CybersecuritySIC 62090

Security that fits the business, not the auditor.

Last reviewed 2026-06-17

Summary

50% of UK businesses identified a cyberattack in the last 12 months, with phishing involved in 84% of cases (UK Government Cyber Security Breaches Survey 2024). We run the tests, find the gaps, and tell you what to fix first. Not everything at once. The handful that matter.

A // What is in scope
  • 01Web application and API penetration testing
  • 02Network and infrastructure penetration testing
  • 03Business logic and privilege escalation testing
  • 04SOC 2 Type II readiness and gap analysis
  • 05ISO 27001 readiness and control mapping
  • 06GDPR and UK DPA compliance review
  • 07Identity and access management hardening
  • 08Incident response planning and tabletop exercises
B // Outcome

A prioritised risk register, with owners and dates.

ProviderNUVENAR LTD
SIC62090
RegionUnited Kingdom
C // Process

What happens
and in what order.

Same shape every time. You always know what is finished, what is in flight, and what is coming next.

  1. 01

    Scope and authorisation

    We agree in writing exactly what is in scope, what is out of scope, and the rules of engagement. Nothing begins without a signed authorisation.

  2. 02

    Automated scanning

    We run industry-standard scanners against the agreed scope and gather a full picture of the attack surface before manual work begins.

  3. 03

    Manual testing

    A human spends days on manual testing: business logic abuse, chained exploits, authentication bypasses, and the issues scanners miss. This is the part that matters.

  4. 04

    Report with remediation steps

    A written report: every finding, severity rating, exploit steps to reproduce it, and a specific remediation recommendation. Critical findings are communicated the same day.

  5. 05

    Optional patch engagement

    If you find a critical issue and want us to fix it, we can continue under the same engagement. Verification testing is included.

D // Cybersecurity engagement
We had a SOC 2 audit booked in four months and no idea how exposed we were. Nuvenar ran a proper pentest, gave us a prioritised remediation list, and helped us fix the criticals before the audit window opened. We passed first time.
Olivia Patel
VP Engineering, Kepler & Frame
B2B SaaS / London
E // Cybersecurity FAQ

Common questions.

If the answer is not here, send the question to support@nuvenar.com. Replies inside one working day.

  • Yes. We run automated scans and then a human spends days on manual testing: business logic abuse, chained exploit attempts, and the findings that scanners miss. The report includes findings, exploit steps to reproduce them, and prioritised fixes.

  • Yes, for readiness work. We map your current controls, build the missing ones, and put you in shape to pass the formal audit. We do not act as the auditor.

  • We tell you the same day, with a recommended fix. You have the option to bring us in to patch it under the same engagement at no extra scoping cost.

  • Yes. Web apps, APIs, mobile apps, and internal systems are all in scope. We agree exactly what is in scope and out of scope in writing before anything begins.

  • A signed scope document before anything begins. It specifies the target, the methods permitted, the start and end dates, and the emergency contact if something breaks. Standard practice.

F // Two ways to start
L // Hire the team

Request an assessment.

30-minute call with engineering. Scope, price, and timeline in writing within one working day. A prioritised risk register, with owners and dates.

R // Run NuvenarHub yourself first

Try Pro for 7 days.

Many services clients run NuvenarHub themselves first, then bring us in for custom integrations and enterprise scope. 7-day trial, card on file.

Reply
< 1 working day
Pricing
written, fixed scope
Ownership
100% you
Contract
cancel any time