On this page
LEVERAGE CYBER is proud to be one of the inaugural companies joining The Cyber Scheme Accredited Company Programme.
The programme launched with eighteen founding members. Sitting in that list alongside some of the biggest names in the industry is an achievement we are proud of.
The problem the programme addresses
The Cyber Scheme has been explicit about why this programme exists: organisations are assessed on what they claim, not on what they can evidence. Buyers are left without a consistent way to identify genuine capability.
The cyber security market has no shortage of companies making confident claims about expertise, coverage, and depth. Some claims are backed by competence; many are not. A buyer trying to tell the difference has had to rely on certifications, marketing, word of mouth, or a sales process, and none of those reliably separate the two.
At the same time, professionalisation is becoming a recognised benchmark. Professional titles awarded by the UK Cyber Security Council, from Associate through to Chartered Cyber Security Professional (ChCSP), are increasingly expected across the public sector and its supply chain. The Government Security Profession Career Framework is aligning to these standards. Procurement frameworks are beginning to mandate a professionalised cyber workforce.
But professional titles have, until now, sat at the individual level. A company could employ one chartered professional and market the entire organisation around that single registration. The link between individual competence and organisational capability was implied, not evidenced.
What the programme does
The Accredited Company Programme closes that gap. It provides a structured way to evidence organisational cyber capability by linking proven individual competence to organisational recognition.
To become accredited, a company must:
- Hold an independently audited certification.
- Employ at least one qualifying professional per specialism at Principal (PriCSP) or Chartered (ChCSP) level, registered with the UK Cyber Security Council.
- Sign a Code of Conduct.
- Have their company background validated through financial and corporate checks.
This is not a self-assessment. An external body audits the company’s security posture and checks its workforce’s credentials against a national standard, so what the company claims and what it can evidence have to line up.
Why we agree with this approach
Claims without evidence are not assurance.
The Cyber Scheme draws a definable line between what “good” looks like and what it does not, and that is the right framing. In mature professions this is settled. You do not hire an unregulated structural engineer, or engage a solicitor who cannot evidence their professional standing. Cyber security has run without an equivalent organisational benchmark for this long, and that is the anomaly.
We also hold Cyber Essentials Plus, one of the baseline certifications the programme requires. That was not a marketing exercise but an independent audit of our own controls, for the same reason we recommend it to clients: foundational security, verified by someone outside the business, is the cheapest effective assurance most organisations will buy.
The Accredited Company Programme applies the same principle to professional capability. Can the company evidence its workforce’s competence against a recognised standard? When it can, the buyer has a credible signal. When it cannot, the buyer knows to ask harder questions.
What this means for buyers
For organisations procuring cyber security services, the programme provides something that has been missing: a consistent, verifiable signal of organisational capability.
An accredited company has been independently audited for its own security posture. It employs professionals who have been assessed by their peers against a national standard. It has signed a code of conduct. Its credentials have been checked, not claimed.
That does not mean every accredited company is the right fit for every engagement. Specialism, scope, experience, and cultural fit still matter. But it does mean the baseline question, can this organisation do what it says it does, has a defensible answer.
As professionalisation requirements continue to expand through public sector procurement and regulated supply chains, working with an accredited company removes a layer of uncertainty. The evidence is already there.
Debi McCormack, Programmes and Partnerships Director at The Cyber Scheme, said:
“This is about moving beyond claims and towards evidence. The market needs clearer signals of capability, and accreditation provides a structured framework for demonstrating that at an organisational level. It gives organisations a clear definition of what they do and why it matters, positioning capability in a way that differentiates providers and places them on the ‘good’ side of what good looks like.”
What it means for us
We are already involved in The Cyber Scheme’s work on robotics penetration testing certification, and we assist as assessors in the professionalisation scheme. Accreditation deepens that relationship. It puts us in the room when new standards are being shaped, new specialisms are being defined, and new assessment frameworks are being built. That is where we want to be, not for the badge but because defining what good looks like is the work that matters.
As our Managing Director Chris Burton put it:
“I’ve been involved with The Cyber Scheme for a number of years and have seen the passion they have for improving the cybersecurity industry, not just as a business; each member of the team has a passion for what they do. The Cyber Scheme recognises the importance of professional industry recognition with their involvement in the UKCSC Chartership programme. Launching The Cyber Scheme Accredited Programme is the next natural step in recognising the industry at a business level. Being part of the accredited programme launch was an opportunity LEVERAGE CYBER could not pass up.”
The inaugural cohort
The Cyber Scheme has said they will be introducing each organisation over the coming weeks. We are in good company. The inaugural group includes firms we respect across security testing, incident response, governance, and managed services, ranging from specialist practices to large consultancies.
That mix is a strength. The programme is specialism-based, not a blanket stamp. A company is accredited for what it actually delivers, whether that is security testing, incident response, governance and risk management, or operational technology. That distinction matters for specialist firms and for buyers who need specific capability, not a generalised claim of competence.
Recognised for how we work
LEVERAGE CYBER helps UK organisations identify real weaknesses, fix them and stay secure as they grow. Its manual-led, technology-supported testing approach is designed around real risk rather than generic checklists. With consultants holding top industry certifications and UK Cyber Security Council titles, the company positions professional competence as central to trusted, practical and accountable cyber security delivery.
That description aligns with how we have always operated. Manual-led testing, real risk over checklists, professional competence as the foundation: we did not adopt these for accreditation. They are how we have always worked. The programme gives that approach a recognised framework and an external benchmark, which is what the industry needs.
What comes next
Business as usual. We continue to promote professional services, backed by over a decade of security testing experience and almost 30 years in technology.
If you want to talk to us about what accreditation means for how we work, get in touch.
References
- The Cyber Scheme — Accreditation
- The Cyber Scheme — Accredited Company Programme launch announcement
- UK Cyber Security Council — Professional Titles
- UK Government — Government Security Profession Career Framework
- Technology Reseller — “New National Accreditation Programme to raise the bar for cyber security standards”
What is The Cyber Scheme Accredited Company Programme?
The programme provides a structured way to evidence organisational cyber capability by linking proven individual competence to organisational recognition. Accredited companies must hold an independently audited certification, employ qualifying professionals at Principal or Chartered level, sign a Code of Conduct, and pass corporate background checks.
How does the programme differ from individual certifications?
Individual certifications like CREST or Cyber Scheme qualifications verify personal competence. The Accredited Company Programme extends that to the organisational level, ensuring a company's claimed capability is backed by evidenced workforce credentials and independently audited security posture.
Why does organisational accreditation matter for buyers?
It gives buyers a consistent, verifiable signal of capability. An accredited company has been independently audited, employs professionals assessed against a national standard, has signed a code of conduct, and has had its credentials checked rather than merely claimed.
Is LEVERAGE CYBER an accredited company?
Yes. LEVERAGE CYBER is one of the inaugural companies in The Cyber Scheme Accredited Company Programme, joining eighteen founding members at launch.
Founder · Principal Consultant
Accomplished cybersecurity leader with over 25 years of experience. OSCP-certified penetration tester, Cyber Scheme Team Leader, and founder of LEVERAGE CYBER. Former Head of Professional Services and CHECK Team Leader (Infrastructure). Published in Which? Magazine and quoted by the BBC on mobile banking security. Passionate about offensive security, team leadership, and making cybersecurity practical for businesses.
