Evidence-based, data-driven cyber security assessment and assurance

Good security – driven by evidence and data, instead of hyperbole and fear – is a business enabler. It makes your organisation more agile, protects brand value, and reduces your risk in a digital world.

Talk to us



Benchmarking your security posture against applicable industry and regulatory standards, as well as relevant best practice guidance, is a vital first step that our assessors will complete.

They will also assess your risk profile and threat environment, making proportionate recommendations that are sympathetic to your wider business needs.



Once recommendations have been made, our consultants partner with your team to design, build, and implement evidence-based security controls that meet the threat profile of your organisation.

These controls vary across organisations, but usually range from ‘just enough’ to ‘cyber excellence.’ The controls will be fit-for-purpose, and maintainable by your team.



After the security programme has reached a state of maturity, our assessors will provide a repeatable assessment framework to allow your organisation to measure improvement over time.

Progress can be tracked using both on-site and remote ‘checks and balances’ activities, backed by clear KPIs: great for the board and your security team.

Data Security People is trusted by:

Passionate work from passionate people

Our work and expertise

We provide assessment and assurance services that help to benchmark, improve and maintain a robust security posture. We take great pride in creating fit-for-purpose and defensible security programmes that meet the individual needs of our clients’ businesses.

Alongside our delivery work, we frequently publish security articles, white papers, and case studies, as well as evidence for research and government.

Crucially, we believe that rationalised information assurance policies – driven by evidence and data, rather than hyperbole and fear – are the best way to improve our clients’ security capabilities.

Read more about our work

In a short period of time the DSP consultant established both his credibility and capability enabling him to build trust and confidence with the senior leaders with whom he engaged with here. Always on point, able to clearly and succinctly articulate both position and context to orientate senior stakeholders and maximise value from time spent. Willing and comfortable to accept / handle challenges whilst confident to hold ground where right to do so but most importantly justifying why further underlining his expertise and confidence. The consultant was articulate and always composed which has enabled us to navigate tricky ground on this sensitive engagement to achieve the right outcome for us.

Client testimonial, publicly-listed travel firm.


Of breaches rely on privilege abuse

Source: 2019 Data Breach Investigations Report, Verizon


Average number of days to detect a data breach

2019 Cost of a Data Breach Report, IBM


Cost to UK business of CEO email fraud

Source: The cyber threat to UK business 2017-18, NCA


Businesses seek external help on cyber security

Source: Cyber Security Breaches Survey 2019, DCMS

Continuous assurance is the future of PCI DSS governance.

It allows you to make evidence-based decisions and investments, instead of the box ticking of years gone by.

Find out more