contact Search
Search
Service

Cyber security and operational resilience

Businesses must transform their operations to ensure they can deliver critical services while facing ever-evolving threats to their technology assets. The Berkeley Partnership helps organisations across a range of sectors enhance their cyber security and operational risk management.

Cyber security: threats to operational resilience

Whether cyber attacks are from nation states, hacktivists, or organised criminals, they’re becoming ever more sophisticated. Combined with the rising digitalisation of business activity it means it’s becoming increasing difficult for an organisation to be genuinely resilient. Other business challenges can create issues too – such as legacy technology estates, the storage of sensitive information and the rise of hybrid working.

We believe that businesses cannot respond to growing threats by bolting a cyber security function alongside existing capabilities. But they need to take a wider-screen view of all potential vulnerabilities – business and technical – to improve their overall operational resilience.

At Berkeley, we ensure that we understand your business and recognise what’s important and critical for you. By deploying a small team in strategic positions within your organisation, we won’t overwhelm your business or take months to deliver results. Instead, we’ll work to quickly define a cyber security roadmap and deliver solutions that are right for you. Your security is our priority.

The Berkeley consultant’s sharp business acumen coupled with an in-depth understanding of information security were invaluable assets during my first months in the role. Overall, the consultant was a key contributor to the success of my first 90 days in the company.

Out of the many hundreds of IT/cyber professionals and professional consultants I worked throughout my career, Berkeley clearly falls into in the top 10%. One of those who see the big picture, can easily zoom in and out, ultimately caring about the outcome and getting things done as if they were doing it for their own business. A rare skillset these days.

Actions speak louder than any advertisements. After working together, my only regret is that I did not know about Berkeley in my prior gigs.”

Head of Information and Cyber Security, a supply chain and logistics company

Cyber security: defining strategy for success

The Berkeley Partnership supports organisations to develop and define their cyber security strategy and operational resilience. By helping our clients work through the outputs of risk assessments, we assist in developing a roadmap for change – all while ensuring activities are prioritised so that our clients can feel tangible benefits as soon as possible. Berkeley consultants understand that every business runs differently, so strategies and plans are centred on the unique context of each client. We don’t bring in off the shelf solutions. 

Working with you from cyber security strategy through to delivery

Regardless of where you are in your operational risk management journey, The Berkeley Partnership is here to help. We work with our clients at all levels and pride ourselves on helping build capability at all of them. We’re adaptable as well as experienced, and can switch from policy and cyber security strategy to the detail of implementation in the most complex, high-stakes circumstances. 

Pragmatic approach to operational risk management

We’re experts at defining functional strategies that strengthen our clients’ businesses and we’re committed to ensuring that those strategies are deliverable. We work with our clients to mobilise their cyber security and operational resilience and then often help lead the delivery of projects that materially strengthen their capabilities. Our consultants combine their practical security domain knowledge with deep experience in programme delivery and business change to help our clients set their security programmes up for success.

Framing cyber security transformation for senior stakeholders

Cyber security and operational resilience is vital, but it’s crucial that senior stakeholders are on board to truly manage risk. Berkeley has vast experience of helping our clients with positioning their operational risk management agendas with board members, including securing investment approvals. Bringing recommended interventions to life and framing them in language that makes sense to senior stakeholders can be decisive in moving a project forward. We partner with our clients to achieve this necessary buy in. 

Cyber security and operational resilience can be unfathomable for the uninitiated. We believe the best approach is to bring everything down to the basics: a coherent, insight-driven strategy; well executed change; rigorous and efficient operations; and engaged and supportive leadership.”

Michael Owen, Partner

The Berkeley Partnership’s fundamentals for developing operational resilience

Our Advice

When providing cyber security consulting to clients, from formulating operational resilience through to delivering tangible change to their cyber security, our advice is:

Know the business

What’s important versus what’s critical? What are the inherent organisational cyber security strengths and weaknesses?

Don’t let great be the enemy of good

It’s easy to be seduced into attempting a leap to the gold standard. Before embarking upon wholesale organisational change, first ask: “How good are we at the basics of cyber security?” It’s not glamourous but it is essential.

Judgement over theory

With cyber security, it’s impossible to analyse your way to success. True operational resilience is achieved by being pragmatic – developed through focused thinking, delivering meaningful change in manageable steps.

People are as important as machines

Too often cyber security is characterised as a technology arms race, but developing operational resilience relies as much on cultural and behavioural change within your business

Get into the heads of the decision makers

Governance, organisation and ownership are everything. Effective operational risk management should come from the top down, not as an afterthought.

The Berkeley Partnership’s fundamentals for developing operational resilience

Our Advice

When providing cyber security consulting to clients, from formulating operational resilience through to delivering tangible change to their cyber security, our advice is:

Know the business

What’s important versus what’s critical? What are the inherent organisational cyber security strengths and weaknesses?

Don’t let great be the enemy of good

It’s easy to be seduced into attempting a leap to the gold standard. Before embarking upon wholesale organisational change, first ask: “How good are we at the basics of cyber security?” It’s not glamourous but it is essential.

Judgement over theory

With cyber security, it’s impossible to analyse your way to success. True operational resilience is achieved by being pragmatic – developed through focused thinking, delivering meaningful change in manageable steps.

People are as important as machines

Too often cyber security is characterised as a technology arms race, but developing operational resilience relies as much on cultural and behavioural change within your business

Get into the heads of the decision makers

Governance, organisation and ownership are everything. Effective operational risk management should come from the top down, not as an afterthought.

Clients often ask us…

Question 1

What are the biggest cyber threats to my business?

Question 2

How do I establish my organisation’s impact tolerances for cyber and operational risks?

Question 3

How do I identify my biggest operational resilience risks, and shape and deliver a cyber security roadmap to mitigate them?

Question 4

How do I prioritise which cyber-security and operational resilience initiatives to invest in, when demand always outstrips supply?

Question 5

How do I persuade my business that cyber security and operational resilience is not just a technical issue / solution?

Question 6

How do I embed a culture of cyber security within my organisation?

Question 7

How do I justify an investment in cyber security or operational resilience? How can I quantify the benefits when it may never happen?

Question 8

How do I respond to questions from my board / CEO about the latest ransomware attack, and whether I can guarantee that it would never happen to us?

Client stories

Global supply chain logistics company

Our client – a global supply chain logistics company – works with many well-known consumer goods brands, making them an attractive target for potential cyber criminals. In the wake of several well-publicised major supply chain cyber-attacks on other companies, the executive leadership team and board recognised they faced a significant risk – which could result in substantial damage to financial performance, business continuity and reputation.

The company embarked upon a three-year scope of work to realise their strategy of increasing their cyber maturity and mitigating their most immediate risks. They needed to be able to identify and manage cyber risks; protect themselves from attacks; efficiently detect and respond to incidents when they did occur; and have the capability to recover quickly. 

Global manufacturer

We assisted a major global manufacturing company to evaluate and select a cloud infrastructure service provider on which to run its new ERP system, all with operational resilience and cyber security in mind.

We helped establish selection criteria, a decision-making team, and a short-list of potential suppliers. We ran the selection exercise and helped negotiate the contract for the service. 

Large energy super-major

We led the project to migrate the global, multi-brand web-estate for a large energy super-major to the cloud in response to a huge increase in web-traffic volatility and a number of security threats. 

The project implemented a new Content Management System and helped establish a process for each brand entity to migrate their sites. 

FTSE 250 manufacturer

We led the programme to migrate a FTSE 250 manufacturer’s entire data-centre estate onto the cloud. 

This included both Unix and Windows services, ERP and best-of-breed package and bespoke applications. We ensured the solution was operational resilience and robust against cyber threats.

Larger retailer

We helped a large retailer establish a cloud IT competence centre, with cyber security and resilience as a key aim.

This provided a set of policies and standards which jump-started the capability within the organisation with a set of re-usable templates.

Global cloud solution

We led the overall programme as well as business case and supplier selection streams to deliver a cloud solution for all internet and intranet content with 200+ sites spanning 100 countries, in 29 languages and five major brands.

Benefits of the transformation to create a new ‘digitally native’ internal web agency included: improved site resilience and flexibility, improved digital security, annual OPEX savings and a significantly reduced lead time over traditional methods of hardware procurement, rack and stack, deployment and testing. 

Client stories

Our client – a global supply chain logistics company – works with many well-known consumer goods brands, making them an attractive target for potential cyber criminals. In the wake of several well-publicised major supply chain cyber-attacks on other companies, the executive leadership team and board recognised they faced a significant risk – which could result in substantial damage to financial performance, business continuity and reputation.

The company embarked upon a three-year scope of work to realise their strategy of increasing their cyber maturity and mitigating their most immediate risks. They needed to be able to identify and manage cyber risks; protect themselves from attacks; efficiently detect and respond to incidents when they did occur; and have the capability to recover quickly. 

We assisted a major global manufacturing company to evaluate and select a cloud infrastructure service provider on which to run its new ERP system, all with operational resilience and cyber security in mind.

We helped establish selection criteria, a decision-making team, and a short-list of potential suppliers. We ran the selection exercise and helped negotiate the contract for the service. 

We led the project to migrate the global, multi-brand web-estate for a large energy super-major to the cloud in response to a huge increase in web-traffic volatility and a number of security threats. 

The project implemented a new Content Management System and helped establish a process for each brand entity to migrate their sites. 

We led the programme to migrate a FTSE 250 manufacturer’s entire data-centre estate onto the cloud. 

This included both Unix and Windows services, ERP and best-of-breed package and bespoke applications. We ensured the solution was operational resilience and robust against cyber threats.

We helped a large retailer establish a cloud IT competence centre, with cyber security and resilience as a key aim.

This provided a set of policies and standards which jump-started the capability within the organisation with a set of re-usable templates.

We led the overall programme as well as business case and supplier selection streams to deliver a cloud solution for all internet and intranet content with 200+ sites spanning 100 countries, in 29 languages and five major brands.

Benefits of the transformation to create a new ‘digitally native’ internal web agency included: improved site resilience and flexibility, improved digital security, annual OPEX savings and a significantly reduced lead time over traditional methods of hardware procurement, rack and stack, deployment and testing.