We take solicitors, accountants, and healthcare practices from vulnerable to fully protected in 90 days. Fixed price. No jargon. Both founders on every engagement.
Professional services firms are disproportionately targeted because they hold high-value client data — legal files, financial records, patient information.
That’s before regulatory fines. DPP Law was fined £60,000 by the ICO after a ransomware attack — not for being attacked, but for failing to have adequate controls in place.
No incident response plan. No data handling procedures. No documented controls. If the ICO investigates, “we meant to get around to it” is not a defence.
A full-time CISO costs £250k+. Large consultancies charge £40–80k for 6–12 month engagements. Your IT support company doesn’t do governance. Until now, there was no middle ground.
Every deliverable is tangible, documented, and yours to keep. Your time investment across the entire programme is 13–18 hours — roughly one hour per week. We do the rest.
| Full-time CISO | ApplicU | Large Consultancy | IT Support Co. | |
|---|---|---|---|---|
| Annual cost | £250,000+ | £5,000–8,000 one-off | £40,000–80,000+ | £500–2,000/mo |
| Timeline | Ongoing hire | 90 days | 6–12 months | Reactive |
| Governance & compliance | Yes | Yes — legal & finance background | Variable | No |
| Technical delivery | Yes | Yes — MSc Cyber Security, NCSC centre | Yes | Basic |
| Board reporting | Yes | Monthly, metrics-driven | Sometimes | No |
| SME-appropriate | Over-resourced | Built for 10–50 staff firms | Enterprise scaled down | Under-qualified |
| Who you get | The hire | Both founders, every time | Junior consultants | Helpdesk |
You hold client-privileged information under SRA obligations. Friday Afternoon Fraud, conveyancing scams, and client file exposure are sector-specific threats your IT support company doesn’t understand.
SRA · ICO · GDPRPayroll data, HMRC submissions, client financial records. FCA-regulated firms face additional requirements. A single breach can trigger regulatory action and client loss simultaneously.
FCA · ICAEW · HMRCPatient records are among the most sensitive data categories under GDPR. CQC expects documented security measures. A breach doesn’t just cost money — it costs patient trust.
CQC · NHS DSPT · ICONo email required. No sales pitch. Genuinely useful guides you can implement yourself. If you want help going further, we’re here.
Ten practical fixes, no budget required. Each takes 10–30 minutes. Covers MFA, backups, admin access, email filtering, and more.
Download free25 plain-English questions across the five CE control areas. Instant score tells you exactly where you stand and what’s blocking certification.
Take the assessmentEnter your firm size and sector. See the estimated cost of a breach versus the cost of getting protected. Built for board conversations.
Calculate your riskMSc Cyber Security from King’s College London — an NCSC Academic Centre of Excellence. Hands-on vulnerability assessment, system configuration, and incident response.
Background in law, accounting, finance, and computing. We write your policies in plain English, prepare your board reports, and navigate your regulatory obligations.
You get both founders on every engagement. No bait-and-switch with junior consultants. The people who built the programme are the people who deliver it.
We’ll ask about your firm, your data, and your current security posture. If we can help, we’ll tell you how. If we can’t, we’ll point you to someone who can.
Book Your Free Discovery CallUsually available within 48 hours · Video call · No preparation needed