Cybersecurity Improvement Programme
Designed and delivered a cybersecurity improvement programme that raised Microsoft Secure Score 25 percentage points above the industry standard.
Key Results
- 25pts above industry
- Microsoft Secure Score raised to 25 percentage points above the sector average
- Unified posture
- Consistent security controls deployed across all acquired businesses
- GDPR compliant
- Structured data protection controls replacing ad hoc compliance
- Board reporting
- Centralised security dashboard enabling regular stakeholder updates
The Challenge
A multi-brand e-commerce group with complex infrastructure across multiple acquisitions had inconsistent security practices. Each acquired business operated different security tooling, policies, and standards. The organisation needed a unified security posture and had no baseline measurement of its current position.
Inconsistent security controls across acquired businesses created blind spots. There was no centralised visibility into threats, no standardised incident response, and no way to report security posture to the board. GDPR obligations were being met ad hoc rather than through structured controls.
The Solution
Approach
Established Microsoft Secure Score as the baseline measurement and built a prioritised remediation plan targeting the controls with the highest security impact relative to business disruption. Designed unified security policies that could be applied across all brands without blocking operations.
Implementation
Rolled out conditional access policies, multi-factor authentication, data loss prevention rules, and endpoint protection across all business units. Built a centralised security dashboard for board-level reporting. Implemented GDPR-compliant data handling procedures and trained staff across all sites. Established incident response procedures and a recurring security review cadence.
The Results
Have a similar challenge?
Let's discuss how I can help you achieve similar results for your organisation.