Cyber risk assessments


Assess and advise: a risk-based approach to information security

Information security is really a question of risk versus control. The answer will always be unique to each business: the right level of security controls for an organisation depends on the industry, applicable legislation and regulation and ultimately that organisation’s own appetite for risk.

The changing nature of new technology, evolving threats and regulatory requirements makes it a challenge for organisations to assess their current information security posture – and more importantly, to prioritise where to invest in the most effective defences.

For almost two decades, BH Consulting has helped organisations to address these challenges by assessing their security and risk exposure. Our unique methodology is based on the ISO 27001 Information Security Standard, combined with other industry-leading best practices, which enables us to evaluate an organisation’s information security across multiple levels:

  • Management
  • Process
  • Policy
  • Technology

As an independent third party, we can provide a critical outsider’s appraisal of your current security controls, in whole or in part. From there, we work with clients to develop a best-practice approach that responds to changing risks. Our menu of risk assessment services includes:

  • ISO 27001 assessment
  • Cybersecurity assessment
  • Vulnerability assessment
  • Penetration testing
  • Social engineering assessment
  • Business continuity assessment
  • Red team assessments
  • Simulated phishing tests


Although the security threat landscape is constantly shifting, by identifying the real risks to your business, organisations can make more informed choices about choosing security controls that are the best fit for their information systems and key data. After carrying out a thorough risk assessment based on an understanding of your key business drivers, BH Consulting recommends a bespoke combination of human, process or technical controls to mitigate potential risks.

How secure is your organisation? Find out now


The people aspect of security is often overlooked but it’s one of the most cost-effective ways of improving an organisation’s ability to counter threats.

Whether you need a general security awareness programme for all staff, or specific courses to meet a particular business or security objective like compliance targets, talk to BH Consulting about delivering tailored training that reduces your risk.