Confidential client cyber risk assessment

Our client is a Government who were concerned about their exposure to a cyber-attack that might impact their citizens, Government services, critical national infrastructure and economy.

Without a clear and deep understanding of their current cyber posture, the client’s leadership team were unable to identify their risk exposure or to develop an effective strategy for cyber resilience.

Atkins were selected to perform a cyber risk assessment to identify the key challenges, threats and risks to Government-provisioned services, broader critical national infrastructure and key economic activity. The review would need to establish a realistic picture of the client’s level of resilience and their capability to respond to a serious cyber-attack.

Working in collaboration with the client and key stakeholders, we developed a snapshot cyber threat and risk assessment. This provided a measurement of maturity assessment relating to their key assets.

A series of sequenced and integrated work packages were also created. These focused on identifying Government and business stakeholders for engagement and reviewing existing security approaches, strategies and policies to obtain a wider national view.

The work packages also involved collecting and analysing data on the state of the nation through events, workshops, interviews and reviews, and identifying key security threats, risks and opportunities to reduce risk and improve resilience.

As a result of the risk assessment activity, potential threats, attack vectors and vulnerabilities were also highlighted, along with identification of what would make the client an attractive target.

Our client’s senior stakeholders obtained a realistic view of the maturity of their cyber defence, with key areas of weakness and strength identified across Government and business sectors.

Clear and concise prioritised expert recommendations, based on the client’s technology, people and processes, were then provided to inform their mitigation strategy and improve their cyber resilience.