Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
How-to guides, top tips and other handy resources for getting the most out of your security & compliance
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
Cyber security may be about to become more than AOB for organisational boards across the country. British Airways has been struck with a record-breaking £183-million fine as a result of its data breach last year in which around 500,000 customers had their data stolen, including credit card and CVV numbers. This is perhaps the first example of the ICO really flexing their fining muscles post-GDPR, which allows for a maximum fine of up to €20-million or 4% of annual turnover (whichever is greater) for non-compliance.
We spoke briefly about BA’s data breach when it happened. The crux of our article was that compliance does not equate to security and our stance has not changed. Whether it’s PCI DSS, ISO 27001 or Cyber Essentials, compliance isn’t a magic shield that wards off hackers. Of course, they help, but businesses need to be continually reviewing and testing their security strategy throughout the year regardless. If they don’t, they’ll get breached no matter how many signed certificates they have.
Contrary to what you might think, regulatory bodies don’t tend to go for the scarily large numbers just because they can. BA’s £183 million might seem a touch steep if you compare it to Facebook’s relatively paltry fine of £500,000 for its role in the Cambridge Analytica scandal. Considering the social media giant racked up $40 billion in revenue in 2017, they probably didn’t notice a casual half a million slip away to the ICO. However, it’s worth noting that this case had to be reviewed under the Data Protection Act, not GDPR. £500,000 was the maximum fine back then in the careless heyday of a pre-GDPR world. Had the whole thing occurred just a short while later, things could have been a lot worse for Zuckerberg and crew.
The BA data breach occurred after that fateful day of May 25th 2018 and, therefore, was subject to the full wrath the legislation allowed. It should be noted that the airline plans to dispute the decision, which is legal speak for spluttering “how much?” However, the ICO have been quoted as saying British Airways had “poor security arrangements” where customer information was concerned. Seeing as customers were unwittingly being diverted to a fraudulent website, it seems hard to argue with this statement. Best practices were probably not being followed.
Whilst BA has cooperated fully with the ICO, they were still responsible for the protection of their customers’ personal data. If there were indeed “poor security arrangements” in place, then they did not take this responsibility seriously enough. Article 32 of GDPR stipulates that the “appropriate technical and organisational measures” should be in place to ensure the security of personal data. At this point in time, it doesn’t seem like this was the case for BA. That is one possible reason for the large fine.
Whilst it may be difficult for BA to see the positives in this, there are some to be seen from a cyber security perspective. If there’s one thing the higher-ups at companies hate, it’s losing money. The more zeroes on a loss, the more they hate it. It could well be that the ICO has implemented such a large fine to wake businesses up to the severity of the situation. They have a duty to protect their customers’ data and, if they fail in this duty, there’ll be more than just reputational damages to consider.
I can see various suited board members across the country – perhaps even the world – leaning forward and taking note. This note will be ‘get better at cyber security’. It will be in capital letters and underlined twice.
An example has been made and if companies don’t react, they’ll suffer a similar fate. Ripples may already be in motion. Cyber security will rapidly move up the agenda for all businesses, regardless of the size, and customers will benefit from knowing their data is in safe hands.
As Bulletproof co-founder, Oliver-Pinson Roxburgh states “businesses need to get cyber security right, and it’s not necessarily that costly a process, especially when you consider the potential cost of a breach. Regulatory fines are just one aspect, there’s the cost of mitigation, the potential loss of customers and reputational damages to consider.”
GDPR is with us to stay and organisations will have to take their responsibility over customer data seriously. This means having the right tech and management processes in place to ensure security is as tight as it can be. This fine levied at British Airways may well encourage others to get it right before it’s too late. Penetration tests, effective log monitoring, active threat hunting with managed SIEM and proper training are all integral to a strong security strategy and will help your organisation avoid these hefty fines.
Joseph is a Communications Executive and Security Blogger who has contributed articles covering a range of topics including staying ahead of cyber threats.
Find out how to secure your business in 10 steps with our free best practice infographic.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.