Is Your Business Actually Secure — Or Do You Just Hope It Is?
Most businesses invest in security tools and assume they're protected. But when a client, an auditor, or a cyber insurer asks you to prove it — assumption isn't enough. A CIS Assessment gives you evidence.
Does This Sound Familiar?
You're not alone. These are the situations that bring most South African businesses to us:
A client or partner sent you a security questionnaire — and you weren't sure how to answer it honestly.
You're applying for (or renewing) cyber liability insurance and need to prove you have security best practices in place.
You've spent money on firewalls, antivirus and Microsoft 365 — but you don't actually know if they're configured correctly.
You're worried about ransomware, but you don't know where your weak points are.
You need to show management or the board that the business is protected.
You simply want peace of mind that your business and its data are genuinely safe.
Cyber Insurance Now Requires Proof — Not Promises
South African and global cyber insurers have significantly tightened their requirements. To qualify for cyber liability cover, insurers now expect documented proof of specific security controls — including multi-factor authentication (MFA), endpoint detection and response (EDR), tested and immutable backups, email security, privileged access management, and a documented incident response plan.
Here's the part many businesses miss: a cyber insurance application is a legally binding document. When you attest that you enforce MFA everywhere or that your backups are immutable, the insurer relies on those statements to issue your policy. If a claim investigation later reveals those controls weren't actually in place, the insurer can reduce or deny your claim — or void the policy entirely.
This is exactly why an independent assessment matters. A CIS Assessment gives you evidence of what's actually in place, so you can complete your insurer's questionnaire honestly and accurately — and know your cover will hold up when you need it most.
The danger isn't just failing to qualify for insurance. It's paying premiums for years, then having a claim denied because a control you thought was in place wasn't.
There's a Recognised Way to Measure Whether You're Actually Secure
This is where CIS comes in. CIS stands for the Center for Internet Security — a globally recognised, independent organisation that publishes the security standards used by businesses, governments and security professionals worldwide.
The CIS Benchmarks and CIS Controls are, in effect, a blueprint for secure configuration. Rather than guessing whether your environment is secure, a CIS Assessment measures your actual systems against these proven international standards — and shows you exactly where you stand.
What We Assess
Exchange Online, Teams, SharePoint, Entra ID
Domain configuration, GPOs, privileged access
Server hardening against CIS Benchmarks
Endpoint configuration and hardening
Firewall rules, VPN and edge security
Database security and access controls
The 18 CIS Controls — Your Security Blueprint
A CIS Assessment measures your environment against the 18 CIS Controls — a prioritised set of safeguards designed to defend against the most common real-world cyberattacks.
- 01Inventory and Control of Enterprise Assets
- 02Inventory and Control of Software Assets
- 03Data Protection
- 04Secure Configuration of Enterprise Assets and Software
- 05Account Management
- 06Access Control Management
- 07Continuous Vulnerability Management
- 08Audit Log Management
- 09Email and Web Browser Protections
- 10Malware Defenses
- 11Data Recovery
- 12Network Infrastructure Management
- 13Network Monitoring and Defense
- 14Security Awareness and Skills Training
- 15Service Provider Management
- 16Application Software Security
- 17Incident Response Management
- 18Penetration Testing
How a CIS Assessment Works
We agree which systems and platforms to assess based on your environment.
We use professional CIS auditing tools (CIS-CAT Pro) to measure your configuration against the CIS Benchmarks — an automated, evidence-based process covering hundreds of controls.
You receive a detailed report showing what passed, what failed, and the severity of each finding, categorised critical/high/medium/low.
We help you understand the findings and give you a prioritised, practical roadmap to close the gaps — based on real risk, not a list of hundreds of items.
Who Needs a CIS Assessment?
Businesses applying for or renewing cyber liability insurance
Companies responding to client or supply-chain security requirements
Organisations that have invested in security tools but want to verify they're configured correctly
Businesses that want board-level assurance their data is protected
Any company that wants genuine peace of mind about their security posture
Frequently Asked Questions
Find Out Where You Actually Stand
Book a free assessment and get an honest, evidence-based picture of your security posture — no jargon, no assumptions.
Book a Free Assessment