Structured Engagement

Five days to clarity.

ProgrammeInteractive202612 min read

Most businesses do not get breached because they ignored security. They get breached because they never had a clear, honest picture of where they actually stood. The Cyber Sprint fixes that in five working days.

5
Working days
£950
Fixed fee
1
Clear action plan
100%
Credited if you continue

What is it?

The Cyber Sprint is a structured, five-day review of your business's cyber security posture. It is not a penetration test. It is not an audit. It is a focused engagement designed to answer the question every business owner eventually asks: "Are we actually protected, or are we just hoping we are?"

At the end of the sprint, you receive a written report in plain English. No jargon. No scare tactics. Just an honest assessment of where you stand, what needs fixing first, and a prioritised 30-60-90 day action plan that makes sense for your size, your budget, and your risk appetite.

If you decide to work with GHOSTLINE afterwards, the full £950 is credited towards your onboarding. If you do not, you still walk away with something genuinely useful.

Why this matters for your business

Cyber security is not just a technology problem. It is a business continuity problem. It affects whether you can trade, whether customers trust you, whether insurers will cover you, and whether you can win contracts that require security evidence.

Without clarity
Risk
You spend money on tools you do not need, ignore risks you do not see, and cannot answer basic questions from insurers, clients, or regulators.
With clarity
Advantage
You know exactly what needs doing, in what order, at what cost. You can answer questions confidently. You make smarter decisions about where to invest.
Win more contracts

Larger clients and public sector buyers increasingly require security evidence. A clear posture assessment and action plan shows you take it seriously, even if you are still building. That is often enough to win the bid.

Reduce insurance premiums

Cyber insurers are tightening underwriting. Businesses that can demonstrate MFA, endpoint monitoring, backup testing, and incident response planning get better terms. The sprint gives you the evidence.

Protect your reputation

A breach does not just cost money. It costs trust. Customers, partners, and staff all notice. Getting ahead of the problem is cheaper than recovering from it.

Meet regulatory requirements

GDPR, Cyber Essentials, the incoming Cyber Security and Resilience Bill, supply chain obligations. The sprint maps where you stand against the frameworks that apply to your business.

Stop wasting money

Many businesses pay for security tools they do not use properly, or buy the wrong thing entirely. The sprint identifies what you actually need so every pound does real work.

The five days

Click each day to see what happens. Each day builds on the last.

01
Day 1
Discovery & Scoping

We start with a conversation. Not a technical interrogation. We want to understand your business: what you do, how you work, what systems you depend on, and what keeps you up at night.

We map your technology footprint: email platform, cloud services, devices, remote access, file storage, line-of-business applications. We identify who has admin access and how your team connects to work.

This is also where we learn about your business context. Do you handle sensitive data? Are you in a regulated sector? Do clients ask you security questions? Are you bidding for contracts that require Cyber Essentials?

Technology map Access inventory Business context brief
02
Day 2
External Exposure Review

We look at your business from the outside. The same view an attacker would have. We check your domain, subdomains, email configuration (SPF, DKIM, DMARC), exposed services, open ports, certificate health, and publicly visible information.

We also run credential exposure checks: have any of your staff email addresses appeared in known data breaches? Are there leaked passwords in circulation? This is often the most eye-opening part of the sprint.

None of this is invasive. We are not hacking anything. We are looking at what is already visible to anyone who cares to look.

External scan results Email security grade Credential exposure report
03
Day 3
Controls & Hygiene Assessment

Now we look inward. Using the worksheet (see the interactive example below), we assess your current security controls against what actually matters for a business your size.

This covers: multi-factor authentication, device management, backup strategy, admin access controls, patching cadence, email filtering, staff awareness, incident response readiness, supplier management, and data handling.

We are not measuring you against a 400-page framework. We are checking whether the basics are done, done properly, and would hold up if tested.

Controls matrix Gap analysis Hygiene score
04
Day 4
Risk Prioritisation & Roadmap

Everything from days 1 to 3 gets analysed and ranked. Not by technical severity alone, but by business impact. A critical vulnerability on a test server is less urgent than a missing MFA policy on the finance director's email.

We build a 30-60-90 day action plan. The first 30 days cover the things that need immediate attention. The next 30 cover strengthening. The final 30 cover maturity, ongoing monitoring, and governance.

Every recommendation comes with a plain-English explanation of why it matters and a realistic estimate of effort and cost.

Prioritised risk register 30-60-90 action plan Cost estimates
05
Day 5
Debrief & Handover

We walk you through everything. In a call, not a PDF dump. We explain what we found, why it matters, and what to do about it. You can ask questions. We will answer them without jargon.

You receive the full written report, the action plan, the controls matrix, and the external exposure findings. All yours to keep regardless of what you decide next.

If you want GHOSTLINE to help implement the plan, the £950 is credited in full towards your first retainer. If you want to handle it yourself, you have everything you need.

Written report Debrief session Onboarding path (optional)

Example worksheet

This is a simplified version of the controls assessment we run on Day 3. Try it yourself. Select your current state for each item and watch your score update in real time. Nothing leaves this page.

0%
Hygiene Score
Complete the worksheet below
GHOSTLINE // Controls Worksheet
EXAMPLE

Example output

Here is what a real sprint report looks like. Click the tabs to see each section.

Sprint Report // Example Ltd
Summary Findings Action Plan Exposure
Client
Example Ltd (Cardiff, 28 staff)
Sector
Professional services
Sprint date
12-16 May 2026
Overall posture
Moderate: foundations present, gaps in coverage

Example Ltd has basic protections in place but significant gaps in email security configuration, admin access controls, and incident response readiness. MFA is partially deployed. Backups exist but have not been tested. Three staff email addresses appear in known breach databases. The business holds client financial data and is subject to GDPR obligations. Immediate priorities are email hardening, MFA completion, and backup verification.

3
HIGH
5
MEDIUM
4
LOW
2
INFO

MFA not enforced on Microsoft 365

HIGH

Multi-factor authentication is enabled for 12 of 28 user accounts. The remaining 16 accounts, including two with global admin privileges, rely on password-only authentication.

FIX → Enable MFA for all accounts via Conditional Access. Prioritise admin and finance accounts. Estimated effort: 2 hours.

DMARC policy set to none

HIGH

The domain has a DMARC record but the policy is set to "none", meaning spoofed emails using your domain are not blocked. SPF and DKIM are configured but not enforced.

FIX → Move DMARC policy to quarantine, then reject after monitoring. Estimated effort: 1 hour + 2 weeks monitoring.

Three staff credentials in breach databases

HIGH

Email addresses for the finance manager, operations lead, and a project manager appear in known breach datasets. Associated passwords may be in circulation.

FIX → Force password reset for affected accounts. Verify MFA is active. Check for suspicious sign-in activity. Estimated effort: 1 hour.

Backups not tested

MEDIUM

Cloud backups are configured via the Microsoft 365 admin centre. However, no restore test has been performed. Recovery time and data completeness are unknown.

FIX → Perform a test restore of mailbox and SharePoint data. Document recovery time. Schedule quarterly tests. Estimated effort: 3 hours.

No incident response plan

MEDIUM

The business does not have a documented plan for what to do if a security incident occurs. Key contacts, escalation steps, and communication procedures are not defined.

FIX → Create a one-page incident response plan covering: who to call, what to isolate, how to communicate. Estimated effort: 2 hours.

Admin accounts used for daily work

MEDIUM

Two global admin accounts are used as daily-driver email and Teams accounts. If either is compromised, the attacker has full control of the tenant.

FIX → Create separate admin accounts. Use daily accounts for email and Teams. Use admin accounts only for admin tasks. Estimated effort: 1 hour.
DAYS 1-30

Urgent

Enforce MFA on all accounts. Reset breached credentials. Move DMARC to quarantine. Test backups. Create one-page incident response plan. Separate admin accounts.

DAYS 31-60

Strengthen

Deploy endpoint monitoring. Implement email reporting for phishing. Review third-party access. Move DMARC to reject. Start staff awareness programme. Document key suppliers.

DAYS 61-90

Mature

Establish regular vulnerability scanning. Begin Cyber Essentials preparation. Schedule quarterly backup tests. Implement ongoing monitoring via GHOSTLINE. Board-level security reporting.

Each phase builds on the last. Progress is measurable and reportable.

External exposure scan results for example.co.uk
SPF
PASS
v=spf1 include:spf.protection.outlook.com -all
DKIM
PASS
DKIM signing enabled via Microsoft 365
DMARC
WEAK
v=DMARC1; p=none; rua=mailto:dmarc@example.co.uk (policy not enforcing)
TLS
A
TLS 1.3 with strong cipher suite
Open ports
2 FOUND
443 (HTTPS), 3389 (RDP, externally accessible, no geo-restriction)
Breached credentials
3 FOUND
finance@, ops@, pm@ found in 2 breach datasets (2023, 2024)

See it run

Click the commands below to simulate each phase of the sprint.

ghostline://cyber-sprint
Discover Scan external Assess controls Prioritise Generate report Run full sprint

Who is this for?

Businesses that have never had a security review
You know it matters. You have not had the time or the right partner to make it happen. The sprint gives you a starting point.
Businesses preparing for Cyber Essentials
The sprint maps your gaps against the CE requirements so you know exactly what to fix before the assessment.
Businesses bidding for contracts that require security evidence
Public sector, NHS supply chain, financial services. The sprint gives you something concrete to show.
Businesses that have been breached and need to understand what happened
Post-incident, the sprint helps you understand your exposure and build a recovery plan.
Businesses that think they are fine but want to be sure
The most common outcome. Businesses that feel confident often have the biggest surprises in the credential exposure check.

What you walk away with

Written report
Plain English. Findings, risks, and recommendations explained clearly.
30-60-90 plan
Prioritised actions in three phases. Effort and cost estimated for each.
Exposure scan
External footprint, email security grade, credential breach check.
Controls matrix
Where you stand on every fundamental control. Green, amber, or red.
Debrief call
We walk you through it. Ask anything. No jargon.
Onboarding credit
£950 credited in full if you continue to a managed retainer.

Five days. One clear picture.

£950 fixed fee. Credited if you stay. No lock-in. No surprises.

Book a Cyber Sprint View Pricing