Virtual CISO · UK SMEs

Enterprise security.
SME budget.

ApplicU delivers board-ready cybersecurity leadership for UK professional services firms — combining technical expertise with legal and compliance fluency, at a fraction of the cost of a full-time hire.

Book a Free Call See Pricing
90
Day programme
90%+
Risk reduction target
£250k+
Full-time CISO cost replaced
ApplicU
Security Dashboard
90-Day Progress
Critical Risks0 remaining
MFA Adoption98%
Policy Suite7 / 7
Staff Training92%
CE+
Certified
GDPR
Compliant
0
Breaches
8.0
NPS Score
43%
of UK firms breached in the past year
£250k+
annual cost of a full-time CISO
72h
GDPR breach reporting window
17%
of SMEs hold cyber insurance

Your clients trust you with sensitive data. You need more than basic IT support.

Why ApplicU

Security expertise.
Business language.

We combine deep cybersecurity knowledge with legal and compliance fluency — built specifically for professional services firms.

Dual Expertise
Technical cyber security and legal/compliance in one team. Most vCISOs offer one or the other.
Fixed Pricing
No hourly billing, no scope creep surprises. You know exactly what you get and what it costs.
Founders Do the Work
No bait-and-switch to junior consultants. You work directly with the founders on every engagement.
SME-First Design
Pricing and deliverables built for 10–250 employee firms — not enterprise security scaled down.
Typical vCISO
ApplicU
Technical only
Technical + Legal/Compliance
Enterprise-focused
SME-first delivery
Opaque hourly billing
Fixed monthly retainers
Technical jargon
Board-ready language
Tool vendor incentives
Pure advisory, no conflicts
6–12 month timelines
90-day transformation
Junior consultants
Founders on every call
Ongoing vCISO Services

Your security leader.
On retainer.

Continuous oversight tailored to your firm’s size and risk profile. All tiers include founder-led delivery — no junior consultants.

Minimum
£500 – £1,500
per month
Essential security oversight for small firms establishing their compliance baseline.
  • Quarterly strategic review sessions
  • Basic annual risk assessment
  • Policy framework review
  • 4–8 advisory hours per month
  • Email support, same-day response
  • Quarterly board summary report
Get Started
Most Popular
Base
£1,500 – £3,000
per month
Full vCISO service for firms handling sensitive client data and needing ongoing compliance confidence.
  • Monthly strategic advisory sessions
  • Comprehensive annual risk assessment
  • Full security policy suite (created)
  • Incident response plan, created and maintained
  • 8–15 advisory hours per month
  • Monthly board-ready reports
  • GDPR compliance guidance and documentation
  • Staff security awareness support
Book a Discovery Call
Plus
£3,000 – £5,000
per month
Strategic partnership for firms with complex requirements, regulatory obligations, or rapid growth.
  • Bi-weekly strategic sessions
  • Incident response tabletop exercises
  • Full policy suite, created and updated
  • Board presentation and attendance support
  • 15–25 advisory hours per month
  • Priority incident response (same-day)
  • Vendor and supplier risk assessments
  • Regulatory liaison (SRA, FCA, CQC)
Get Started

All prices are starting points. Final pricing confirmed after a free discovery call, based on your firm’s size and requirements.

90-Day Transformation Project

From vulnerable
to protected.
In 90 days.

A fixed-scope, fixed-price project delivering a complete security transformation. No ongoing retainer required — though most clients continue after.

Month 1
Foundation
Discovery, risk register, 10 quick wins
Month 2
Framework
7 policies, CE certification, GDPR
Month 3
Maturity
Testing, playbook, board handoff
Complete 7-policy security suite, plain-English and customised
Risk register with treatment plans and scores
MFA deployed across your entire organisation
Staff security awareness training session
Incident response plan, written and tabletop tested
Full security operations playbook
Board-ready 90-day transformation report
Cyber Essentials certification (optional add-on)
Your time commitment
14–18 hours across 90 days — we handle the rest.
Price Estimator
Build Your 90-Day Quote
Select your firm profile for an instant estimate.
Cyber Essentials Certification
+£2,000–£3,000
Extra Staff Training Session
+£500
Additional Policy (beyond core 7)
+£500 each
Estimated Investment
£5,000
Based on a small firm (10–25 staff). Final price confirmed after your free discovery call.
At Start
£2,500
At Day 60
£2,500
First client discount: We offer 20% off for our first clients in each sector in exchange for a case study and testimonial.
Book Free Discovery Call

30 minutes · No obligation · Same-week availability

Our Process

The 90-Day Transformation

A structured programme that moves you from vulnerable to protected — with clear milestones, measurable outcomes, and fixed delivery.

1
Month 1
Foundation
Discovery, risk assessment, and 10 immediate quick wins. Target: 60–70% risk reduction in the first two weeks.
Risk RegisterMFA RolloutAccess Audit
2
Month 2
Framework
Complete 7-policy security suite, Cyber Essentials certification, staff training, and GDPR compliance documentation.
7 Core PoliciesCyber EssentialsGDPR
3
Month 3
Maturity
Incident response exercises, vendor risk assessments, a full security playbook, and board-ready handoff presentation.
IR TabletopPlaybookBoard Report
What You Get

Measurable results,
not just reports.

Every engagement ends with documented evidence of risk reduction — suitable for your board, your insurer, and your clients.

90%+ reduction in critical vulnerabilities
Cyber Essentials certification (where applicable)
MFA deployed across your entire organisation
Board-ready security reporting established
GDPR compliance documented and evidenced
Staff trained and security-aware
7 Core Policies
Plain-English, customised policy suite covering all critical areas
Risk Register
Living risk register with scores, treatment plans, and owners
Incident Response Plan
Tested IR plan with contacts, playbooks, and comms templates
Board Reports
Monthly executive dashboards that non-technical leaders understand
CE Certificate
Cyber Essentials certification to unlock government contracts
Security Playbook
Full operations manual for self-sufficient ongoing security
The Team

Founders. Not consultants.

Direct access to both founders on every engagement — no bait-and-switch, no hand-off to junior staff.

T
Technical Lead
Security & Architecture
MSc Cyber Security, King’s College London. Specialises in risk assessment, security architecture, vulnerability analysis, and incident response.
MSc KCLRisk AssessmentIncident Response
G
Governance Lead
Compliance & Strategy
Law, Accounting & Finance with Computing background. Specialises in GDPR, regulatory compliance, policy development, and board-level communication.
GDPRPolicyBoard Reporting
Get in Touch

Start your
transformation.

Book a free 30-minute discovery call or send us a message. We respond the same business day.

Email
[email protected]
Phone
+44 (0)20 XXXX XXXX
LinkedIn
linkedin.com/company/applicu
Book a Free Discovery Call
30 minutes · No commitment · We’ll do the listening.
Free 30-Minute Discovery Call

We’ll discuss your current security situation, answer your questions, and outline what a 90-day transformation looks like for your firm.

Schedule via Calendly

Opens in a new tab · Takes under a minute