Cyber Essentials is the UK government's foundational security standard, run by NCSC and delivered by IASME. It has become quietly essential for any small business that handles client data, bids for serious work, or wants its insurance to actually pay out.
The five controls defend against up to 80% of internet-based cyber attacks affecting UK small businesses, including phishing, credential theft, ransomware, and known software exploits.
UK businesses with turnover under £20m receive £25,000 of cyber liability cover automatically with certification, including a 24/7 incident response helpline. Often worth more than the certification fee.
Increasingly required for UK government tenders, NHS supply chains, MoD work, and the procurement processes of larger enterprise clients. Any firm under £20m turnover qualifies for the scheme.
We don't sell tools. We don't sell fear. We do the practical work that makes your business safer, smarter, and harder to disrupt.
A fixed-fee readiness audit followed by the remediation work that gets your business through the Cyber Essentials assessment on first attempt. Most clients use software they already own.
We help you choose, configure, and roll out AI tools that don't expose client data, breach UK GDPR, or create new attack surfaces. Including bespoke workflows built for your firm.
Monthly external scanning, quarterly security reviews, phishing simulations, and steady AI improvement work. The kind of partnership that means you sleep easier.
Most security and AI work fails because it stays abstract. Ours moves from conversation to certificate to ongoing partnership inside a single quarter.
A free 15-minute call, then a one-day audit at a fixed fee. You receive a written report, a prioritised plan, and a clear sense of what's working and what isn't.
Two to four weeks of focused remediation: configuring what you already own, drafting the policies you need, and submitting your Cyber Essentials assessment on your behalf if you choose.
For clients who choose to continue, an ongoing partnership: monthly scans, quarterly reviews, and steady improvement. No surprises, no scope creep.
NCSC publishes the standard. IASME provides the questionnaire. The free tools are real and they're useful, and we'll genuinely recommend them to anyone who can spare the time.
Most of our clients tried that route first. They came to us when their Microsoft 365 tenant wouldn't cooperate, when the questionnaire's 70 questions stopped feeling free, or when the deadline for a tender arrived faster than the configuration work.
The questionnaire identifies gaps. Closing them, configuring M365, drafting policies, training staff, rolling out MFA, is the actual job. That's what you pay us for.
For a firm billing client hours at £200–£400, our fee is recovered in less than a day. Most clients save themselves three to four weeks of evening and weekend work.
Failed assessments cost the full fee again and put government tender deadlines at risk. We do the remediation work first, confirm every control is met, then submit. No surprises.
NCSC doesn't have an AI readiness tool. Most "AI consultants" don't understand UK GDPR. We do both, security and AI, properly, by the same person, for the same firm.
Wardlight was founded by Yemi Sasonel, a cybersecurity professional with a background in hands-on security work and AI adoption consulting. The practice exists because the market for London small businesses is poorly served: IT firms that don't really do security, and enterprise consultancies that don't work below a £50,000 engagement.
Wardlight sits in the middle, built specifically for professional firms that handle real client data, face real regulatory pressure, and can't afford to get either security or AI wrong.
A fifteen-minute call to confirm whether what we do fits what you need. No pitch, no obligation, no follow-up unless you ask.
Book a 15-minute call