Monday, October 31, 2016

The Free Cyber Security Benchmark, increasing awareness of vulnerability for UK organisations

UK Government has been working to increase awareness of Cyber Security threats to organisations for years. It should be obvious why, almost 80% of UK GDP is services, and a significant portion of the non-services-based economy is just as dependant on intellectual property. While physical property, plant and equipment is difficult to steal or damage, most intellectual property is stored on computers and can be corrupted or stolen silently in a instant.

Back in 2013 the government announced a free cyber governance health check for the UK’s largest (FTSE350) firms. Large firms are important, but SMEs make up 50% of the economy by turnover and are among the most vulnerable to cyber attack, generally lacking dedicated teams of Information Security analysts or the apparatus to detect, repel, or analyse attacks.

To help these smaller organisations, and in concert with the UK Government Cyber Essentials scheme, 360is are announcing a Cyber Security Benchmark (CSB). Like the Government FTSE350 health check, the CSB is free of charge to qualifying organisations. It is designed to help medium sized companies. At the moment 360is is the only company providing this service.

The CSB will make you aware of the prevalence and seriousness of vulnerabilities in your Internet-facing infrastructure by providing you with a straightforward 1-page report all about you and your IT. You can then use that report to improve your cyber security posture and reduce the chances of you becoming one of the  organisations suffering from a breach this year. 

How To Obtain Your Free Cyber Security Benchmark
  • Take a look at the sample report for a fictional company and decide if it would be of use to you.
  • Complete the questionnaire and submit it to, a scan or picture of the completed form will do, don't forget to sign it.
  • We will verify that you are authorised to permit the assessment and that your organisation qualifies for the scheme.
  • Agree to the legal terms and conditions and await your results, they won’t take long.

The active phase of the exercise is non-disruptive and will not impact your IT operations.


The CSB is not a full penetration test or vulnerability assessment and it is not a substitute for one. While accurate and evidence-based, the report is only a brief summary. The focus is on awareness, rather than the range of remediation activities. Once you are aware of the size and scale of your organisations vulnerability, you can take the next step in investigating, assessing, mitigating, and managing it. If you already know you need assistance with cyber security then get in touch