Security that holds up under audit, insurance renewal, and the day someone clicks the link.

Security Solutions is the practice that builds the controls that audits, insurance renewals, and client due-diligence packs ask about, in the order that matches the threats SMEs actually face. The cyber-insurance questionnaire used to be a formality; it isn't any more, and the next round of changes is already visible. The same goes for Cyber Essentials Plus assessments and the due-diligence packs your clients are starting to send through.

We do identity-first protection because identity is where most SME breaches start, layered EDR because endpoints are where most ransomware lands, and physical security where the office and the IT estate intersect.

What's included

How we work

1. Baseline (week 1). Where is the estate against Cyber Essentials Plus, against your insurer's questionnaire, against a basic NCSC SME checklist? We produce a written gap report.
2. Prioritise (week 1–2). Highest-impact gaps first. We rank by risk reduction per pound spent, not by what the supplier wants to sell you.
3. Remediate (weeks 2–8). We close the gaps in order, with clear evidence of what was done and when, so the audit trail is ready when the questionnaire arrives.
4. Maintain (ongoing). Patching, monitoring, identity reviews, EDR triage and quarterly audit refresh.

Who it's for

• SMEs preparing for a Cyber Essentials Plus assessment for the first time or recertifying
• Businesses whose cyber-insurance questionnaire just arrived and looks longer than last year's
• Clients of professional service firms (legal, financial, healthcare) whose due-diligence pack now includes 28 questions about security posture
• Offices that need physical and digital security to work as one system rather than two contracts

Outcomes

• A defensible posture against Cyber Essentials Plus and the common insurance questionnaires
• Evidence ready when the audit, renewal or client due-diligence arrives
• Identity and endpoint controls that are actually configured, not just licensed
• A physical security estate that's documented and tied into the IT systems

Common questions

Do we need Cyber Essentials Plus?

If you handle client data, sell into the public sector, hold sensitive records, or carry cyber-insurance, then increasingly yes. We can tell you quickly whether it's needed or whether basic Cyber Essentials covers your position.

Our insurer just sent a 28-question form. Can you help with that?

Yes. This is one of the things we do most often. We map each question to the underlying control, evidence what's already in place, and close any gaps before the renewal date.

Do you install CCTV?

Yes. We specify, install and maintain CCTV and access control systems, and we tie them into the IT estate so video review, alerts and incident correlation actually work. Physical security as part of the same practice because the office and the data are the same estate.

How is this different from any other MSP's security add-on?

The work is led by an experienced information security consultant, not delegated to a generalist engineer. The controls are sequenced by risk reduction per pound, not by what's easiest to bolt on.

Does EDR replace antivirus?

For most SMEs, yes. We'd recommend it, and the licensing is usually similar or lower. The behaviour is different and the threat coverage is materially better.

More questions? See the full FAQ.

---

Related field notes

• Cyber-insurance underwriting in 2026: what changed and what's coming next
• Cyber Essentials Plus renewal: the prep-window calendar
• Email security in 2026: the four layers and where SMEs trip
• XDR rollout for a 50-seat SME: what changed and what didn't
• The cyber-insurance questionnaire that caught everyone by surprise