Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
Cyber security is a pressing issue
It was a turbulent time for business across the globe in 2020 and, whilst the situation is improving in 2021, there are still obstacles to overcome. Not least of all is the ever-present issue of cyber security: an average of 57% of SMEs admit to a breach in 2020, and 86% of organisations expect attacks to increase going forward.
As business focus on recovering revenue streams and driving growth, investing in cyber security is often overlooked. But with the risk of cyber attacks, data breaches and fines all more acute than ever, covering the basics of cyber security is essential for SMEs in 2021.
In our role as a trusted advisor to SMEs and enterprises alike, Bulletproof has heard a wide range of objections and opinions on cyber security. To help SMEs understand why cyber security is essential in 2021, we’re presenting the most common real-world myths that our security consultants hear. Some of these might be on your mind too, so it’s important to realise the consequences of these attitudes, and ultimately show why SMEs should care about cyber security.
This is the biggest misconception there is in security right now. Many SMEs think that because of their small business size, or the sector they operate in, that they’re unlikely to be hacked. This is wrong on two counts.
Firstly, you don’t have to be a target to be hacked – you can just be collateral damage. Hackers regularly send out attacks en-masse and if you’ve not covered the basics, your business will get caught in the crossfire. This is exactly what happened to the NHS in 2017 when it was hit by the now-infamous WannaCry ransomware. The NHS wasn’t directly targeted, yet it still found itself crippled because of out-of-date IT security. That could very easily be your business.
Secondly, and perhaps surprisingly, your SME is actually a target too. Hackers are constantly scanning the internet for things to hack, and new systems put online are typically found within just 0.3 seconds. A hacker doesn’t pay attention to what kind of business you are – if a system is hackable, they’ll try to break into it. Even if there’s nothing of immediate value, your compromised system might be included in a hacker’s botnet.
This is sadly a very popular position, and one that is actively opening up businesses to an increased risk of cyber attacks. SMEs are still catching up with the landscape change to remote-first working practices, and until that process is complete, the fact is that remote workers can actually create more security risk to your business. This is because your staff are now operating outside the walls of whatever security investment you’ve previously made – and are doing so with reduced oversight. The scope of your security has gone from your office premises to every remote worker’s home and their Wi-Fi networks.
For example, remote staff are at increased risk of phishing attacks, and this type of attack jumped by 350% in 2020. And as we progress further into 2021, the Bulletproof Security Operations Centre is still defending our customers against continued high volumes of phishing attempts.
The cloud is often held as an example of why security doesn’t matter with a remote workforce, but worrying numbers of SMEs never bother to verify that their cloud services are securely configured, or ascertain who’s responsible for what. The grey areas caused by this so-called ‘shared responsibility model’ introduce the most dangerous security vulnerabilities – dangerous because they’re unknown, untested, and unmitigated.
Looking for help securing your remote workforce? This Bulletproof blog gives helpful best practice advice for SMEs, and includes an insightful webinar from our Co-founder!
This is an entirely understandable position, especially in 2021. However, the presumption that cyber security is disruptive just isn’t true. Undertaking basic cyber security measures can be done without any impact to a business’ day-to-day operations. Penetration testing and VA scans, both elementary cyber defences, are very low-touch and can be conducted by a trusted third party with zero impact to your business operations. Security training, another basic yet highly effective measure, might only take a few hours.
Contrary to the objection, doing something about your cyber security can actually help power growth, as it will build trust and credibility in your in your business. Meeting basic security standards will help you connect with a customer-base that, thanks to the GDPR and high-profile breaches, is increasingly aware of cyber security and data privacy. That alone is a powerful reason why SMES should care about cyber security.
Despite the well-publicised benefits associated with SME cyber security (not to mention the risks of ignoring it), our consultants report that impact to budget is often the number one concern for businesses in 2021. But basic cyber security services aren’t expensive, even for small start-ups.
Penetration tests and VA scans are cheap to procure, and can make a huge difference to your security posture. Meanwhile security training is quick, affordable and can be delivered in a way that harmonises with your business practices. Training is also a secret super weapon – the most basic training can turn your staff into a proactive line of cyber defence that can stop all opportunistic attacks. It might only take half a day to effectively train an SME’s entire workforce.
Cyber Essentials is a Government-backed security certification that covers fundamental security measures that apply to every business – from tiny start-ups to multinational enterprises. And when Bulletproof packages for Cyber Essentials packages start from only £295, the cost argument doesn’t stand up.
Every organisation can find budget for these simple steps – especially when they will literally save your business from ruin.
Insurance is not a magic safety blanket against cyber attack. It’s highly likely that insurance won’t cover the whole cost of recovering from a cyber incident, which reputable reports put at over £10 million. And that’s if they pay out at all – there are multiple cases of insurance companies not paying out for specific types of malware attack, and the NCSC’s own guidance states that it’s likely insurance companies won’t pay out for “monies lost through business email compromise fraud”. That also happens to be a description of the most common cyber attack – phishing.
In the case of a small attack and data breach, insurance might help save your business financially, but can you afford to spend the time and resources recovering, just to get back to where you were? Insurance also won’t help with the reputational damage – and 33% of companies admit to losing customers after a security breach (the real figure is likely to be much higher).
It may not seem like it for busy business owners or IT managers, but it’s actually easier for SMEs to do something about their cyber defences compared to larger organisations. SMEs have a more simple infrastructure, higher use of cloud services, no legacy systems, and smaller employee base. Contrast this to large enterprises, whose sprawling technical infrastructure is made complex through acquisitions, legacy systems, shadow IT and the sheer size of their operations.
For example, the British Airways and easyJet data breaches of 2020, which resulted in multi-million-pound fines, could both have been prevented via a simple penetration test. SMEs can procure and run penetration testing exercises quickly and cheaply, with practically zero impact on their day-to-day operations. Cyber security basics aren’t complicated – that’s why they’re called the basics.
Cyber security is a niche set of diverse abilities and there’s a well-publicised skills gap in the market, all of which make hiring in-house security personnel a difficult and expensive proposition for SMEs. The solution is to hire third-party specialists on a retainer or project basis. Find a cyber security partner with a good reputation, who demonstrates an awareness of SME challenges, and make the most of their experiences. Afterall, they’ve solved this problem before for other businesses like yours. This will deliver a high-quality service without the considerable expense of hiring in staff.
It’s becoming clear that what SMEs really need is to cover the basics. Even a very modest investment in your cyber defences, such as £60 per month, will stop the vast majority of opportunistic attacks. Here’s Bulletproof’s recommendations to give SMEs the best protection for the least financial impact:
Pen tests and VA scans are not difficult or time-intensive tasks, and they’re the best way to find your security flaws before a hacker exploits them. They’re also very affordable. As with all security scans, ensure you act on the results!
As mentioned above, basic security training is a cyber security super weapon. Training schemes can be procured cheaply and delivered quickly. There’s a variety of schemes out there to best fit your business model. If on-site training doesn’t suit you, what about self-led learning videos with interactive quizzes?
Gaining a reputable certification such as Cyber Essentials is a great way to build trust and credibility, and enable you to bid for UK Gov, NHS and MoD contracts. Cyber Essentials is backed by the UK Government and is specifically designed to be ‘first step’ certification. This means the measures it mandates are cheap and simple to enact for even the smallest SME.
With remote workers using either their own devices or hastily-acquired corporate devices, chances are that the device security isn’t up to standard. Having up-to-date endpoint protection is a basic component of cyber security and this simple step can protect against a wide variety of opportunistic cyber attacks, as well as play a part in preventing more sophisticated attacks
Getting the basic cyber controls embedded in your business also goes a long way to helping with GDPR compliance. Most businesses are aware that compliance with GDPR is not optional and still applies post-Brexit. If you’re an SME who doesn’t know where to start check out our infographics on ‘10 steps to achieving compliance’ and ‘How to maintain GDPR compliance’.
Put simply, if an SME isn’t doing the basics then it’s just a matter of time before you’re hacked and your data is breached. In fact, recent research by Vodafone says one million small businesses at risk of collapse due to cyber security threats.
Regulatory action is also an issue to bear in mind. The ICO regularly fine companies big and small for breaches where personal data is affected. Falling foul of GDPR or PECR regulations can have large financial repercussions. As mentioned above, BA and easyJet were both fined around £20 million for their breaches, which grabbed headlines around the world, but many smaller businesses are issued with significant monetary penalties every single month.
But there’s more for an SME to consider beyond fines, reputational damage and data breaches – cyber attacks can also slow down your app development or leak your killer first-to-market ideas. Don’t forget that sometimes hackers just want to cause damage. If you’re one of the 57% of UK organisations who are targeted by ransomware, and you’re not perfect with your backups, you’ll find that you no longer have a business left to salvage.
When it comes to cyber security, the risks are real, but so are the benefits. Getting the basics right is affordable for all sizes of SME and will go a long way to keeping your business stable and in a position to concentrate on growth. Plus there’s the added benefit of enhancing your reputation and building trust with a customer base that’s increasingly aware of security and privacy. This is why SMEs should care about cyber security.
Consultant-led cyber security assessment to assess your risks & boost business resilience. Find the next step in your strategy with this insightful review.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.