1 | Threshold Readiness Baseline
| Engagement Component | Summary |
| Purpose | Establish a structured baseline of organisational cyber readiness and defensive posture against ransomware and cyber-extortion threats. |
| When Organisations use Tier 1 | SMEs and mid-sized organisations seeking an independent view of cyber readiness for leadership, insurers, regulators, and client assurance. |
| Engagement Structure | Structured declarative assessment delivered through a three-phase questionnaire model analysing organisational context, governance posture, and technical readiness. |
| What DSCR Analyses | Structural readiness indicators including governance maturity, operational dependencies, defensive control coverage, and resilience posture against ransomware propagation. |
| Tier 1 Deliverables | Executive-friendly readiness report, structural risk indicators, and baseline resilience profile suitable for board review, insurer discussion, and internal planning. |
| Relationship to Other Tiers | Tier 1 establishes the readiness baseline that informs deeper governance alignment in Tier 2 and architectural defence development in Tier 3. |
| Typical Fee | £1,500 – £4,000 depending on organisational size, operational complexity, and scope of analysis. |
Engagement Purpose
Most organisations implement a range of security controls but lack clear visibility into how those controls combine to influence overall defensive readiness against ransomware and cyber extortion threats.
The Threshold Readiness Baseline provides a structured assessment of organisational cyber resilience, examining how governance practices, operational dependencies, and core technical safeguards interact to influence defensive posture.
Rather than relying solely on compliance checklists, the engagement focuses on identifying structural readiness indicators that shape how effectively an organisation can prevent, detect, and respond to cyber threats.
The outcome is an executive-friendly readiness report that enables leadership teams to understand their current defensive position and identify strategic priorities for strengthening resilience.
When Organisations use Tier 1
Organisations typically request a readiness baseline when they want to:
• understand their exposure to ransomware and cyber extortion threats
• support cyber-insurance discussions and underwriting processes
• demonstrate security maturity to clients, partners, or regulators
• provide board-level visibility of cyber risk
• establish a measurable starting point for security improvement
For many organisations, the baseline serves as the first structured assessment of cyber readiness at the leadership level.
Engagement Structure
The Threshold Readiness Baseline is conducted through a three-phase declarative assessment model designed to capture organisational context, governance maturity, and technical safeguard orientation.
The assessment is conducted through structured discussions and questionnaires.
No intrusive testing or system access is required.
Click the phase titles below to expand definitions for each:
Phase 1
Contextual Orientation (CROP-10)
Examines organisational structure, operational dependencies, and environmental factors that influence cyber risk exposure.
Phase 2
Governance & Regulatory Posture (GRACE)
Reviews governance practices relating to policy maturity, access control oversight, regulatory defensibility, and organisational accountability for cyber risk.
Phase 3
Technical Safeguard Orientation (STRATA)
Evaluates high-level technical safeguard indicators including authentication practices, system protection, monitoring capability, and recovery resilience.
Together, these phases produce a structured view of organisational readiness against ransomware propagation threats.
What DSCR Analyses
The engagement focuses on structural indicators that influence cyber resilience, including:
• organisational dependency on digital systems
• governance maturity and accountability structures
• identity and authentication practices
• monitoring and detection visibility
• backup and recovery resilience
• third-party service exposure
These indicators are analysed collectively to produce a structured cyber readiness profile that highlights areas of defensive strength and structural vulnerability.
Tier 1 Deliverables
At the conclusion of the engagement, organisations receive an executive-friendly readiness report including:
• overall cyber readiness position
• structural risk indicators
• ransomware propagation exposure narrative
• governance observations
• strategic priority recommendations
The report is designed for board-level visibility and cyber-insurance discussions, helping organisations clearly communicate their defensive posture to stakeholders.
Relationship to Tiers 2 and 3
The Threshold Readiness Baseline establishes the foundation for further resilience development.
Organisations may choose to proceed to additional engagements depending on their objectives:
Tier 2 – Governance & Regulatory Alignment
Focuses on strengthening governance structures and demonstrating regulatory defensibility.
Tier 3 – Architectural Defence Development
Examines enterprise architecture to improve containment capability and long-term cyber resilience.
Participation in additional tiers is entirely optional.
Commercial Structure
Tier 1 engagements are priced according to organisational scale, operational complexity, and assessment scope.
The objective is to maintain consistent analytical depth while ensuring accessibility for small and mid-sized organisations.
Typical Tier 1 engagements fall within the following range:
| Organisation Size | Typical Fee Range |
| 1–50 employees | £1,500 – £2,000 |
| 50–150 employees | £2,000 – £3,000 |
| 150–300 employees | £3,000 – £4,000 |
DSCR engagements are fixed-scope analytical assessments, not hourly consultancy engagements.
Book a no-obligation call below: