formalises them.
02 Will MFA and conditional access annoy my staff?
Not if they're rolled out properly. We use trusted-device policies so day-to-day logins don't re-prompt every time; MFA only triggers on new devices, risky sign-ins or privileged actions. Staff notice on day one, then forget about it.
03 What happens if we do get hit?
Ring the main number, not email. We isolate, contain, investigate, and run recovery from backups. You get a written after-action within 48 hours and an action-plan for the gaps that let it through. Your insurer will want both.
04 Can you support us if we're in a regulated sector?
We look after clients in finance, aviation, manufacturing and healthcare-adjacent work. We can run security in alignment with Cyber Essentials Plus, IASME Gold, or map controls to a client-specific framework - within honest scope.
While you're here.
Call us. We'll answer.
Fifteen minutes on the phone, or a free on-site consultancy visit - no obligation. We'll tell you plainly whether we're a fit, either way.