What is the risk?

SMEs were experienced a data breach in 2020

SMEs had phishing attacks in 2020

SMEs will close within six months of a cyber attack

Why do you need a cyber maturity assessment?

It may be that your organisation is increasing its focus on cyber security, or you would like to understand how well your existing security programme is performing. You might be seeking some structured guidance on where your next security priority is. There are many reasons why would want to undertake maturity assessments regardless of the current maturity of your organisation.

The threat landscape has continues to see a significant increase in attacks against Small and Medium businesses (SMEs). Now, more than ever, cyber and information security has become a top priority for businesses. Businesses are less likely to transact with suppliers who cannot demonstrate good security practices.

What are the benefits of having a cyber maturity assessment?

A maturity assessment can give you key insights about your organisation’s current cyber and information security posture. It can help you understand your organisations current maturity level and ability to respond to cyber incidents and breaches.

The assessment will help your organisation identify a target level of maturity that is consistent with your business objectives and risk appetite. An outcome of the assessment will be to provide actionable recommendations that can improve your security posture and help make your organisation more secure.

  • You’ll gain important insights into the company’s cybersecurity practices and how effective it is at preventing breaches.
  • The information learned can be used to improve current cybersecurity measures or guide you where new ones need to be added.
  • The assessment results can be compared with similar organizations to help identify security trends.
  • It will prevent organizations from relying too heavily on some security controls and ignoring others.
  • Improve communication between employees, IT personnel, and upper-level management by supplying documentation.

How we approach Cyber Maturity Assessments

There are a number of controls frameworks in place that are better suited for organisations of different profiles. We tailor the maturity assessment to align to the organisational controls framework in place. This could be NIST 800-771, COBIT 5, ISO 27001, CMMC or any other.

NIST Cybersecurity Framework (CSF) gives a clear indication on the priority an organisation gives to different areas of cyber security. This is generally assessed across the following high-level categories.

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

The CSF gives a good basis to assess of an organisation’s maturity against the control priorities. Models such as Capability Maturity Model Integration (CMMI) enable us to have a clear view of where an organisation at the point in time the assessment is carried out.

We additionally consider other aspects that overlay the NIST CSF and look at organisational practices, values, and beliefs that help enable a cyber secure culture. This helps organisations understand if their security programme will have successful adoption in the long term.