One-off service

Baseline Cyber Review

A structured assessment of your current security position. Written for a business owner, not a security team. Delivered within 5–7 working days. No calls, no meetings.

Start Here

What it is

A clear picture of where you stand

The Baseline Cyber Review is a structured, one-off assessment of your business's current security position. We review your key practices, tools, and exposure areas, then produce a written report that tells you, in plain English, what's in good shape, what isn't, and what to do about it.

Not a penetration test. Not a compliance audit. No system access required. It is a structured conversation, conducted by email and a short intake form, turned into a practical written assessment.

Most small businesses have no clear baseline. They don't know what they have in place, what's missing, or how exposed they are. The Baseline Review answers those questions.

The result is a report you can act on immediately: a prioritised list of findings, explained clearly, with specific recommendations for each one. Not a list of industry frameworks. Not a compliance checklist. Practical guidance for your specific situation.

Who it's for

Small businesses without a dedicated security resource

The Baseline Review is designed for businesses that:

  • Have 1–30 staff
  • Do not have a dedicated IT security role or team
  • Want to understand their current position before doing anything else
  • Are not sure which security measures are actually necessary for a business their size
  • Have heard about a specific threat or incident and want to know if they're exposed
  • Are being asked about their security posture by a client, insurer, or partner

You do not need to be technical to use this service. The intake form asks about your practices and tools in plain language. If you're not sure of an answer, say so. That's useful information in itself.

Scope

What the review covers

The review covers the areas that matter most for a small business. Not every possible security topic, but the ones that represent the highest practical risk at your scale.

Access and accounts

How staff log in to systems and applications. Password practices. Use of multi-factor authentication. Admin account management.

Devices

Company and personal devices used for work. Software updates and patching. Endpoint protection. Mobile device usage.

Email and phishing

Email platform and configuration. Phishing awareness. Business email compromise exposure. Email filtering and controls.

Data and backups

Where data is stored and how. Backup practices and testing. Cloud storage configuration. Data classification (basic).

Third parties and suppliers

Key suppliers with access to your systems or data. Software subscriptions. Supply chain risk awareness.

Awareness and response

Staff security awareness. Incident response capability. Reporting culture. Basic response planning.

Deliverable

What you receive

  • Executive summary. A plain-English overview of your current position and the most important findings. Written for a business owner, not a technical audience.
  • Full findings. A structured review of each covered area: what was assessed, what was found, and why it matters.
  • Prioritised action plan. A numbered list of recommended actions, ordered by priority and practical impact. Each action includes a plain-English explanation of why it matters and an indication of effort required.
  • Follow-up included. A short written follow-up to answer any questions about the report, included as standard.

Delivered as a structured PDF

Your report is produced as a clearly formatted written document. It is designed to be readable by a business owner, shareable with a board or senior team, and actionable without needing further explanation.

No raw data dumps. No appendix of framework references. Just the information you need, in the order you need it.

Process

How it works

1

Submit the Start Here form

9 questions, about 2 minutes. Tells us who you are and what you're looking for. No payment required at this stage.

2

Receive your payment link

We email you a confirmation and a Stripe payment link within 5 minutes. Once payment is confirmed, you receive the onboarding intake form.

3

Complete the intake form

The intake form covers your tools, practices, and priorities. Takes about 15 minutes. No technical access required.

4

Receive your report

We deliver your written Baseline Review within 5–7 working days of receiving your completed intake form.

Fully async. The entire process is conducted by email and form. No calls or video meetings are required at any stage.

Pricing

One-off, fixed price

UK

£595 + VAT

  • Full written report
  • Executive summary
  • Prioritised action plan
  • Written follow-up included

US

$795 USD

  • Full written report
  • Executive summary
  • Prioritised action plan
  • Written follow-up included

UK prices are exclusive of VAT. VAT is charged at the standard rate to UK businesses. US pricing is inclusive of all charges.

What the Baseline Review does not include

To avoid any uncertainty, here is what is explicitly outside the scope of this service:

  • Penetration testing: active vulnerability scanning or exploitation is not part of the review
  • Compliance certification: not a Cyber Essentials, ISO 27001, or SOC 2 assessment
  • Incident response: if you have an active security incident, contact a specialist IR provider
  • Managed security services: this is a review, not ongoing monitoring or management
  • Legal or insurance advice: the report is a technical assessment, not legal counsel

Ready to get your Baseline Review?

Fill in the Start Here form. About 2 minutes, no commitment.

Start Here