Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
We asked a Bulletproof expert ‘Can you cheat Cyber Essentials?’ along with other hotly debated compliance questions, to see what he really thinks. Read what he has to say or watch the video. This is part of our Candid Chats series, where we ask the awkward questions. For more videos like this, check out Bulletproof’s YouTube channel.
“Technically there is a pass/fail threshold, so to achieve a pass mark you are allowed a certain amount of major non-compliances. However, you should be aiming to get as much as you can out of the certificate, achieving as close to 100% as possible. If you're only ever aiming for the bare minimum or treating Cyber Essentials as a 'tick box exercise' then inevitably there are going to be some security holes that you may regret later down the line as you grow as a business.”
“People working in IT tend to be more used to doing Cyber Essentials as an annual compliance objective that they are confident they can achieve. It is usually people who don’t regularly work in IT or compliance, and who have been given the task of helping the company achieve CE who are over the moon when they get the certificate! It is rewarding for us as auditors to see that that Cyber Essentials not only helps the company become more secure, but it also helps the people involved in the process to be more cyber aware as well.”
“People working in IT tend to be more used to doing Cyber Essentials as an annual compliance objective that they are confident they can achieve. It is usually people who don’t regularly work in IT or compliance, and who have been given the task of helping the company achieve CE who are over the moon when they get the certificate!
It is rewarding for us as auditors to see that that Cyber Essentials not only helps the company become more secure, but it also helps the people involved in the process to be more cyber aware as well.”
“Our assessors are trained to notice discrepancies in the answers, and some questions are designed with this in mind. One question might be ‘How many remote workers do you have?’ And if you say you have two, but later claim in your scope that you have offices based in Europe, then you’re likely to have more than two employees working remotely and we would need to double check that. Because you get cyber insurance for certifying a whole organisation against Cyber Essentials, cheating on CE could put your insurance at risk. If a data breach occurs and your insurance paperwork reveals a discrepancy on your certificate, this will invalidate your insurance. Many organisations also get Cyber Essentials because they want to apply for contracts with other providers, who ‘spot check’ companies they work with through random auditing. If they find a discrepancy on your Cyber Essentials certificate, then this could break down the relationship.”
“Our assessors are trained to notice discrepancies in the answers, and some questions are designed with this in mind. One question might be ‘How many remote workers do you have?’ And if you say you have two, but later claim in your scope that you have offices based in Europe, then you’re likely to have more than two employees working remotely and we would need to double check that.
Because you get cyber insurance for certifying a whole organisation against Cyber Essentials, cheating on CE could put your insurance at risk. If a data breach occurs and your insurance paperwork reveals a discrepancy on your certificate, this will invalidate your insurance.
Many organisations also get Cyber Essentials because they want to apply for contracts with other providers, who ‘spot check’ companies they work with through random auditing. If they find a discrepancy on your Cyber Essentials certificate, then this could break down the relationship.”
“The number one reason for failing is not answering a question properly because of not fully reading and understanding what is being asked. For example, if one of the questions asks you to confirm the operating system of all your devices, then you must include BYOD devices such as mobile phones and tablets to fully answer the question. “
Bulletproof’s seasoned Cyber Essentials consultants are experienced in helping companies achieve certification with minimal disruption to your day-to-day business.
“The good news is Yes! You can download the Cyber Essentials questionnaire as far in advance as you like, giving you plenty of time to prepare. You can also get in touch with an organisation that offers Cyber Essentials, for advice and guidance, so that you’re ready when the actual assessment comes along. There's also no rule that says you can't do Cyber Essentials multiple times in a year. It is relatively affordable for companies to do, so if you want to make sure you're on track or want to keep on pushing back your renewal date, do it every six months or even every quarter. It’s also worth noting that if you do upgrade it to Cyber Essentials Plus, you will see more security benefits than just doing the basic CE assessment.”
“The good news is Yes! You can download the Cyber Essentials questionnaire as far in advance as you like, giving you plenty of time to prepare. You can also get in touch with an organisation that offers Cyber Essentials, for advice and guidance, so that you’re ready when the actual assessment comes along.
There's also no rule that says you can't do Cyber Essentials multiple times in a year. It is relatively affordable for companies to do, so if you want to make sure you're on track or want to keep on pushing back your renewal date, do it every six months or even every quarter. It’s also worth noting that if you do upgrade it to Cyber Essentials Plus, you will see more security benefits than just doing the basic CE assessment.”
How does Cyber Essentials deal with remote workers? What we tend to do is focus on the device itself. So, we look at the device’s security that's on the home network making sure that firewalls are enabled and that they react properly to viruses that are being downloaded etc. We also encourage mobile device management and VPNs because if you have those then you can benefit from your company security rather than relying on your home network.”
How does Cyber Essentials deal with remote workers?
What we tend to do is focus on the device itself. So, we look at the device’s security that's on the home network making sure that firewalls are enabled and that they react properly to viruses that are being downloaded etc. We also encourage mobile device management and VPNs because if you have those then you can benefit from your company security rather than relying on your home network.”
“If you want cyber insurance, you must certify your whole organisation against Cyber Essentials so every department within your business needs to be included to qualify for the insurance. You can ‘out of scope’ a certain department or office, however you would need to make sure those areas of your organisation are completely segregated from the main network that's in scope. As this is impractical for most companies its best to your whole organisation within the scope unless you have a unique circumstance or a specific reason for not doing so. “
Luke is Bulletproof’s Head of Compliance, and can often be found coming up with new, innovative, and entertaining ways to evolve our compliance services portfolio. His passion for compliance and business insights always comes through in his articles.
Win new business and improve your cyber security with Cyber Essentials or Cyber Essentials Plus certification. Friendly consultants and a range of packages available.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.