cyber security maturity modelling

Implement digital security that fits your organisation


PGI’s cyber security maturity assessment will help you understand and improve your organisation’s security position.

How well is your organisation set up to manage cyber risk?


Cyber threats vary from company to company and sector to sector, so ‘a one size fits all’ approach to cyber and information security doesn’t work and a ‘blanket’ approach is very costly.

PGI’s Cyber Security Maturity Model analyses your organisation’s cyber security and compliance requirements to establish the effectiveness of current security measures. It also evaluates whether the current position aligns with organisational maturity targets based upon risk appetite, stakeholder expectations, and regulatory/legal requirements. Understanding your position highlights areas for improvement and priority of the investment required to keep your data and reputation safe.

PGI believe that there’s no point allocating excessive budget to something if it’s not required. It is a valuable tool for ongoing measurement and provides a structure for communicating progress to the rest of the business.

What is Cyber Security Maturity Modelling?


The maturity assessment involves comparing your organisation’s current security measures against the criteria of PGI’s Cyber Security Maturity Model, which has been developed based on a wide range of security industry standards and best practices, such as ISO 27001, PCI DSS, NISD, GDPR and CIS.

If your organisation does not have any specific regulations to comply with, CMM can provide a strong all-round view of security best practice.

The model can provide you with a clear way to see where your organisation needs to mature and to decide what maturity level is acceptable. It also provides a clear way to monitor and demonstrate progress if the CMM is repeated (e.g. annually), through use of an informative and consistent maturity scale across different areas of information security.

How is cyber security maturity assessed?


cyber icon

Consultants will evaluate 139 data points (processes, policies and controls) within 15 key business areas that have a bearing on your company security posture (covering technology, people, processes, and physical security). They score these using a 6-point scale that ranges from 0 (non-existent) to 5 (optimised).

This assessment—which can take from three to 20 days depending on business size and complexity—includes a detailed report that will clearly show any additional steps needed to meet the maturity levels necessary to achieve your risk management threshold.

Benefits of assessing your cyber security maturity


The assessment provides an in-depth and balanced view of your organisation’s preparedness against cyber threats and its ability to protect its information assets.

  • Helps you understand the gaps in your processes Read more Read less

    The assessment identifies where security measures are less mature than industry accepted good practice and where efforts must be concentrated to improve the organisation’s posture. You should consider undertaking a cyber security maturity assessment if you would like to:

    • Benchmark your maturity results against the rest of your industry
    • Create a stronger security culture within the company
    • Ensure that your organisation is prepared to face the evolving security threat landscape

    Because PGI consultants are external to your organisation, you can be assured of an independent and unbiased view of current maturity levels and recommended actions.

  • Helps you prioritise investment in security measures Read more Read less

    You will be provided with a Cyber Security Maturity Model Assessment Report, detailing the findings, evaluated maturity levels and recommendations. These findings will shape how effort is concentrated to improve maturity levels and which actions should be prioritised.

    This can facilitate effective project planning, resource forecasting and budgeting and provides companies with a cyber strategy planning tool, to ensure that your team target the right amount of maturity for areas that can create improvement and protect valuable assets.

  • Facilitates communicating cyber security and information security to management Read more Read less

    It is increasingly common that executives must reassure and actively provide evidence—to customers and stakeholders—that appropriate information management safeguards are in place. Your organisation’s key decision makers are provided with an independent non-technical explanation of the current cyber maturity levels and recommended actions, in-line with the organisation’s risk appetite and desired maturity.

    This business-focused approach ensures all important messages can be readily understood across the organisation.

    Upon request, PGI’s experienced consultants or CEO can provide a briefing (maximum two hours) to the organisation’s Senior Leadership Team, summarising the findings of the assessment and recommended actions moving forward. This briefing provides the Senior Leadership Team with a clear understanding of the organisation’s cyber security maturity and where improvements must be made to strengthen your company’s security.

  • Get the most out of cyber insurance Read more Read less

    Many insurance companies will require an assessment to gauge how mature an organisation’s security measures are. By conducting a cyber security maturity model, you put your organisation in the best possible position to demand the best premium from your insurance provider.

  • Achieve regulatory compliance Read more Read less

    For organisations that operate in a regulatory environment, the cyber security maturity model can also be aligned with the relevant frameworks, enabling compliance to be achieved as part of the wider cyber security strategy, without the need for two separate implementations.

  • Facilitates continuous improvement Read more Read less

    Continuous improvement is an important aspect of remaining compliant with a number of regulations; this is why many organisations find benefit in repeating these assessments at regular intervals (e.g. annually). This provides a consistent metric for key stakeholders (e.g. Senior Management, the Board, Regulators, or shareholders) to measure and demonstrate continuing improvement and increasing maturity levels.

Don’t wait for a breach to identify areas for improvement

Many organisations only undertake a review of their cyber security capabilities if there is a need to do so—usually when a breach has already occurred. However, the inevitable ‘blue-light’ response environment can skew the balanced risk management judgements that the Maturity Model is designed to inform.

Importantly, the cost of a breach in the future—which can often run into the hundreds of thousands—far outweighs the cost of proactively assessing your level of cyber security maturity to reduce the likelihood of a breach.

Ready to get started? Speak to one of our experts.

If you have any questions about our services or would like to learn more about our consultants here at PGI, please get in touch with us and speak with one of the team, call us on +44 (0)845 600 4403 or email us at sales@pgitl.com

Get in touch

Why work with PGI to understand your cyber security maturity?

PGI’s Cyber Security Maturity Model has been designed to cover the many cyber security and compliance requirements of your business. The expertise of PGI consultants in cyber security, information security frameworks and maturity assessments means they can accurately and independently assess your organisation’s current cyber maturity levels and provide pragmatic recommendations.

Want to find out more?