How Cyber Essentials standards added 20% to an MSP’s the bottom line

Compliance standards are highly effective when providing security services as an MSP. Here we share a specific case, where one of our partners has managed to positively impact their bottom line, by providing Cyber Essentials certification suing the CyberSmart platform.

Golum IT, a London-based MSSP and security consultancy faced a big challenge: clearly demonstrate the value of their added services to their customers. Despite using the latest technologies, well trained sales people and account managers, the company found it difficult to showcase how much impact their work added to the cybersecurity of their clients. 

Introducing monthly reporting

As an initial step, the company began providing extensive reports to its customers on a monthly basis. These reports contained an extreme level of detail about threats faced and preventive measures deployed. To Golum IT’s surprise, even the deepest of insights on the effectiveness of measures deployed, struggled to nudge the scepticism of their client base.

Ultimately it was identified that, besides skim reading over the executive summary, these reports remained largely unread; the problem wasn’t the level of reporting, but simply the complexity and sheer volume of information provided.

Introducing external benchmarks

In order to maintain a high level of transparency, whilst simplifying reporting, Golum IT decided to introduce external standards to measure the effectiveness of their work. Although basic on the surface, the Cyber Essentials standard, with its 5 control areas, provided “headings” for every measure in place. In other words, instead of reading through X amount of pages of reporting, customers now receive a 1 page report, outlining the alignment of the company’s security posture to Cyber Essentials and what can be done to improve. 


Initially there was concern that Cyber Essentials was perceived as too basic to be used as a benchmark. In reality however, the brevity and clarity of reporting was more important than the need for in-depth knowledge. Of course, in some instances customers have additional questions, however they are very specific and based on reports produced. 

By introducing these reports based on the CyberSmart platform, customers  clearly saw and understood the value of its implementation, leading to more deployment and sign-ups of CyberSmart.