contact Search
Search
Service

Cyber security and operational resilience

Businesses must transform their operations to ensure they can deliver critical services while facing ever-evolving threats to their technology assets. The Berkeley Partnership helps organizations across a range of sectors enhance their cyber security and operational resilience capabilities.

Cyber security: threats to operational resilience

Whether cyber-attacks are from nation states, hacktivists, or organized criminals, they’re becoming more and more sophisticated. Combined with the rising digitalization of business activity it means it’s becoming increasing difficult for an organization to be genuinely resilient. Other business challenges can create issues too – such as legacy technology estates, the storage of sensitive information and the rise of hybrid working.

We believe that businesses cannot respond to growing threats by bolting a cyber security function alongside existing capabilities. They need to take a wider view of all potential vulnerabilities – business and technical – to improve their overall operational resilience.

At Berkeley, we ensure that we understand your business and recognize what’s important and critical for you. By deploying a small team of cyber security consultants in strategic positions within your organization, we won’t overwhelm your business or take months to deliver results. Instead, we’ll work to quickly define a cyber security roadmap and deliver solutions that are right for you. Your security is our priority.

The Berkeley consultant’s sharp business acumen coupled with an in-depth understanding of information security were invaluable assets during my first months in the role. Overall, the consultant was a key contributor to the success of my first 90 days in the company.

Out of the many hundreds of IT/cyber professionals and professional consultants I worked throughout my career, Berkeley clearly falls into in the top 10%. One of those who see the big picture, can easily zoom in and out, ultimately caring about the outcome and getting things done as if they were doing it for their own business. A rare skillset these days.

Actions speak louder than any advertisements. After working together, my only regret is that I did not know about Berkeley in my prior gigs.”

Head of Information and Cyber Security, a supply chain and logistics company

Defining cyber security strategy for success

The Berkeley Partnership supports organizations to develop and define their cyber security strategy and operational resilience framework. By helping our clients work through the outputs of risk assessments, we assist in developing a roadmap for change – all while ensuring activities are prioritized so that our clients can feel tangible benefits as soon as possible. Berkeley consultants understand that every business runs differently, so strategies and plans are centered on the unique context of each client. We don’t just bring in off-the-shelf solutions – we ensure our approach is tailored to meet each client’s needs. 

Cyber security consultanting from strategy through to delivery

Regardless of where you are in your cyber security journey, The Berkeley Partnership is here to help. We work with our clients at all levels and pride ourselves on helping build capability at all of them. We’re adaptable as well as experienced, and can switch from policy and cyber security strategy to the detail of implementation in the most complex, high-stakes circumstances. . 

Pragmatic approach to operational resilience

We’re experts at defining resilience strategies that strengthen our clients’ businesses and we’re committed to ensuring that those strategies are deliverable. We work with our clients to mobilize their cyber security frameworks and delivery roadmaps and then often help lead the delivery of projects that materially strengthen their capabilities. Our cyber security consulting combines practical security domain knowledge with deep experience in program delivery and business change to help our clients set their security programs up for success.

Framing cyber security transformation for senior stakeholders

Cyber security and operational resilience is vital, but it’s crucial that senior stakeholders are on board to truly manage risk. Berkeley has vast experience of helping our clients with positioning their cyber agendas with board members, including securing investment approvals. Bringing recommended interventions to life and framing them in language that makes sense to senior stakeholders can be critical in moving a project forward. We partner with our clients to achieve this level of understanding and buy-in. 

Cyber security and operational resilience can be unfathomable for the uninitiated. We believe the best approach is to bring everything down to the basics: a coherent, insight-driven strategy; well executed change; rigorous and efficient operations; and engaged and supportive leadership.”

Michael Owen, Partner

The Berkeley Partnership’s fundamentals for developing operational resilience

Our advice

When providing cyber security consulting to clients, from formulating operational resilience frameworks and strategies through to delivering tangible change to their cyber security capabilities, our advice is:

Know the business

What’s important versus what’s critical? What are the inherent organizational cyber security strengths and weaknesses?

Don’t let great be the enemy of good

It’s easy to be seduced into attempting a leap to the gold standard. Before embarking upon wholesale organizational change, first ask: “How good are we at the basics of cyber security?” It’s not glamorous but it is essential.

Judgment over theory

With cyber security strategy, it’s impossible to analyze your way to success. True operational resilience is achieved by being pragmatic – developed through focused thinking, delivering meaningful change in manageable steps.

People are as important as machines

Too often cyber security is characterised as a technology arms race, but developing operational resilience relies as much on cultural and behavioral change within your business

Get into the heads of the decision makers

Governance, organization and ownership are everything. Effective operational resilience should come from the top down, not as an afterthought.

The Berkeley Partnership’s fundamentals for developing operational resilience

Our advice

When providing cyber security consulting to clients, from formulating operational resilience frameworks and strategies through to delivering tangible change to their cyber security capabilities, our advice is:

Know the business

What’s important versus what’s critical? What are the inherent organizational cyber security strengths and weaknesses?

Don’t let great be the enemy of good

It’s easy to be seduced into attempting a leap to the gold standard. Before embarking upon wholesale organizational change, first ask: “How good are we at the basics of cyber security?” It’s not glamorous but it is essential.

Judgment over theory

With cyber security strategy, it’s impossible to analyze your way to success. True operational resilience is achieved by being pragmatic – developed through focused thinking, delivering meaningful change in manageable steps.

People are as important as machines

Too often cyber security is characterised as a technology arms race, but developing operational resilience relies as much on cultural and behavioral change within your business

Get into the heads of the decision makers

Governance, organization and ownership are everything. Effective operational resilience should come from the top down, not as an afterthought.

Clients often ask us…

Question 1

What are the biggest cyber security threats to my business?

Question 2

How do I establish my organization’s impact tolerances for cyber security and operational risks?

Question 3

How do I identify my biggest cyber risks, and shape and deliver a program of work to mitigate them?

Question 4

How do I prioritize which cyber-security and operational resilience initiatives to invest in, when demand always outstrips supply?

Question 5

How do I persuade my business that cyber security management is not just a technical issue / solution?

Question 6

How do I embed a culture of cyber security within my organization?

Question 7

How do I justify an investment in cyber-security or operational resilience? How can I quantify the benefits when it may never happen?

Question 8

How do I respond to questions from my board / CEO about the latest ransomware attack, and whether I can guarantee that it would never happen to us?

Client stories

Global supply chain logistics company

Our client – a global supply chain logistics company – works with many well-known consumer goods brands, making them an attractive target for potential cyber criminals. In the wake of several well-publicized major supply chain cyber-attacks on other companies, the executive leadership team and board recognized they faced a significant risk – which could result in substantial damage to financial performance, business continuity and reputation.

The company embarked upon a three-year scope of work to realize their strategy of increasing their cyber maturity and mitigating their most immediate risks. They needed to be able to identify and manage cyber risks; protect themselves from attacks; efficiently detect and respond to incidents when they did occur; and have the capability to recover quickly. 

Global manufacturer

We assisted a major global manufacturing company to evaluate and select a cloud infrastructure service provider on which to run its new ERP system. 

We helped establish selection criteria, a decision-making team, and a short-list of potential vendors. We ran the selection exercise and helped negotiate the contract for the service. 

Large energy super-major

We led the project to migrate the global, multi-brand web-estate for a large energy super-major to the cloud in response to a huge increase in web-traffic volatility and a number of security threats. 

The project implemented a new Content Management System and helped establish a process for each brand entity to migrate their sites. 

FTSE 250 manufacturer

We led the program to migrate a FTSE 250 manufacturer’s entire data-center estate onto the cloud. 

This included both Unix and Windows services, ERP and best-of-breed package and bespoke applications.

Global cloud solution

We led the overall program as well as business case and supplier selection streams to deliver a cloud solution for all internet and intranet content with 200+ sites spanning 100 countries, in 29 languages and five major brands.

Benefits included: improved site resilience and flexibility, improved digital security, annual OPEX savings and a significantly reduced lead time over traditional methods of hardware procurement, rack and stack, deployment and testing. 

UK financial services regulator

We worked with a UK financial services regulator to develop the detailed business case for a multi-million pound investment in a new Salesforce.com authorizations workflow capability. 

One particular complication was to drive out an accurate set of ongoing service support costs given that this was the first time the organization had implemented a cloud-based solution. The business case was approved by the regulator’s executive committee and the template was rolled out as a good practice example. 

Client stories

Our client – a global supply chain logistics company – works with many well-known consumer goods brands, making them an attractive target for potential cyber criminals. In the wake of several well-publicized major supply chain cyber-attacks on other companies, the executive leadership team and board recognized they faced a significant risk – which could result in substantial damage to financial performance, business continuity and reputation.

The company embarked upon a three-year scope of work to realize their strategy of increasing their cyber maturity and mitigating their most immediate risks. They needed to be able to identify and manage cyber risks; protect themselves from attacks; efficiently detect and respond to incidents when they did occur; and have the capability to recover quickly. 

We assisted a major global manufacturing company to evaluate and select a cloud infrastructure service provider on which to run its new ERP system. 

We helped establish selection criteria, a decision-making team, and a short-list of potential vendors. We ran the selection exercise and helped negotiate the contract for the service. 

We led the project to migrate the global, multi-brand web-estate for a large energy super-major to the cloud in response to a huge increase in web-traffic volatility and a number of security threats. 

The project implemented a new Content Management System and helped establish a process for each brand entity to migrate their sites. 

We led the program to migrate a FTSE 250 manufacturer’s entire data-center estate onto the cloud. 

This included both Unix and Windows services, ERP and best-of-breed package and bespoke applications.

We led the overall program as well as business case and supplier selection streams to deliver a cloud solution for all internet and intranet content with 200+ sites spanning 100 countries, in 29 languages and five major brands.

Benefits included: improved site resilience and flexibility, improved digital security, annual OPEX savings and a significantly reduced lead time over traditional methods of hardware procurement, rack and stack, deployment and testing. 

We worked with a UK financial services regulator to develop the detailed business case for a multi-million pound investment in a new Salesforce.com authorizations workflow capability. 

One particular complication was to drive out an accurate set of ongoing service support costs given that this was the first time the organization had implemented a cloud-based solution. The business case was approved by the regulator’s executive committee and the template was rolled out as a good practice example. 

Sector

Financial services

Arrow icon
Services

Digital, data and technology

Arrow icon