Your outsourced security department.
Fully Managed Cyber is where Cyber Trust becomes your security team. We own your cyber programme month to month - keeping you compliant, insurable and resilient, with one joined-up plan and one team accountable for progress.
With Fully Managed Cyber you get
One plan. One owner.- A named security lead (virtual CISO style) who owns the roadmap and keeps it moving.
- A clear governance rhythm with board-ready reporting and 90-day priorities.
- Compliance and certification handled end-to-end - including evidence, submissions and renewals.
- Continuous monitoring and improvement - vulnerability scanning, risk tracking and prioritised actions.
Not sure where you stand? Start with a first - then move into Fully Managed Cyber to run the roadmap month to month. (Audit fee credited towards onboarding.)
One team accountable
You get a named security lead and a delivery team that plugs into your IT function - keeping compliance, assurance and improvement on track as your business changes.
Governance
Evidence
Progress
The simple definition
What Fully Managed Cyber actually is.
Fully Managed Cyber is an outsourced security department. It isn't a one-off consultant, and it isn't just “more tools”. It's an ongoing programme where we own your cyber roadmap - setting priorities, tracking progress and keeping risk under control month after month.
You get a calm, predictable rhythm: clear 90-day priorities, a living 12-month plan, and reporting that makes sense to leadership. We do the heavy lifting and coordinate with your IT team and suppliers - so important actions don't drift.
Our job is to turn security into a coherent business story for insurers, auditors and big customers - backed by evidence and steady improvement, not a pile of technical tickets.
Less drift
Plans stay live. Actions stay owned.
Faster assurance
Clear answers backed by evidence.
Lower internal load
We drive the programme; you approve.
- Fewer surprises - gaps and drift are caught early and kept under control.
- Faster assurance - clearer answers for insurers, auditors and key customers.
- Less internal effort - we drive the programme; you approve priorities and decisions.
Expect regular governance calls, clear action lists and a single view of risk - with policies, evidence packs and certification managed as part of the same programme.
We plug into your existing IT team, MSP or suppliers and lead the overall programme - so everyone is working to the same plan.
Built for real-world pressure
A joined-up programme that stays compliant and keeps improving.
Fully Managed Cyber covers the outcomes insurers and larger customers expect to see: ownership, governance, evidence and measurable improvement. We run it as one programme - not a set of disconnected projects.
Your security lead and programme owner
- Named security lead (virtual CISO style) owning your roadmap.
- Clear 90-day priorities and a living 12-month plan.
- Governance rhythm - regular reviews and board-ready reporting.
Certification, policies and evidence - kept current
- Cyber Essentials and Cyber Essentials Plus managed end-to-end.
- Policies maintained with review cycles, version control and practical rollout support.
- Evidence packs and assurance documentation ready for insurers and customers.
Continuous improvement you can prove
- Vulnerability scanning with prioritised actions and owners.
- Patch and remediation guidance focused on what matters most.
- A living risk register and action tracking - so progress is visible and auditable.
We scale depth based on your contracts, insurers and regulators - so the programme fits your world without becoming noise.
Fully Managed Cyber also covers people, culture and customer assurance - including training, phishing simulations, supplier checks and tender support - so you can prove maturity without building a full internal security function.
Scope that matches your world
What Fully Managed Cyber can include.
We build the programme around your roadmap. Some organisations need a stronger compliance and assurance engine; others need more focus on risk management, people and governance. The goal stays the same: one accountable programme that keeps improving.
Cyber Essentials / Cyber Essentials Plus
We manage the certification journey end-to-end: evidence, guidance on fixes, submissions and renewals.
Included when it supports your roadmap and external requirements.
Security leadership & governance
A named security lead, regular governance calls, board-ready updates and clear priorities.
Included when it supports your roadmap and external requirements.
Policies & documentation
Policies kept current with review cycles and version control, plus practical rollout support.
Included when it supports your roadmap and external requirements.
Vulnerability scanning & prioritisation
Scheduled scanning with a clear ‘fix-first’ list, owners and realistic timelines.
Included when it supports your roadmap and external requirements.
Risk register & action tracking
A living risk register linked to actions and decisions - so progress is visible and auditable.
Included when it supports your roadmap and external requirements.
Awareness training
Ongoing training and refreshers focused on the behaviours that reduce real-world risk.
Included when it supports your roadmap and external requirements.
Phishing simulations
Monthly or quarterly simulations with improvement tracking over time - not blame, just progress.
Included when it supports your roadmap and external requirements.
Supplier assurance templates
Questionnaires and templates to assess suppliers consistently and record outcomes.
Included when it supports your roadmap and external requirements.
Privacy & governance templates
Support with common governance needs such as DPIA and ROPA templates and practical guidance.
Included when it supports your roadmap and external requirements.
Tender & customer assurance support
Help answering security questionnaires, writing cyber sections of tenders and providing posture summaries.
Included when it supports your roadmap and external requirements.
Letters of assurance
Clear, credible assurance statements supported by evidence (where appropriate).
Included when it supports your roadmap and external requirements.
Premium add-ons
When required: annual penetration testing, deeper checks and targeted third-party assessments.
Included when it supports your roadmap and external requirements.
Clear scope, calm delivery
How Fully Managed Cyber is scoped.
Fully Managed Cyber is designed around your organisation - your size, your key systems and the external pressure you're under from insurers, customers or regulators.
Most clients start with the Cyber Posture Audit. That gives a clear, board-ready view of risk and a 12-month roadmap - then Fully Managed Cyber is how we run that roadmap month to month.
The result is a clear, fixed four-weekly fee with agreed responsibilities, practical service levels and a governance rhythm that suits your business.
The goal isn't “maximum security activity”. It's the right level of ownership, evidence and improvement for your contracts and risk profile.
What shapes the scope.
- Inputs: number of users, sites and key systems; customer/insurer requirements; and how much we own vs support.
- Outputs: a defined programme with a named lead, a delivery rhythm and clear inclusions.
- No surprises: we walk through scope line-by-line before you commit.
Tangible month-to-month delivery
What Fully Managed Cyber looks like in practice.
You're not buying a report - you're getting an outsourced security team. Month to month, that typically means:
A named security lead (virtual CISO style) who learns your business and owns your programme.
A regular governance rhythm with clear actions, owners and decision points.
Clear 90-day priorities and a living 12-month roadmap that doesn’t drift.
Certification management and renewals handled end-to-end where required (including evidence and submissions).
Vulnerability scanning with prioritised remediation guidance - focused on what matters most.
A living risk register and action tracking that leadership can understand and auditors can follow.
Policies kept current with review cycles, plus practical guidance to embed them.
Support with insurer questions, customer questionnaires and tenders - backed by evidence, not guesswork.
Ongoing awareness training and phishing simulations (at an agreed cadence) with improvement tracking.
You'll always know what changed, what was delivered, what's blocked, and what we recommend next - in plain English.
Phase 1 → Phase 2
Why we start with a Cyber Posture Audit
Fully Managed Cyber works best when it's built on a clear picture of where you are today. That's what the Cyber Posture Audit delivers: a board-ready view of risk and a practical 12-month roadmap.
Once we understand what's in place, what's missing and where the real exposure sits, we can run the roadmap with you - coordinating improvements across people, process, documentation and technical controls.
If you already have a clear roadmap, we can move straight into scoping. If you don't, we recommend the Audit first - and if you move into Fully Managed Cyber afterwards, the Audit fee is credited towards onboarding.
Phase 1
Cyber Posture Audit: map risk and agree a 12-month roadmap.
Phase 2
Fully Managed Cyber: we run the roadmap month to month, with governance, evidence and steady improvement.
Clear steps. No rushed commitments. Audit fee credited towards onboarding if you move into Phase 2.
Fit matters
Is Fully Managed Cyber the right fit?
This is for you if…
- You’re roughly 20–500 staff and don’t have a dedicated security leader internally.
- Insurers, large customers or regulators are asking for evidence - and you need a joined-up response.
- You want one accountable team to own the programme, not a collection of vendors and one-off projects.
- You want steady improvement, clearer decisions and calmer board conversations.
This is not for you if…
- You only want a one-off certificate or a single test.
- You’re primarily looking for the cheapest possible tick-box.
- You don’t have executive backing to allocate time to improvements and make decisions.
- You don’t want an ongoing relationship - in that case, we can still help with one-off work.
Ready to have one team accountable for your cyber programme?
Talk to us about Fully Managed Cyber, or start with a Cyber Posture Audit if you're not sure where you stand. Either way, you leave with a clear next step.
Both paths begin with understanding your current posture - then agreeing a managed programme that matches your risk, external requirements and internal capacity.