Security Leadership

Ransomware Readiness: Is Your Business Prepared? (Self-Assessment Guide)

Ransomware attacks hit UK SMEs every day. Most businesses discover their gaps during the incident, not before. Here’s how to find out where you stand.

Book a Conversation

Where Businesses Get Stuck

The challenges we most commonly see when organisations come to us:

You’ve heard about ransomware attacks on businesses like yours.
You don’t know how exposed you are or what you’d do if it happened.

Our Methodology

The Ransomware Readiness Framework, 5 domains: backup, access control, endpoint, response, communication.

What Starkhorn Brings

Daniel Jacobs: 20+ years in technology and security, 15+ of them in leadership roles. VetPartners (BC Partners, GBP1.2bn), Jardine Motors Group (GBP2bn). Published author. PRINCE2, ITIL, IIM Full Member. Link to Ransomware Readiness Assessment tool.

Starkhorn does not subcontract or use associate networks. You work directly with Daniel Jacobs from the first conversation through to delivery.

Who This Is For

This service is designed for:

SME CEOs and operations directors with no formal cyber programme

This is not the right fit for: Large enterprises with a mature security operations centre.

Frequently Asked Questions

What is a ransomware readiness assessment?

A structured self-check of the controls that decide whether a ransomware attack is a contained incident or a crisis: recoverable backups, network segmentation, endpoint detection, privileged access, a tested incident response plan, and your ability to handle data theft. This free version scores your answers 0 to 100 and names your weakest areas.

Which frameworks is the score based on?

NCSC’s Mitigating malware and ransomware attacks guidance and Ransomware-resistant backups principles, the CISA, FBI and partner #StopRansomware Guide, and the ICO’s Ransomware and data protection compliance guidance, cross-referenced to CIS Controls v8.1 and the NIST Cybersecurity Framework 2.0.

How long does it take?

About five to seven minutes. Twenty-one plain questions, no technical knowledge required.

My backups are good. Doesn’t that make me safe?

Backups are essential but no longer sufficient. They address encryption, not theft, and only if they are immutable, offline and tested. NCSC warns that attackers target backups early in an attack, so an online, deletable backup may not survive the incident it is meant to cover.

What does a typical Starkhorn engagement cost?

Engagements are structured as monthly retainers or fixed-term day-rate assignments. The cost depends on scope and time commitment. We are transparent about pricing from the first conversation and will give you a clear indication on the call.

What experience does Starkhorn bring?

Starkhorn is led by Daniel Jacobs, with 20+ years in technology and security, 15+ of them in leadership roles. He has served as Interim Group Technology Director at VetPartners (BC Partners-backed, GBP1.2bn), accountable for both technology and security, and as CIO and CISO at Jardine Motors Group (GBP2bn turnover). He holds PRINCE2, ITIL Foundation, and is a Full Member of the Institute of Interim Management.

Do I need a full-time CISO or will a virtual CISO suffice?

For most SMEs and PE-backed businesses, a virtual or fractional CISO provides everything a full-time hire would at a fraction of the cost. Unless your sector requires a dedicated CISO under regulation, a virtual arrangement is almost always the smarter choice.

What is the first step to working with Starkhorn?

Book a no-obligation conversation using the link on this page. In 30 minutes we will understand your situation, tell you honestly whether we are the right fit, and outline what a first engagement would look like. There is no sales process and no pressure.

Next step

Ready to Talk?

Starkhorn works with MDs, CEOs, and boards of growing businesses. If you have a technology leadership gap, a security concern, or a transformation that is not delivering, we can help. Book a 30-minute conversation with no obligation.