by Nick Moss

Services Director

Connect with Nick Moss on Linkedin Connect with Nick Moss on Linkedin

Benchmarking Your Cybersecurity Position and Planning Your Destination

If you were lost in a forest, a map would be a useful thing to have. But without knowing where you are on that map, you’re still lost. Even if you had a map, and knew where you were, an experienced local guide would definitely help get you to the right destination sooner.

The same is true of Cyber Security, it’s a jungle out there, risk is everywhere, and it’s hard to know what to do, and in what order, to get where you want to be. You could consider a framework like ISO27001 or NIST as the map, or certainly the directions, of what you need to do to make yourselves safer. But if you don’t know where you are as stands, even the best framework is going to be difficult to adhere to, and even if you do know, that guide or expert is still going to come in handy.

Pinpointing, or benchmarking your position, relative to the risk you face as a business, and then plotting a course to the right size security destination, isn’t easy, or at least it hasn’t been until now.

  • Saepio have worked with UK firms since 2016 to help them to mature their Cyber Security posture through the right mix of Policies, Products, & People
  • In 2021 we launched a Virtual CISO team to accelerate this process 
  • Our vCISO use the NCSC Cyber Assessment Framework (CAF) as the gold standard 
  • Focused on risk, response, & recovery, it’s remit is to make UK organisations more resilient

As the CAF is not a pass/fail standard, it avoids the trap of people limiting scope in order to get a badge. If you want to improve security for the right reasons, to reduce risk, and to make yourselves more resilient, it’s the ideal framework to use.

The first thing we do with customers who want to go on a security maturity journey in-line with the CAF is conduct a Cyber Resilience Assessment (CRA) to set the benchmark. This process is conducted via our Saepio Hub, a custom-built portal for the Saepio vCISO team and our customers to interact and safely share data.

As the assessment is undertaken by an industry expert with at least 15 years of experience they can interpret the findings and start adding value immediately.



  • Executive Report
  • Recommendations/high level roadmap

So if you are lost, and you don’t know which way to go to make things better?

  • Use a CRA to find out where you are
  • The CAF as the map for where you want to get to
  • The vCISO as the expert guide to help you get there quicker

Want to know more…

Contact Us

Don’t hesitate to reach out to our solutions team. Simply call us on +44 (0) 1494 216 061 or drop us an email on alternatively, you can submit a form on our contact page.