Cybersecurity has become one of the defining operational challenges for modern organisations. This is particularly evident among the small and medium-sized businesses that power the Sussex economy. Whether you are based in Crawley, Brighton, Worthing, Eastbourne, Horsham, or anywhere across the South East, the reality is the same: cybercriminals no longer discriminate by size, sector, or geography.
Attackers now automate their processes, sweeping the internet for weaknesses and exploiting whatever they find. This means every business, from a five-person accountancy firm to a multi-site logistics provider, faces the same fundamental question: “How secure are we really?”
At ERGOS, we work with organisations across Sussex every day, and we see a consistent pattern. Business leaders want to protect their staff and data, but they are often overwhelmed by jargon and unsure where to begin. Our mission is to change that by providing accessible, practical protection grounded in clear action.
The 29% Reality Check: Insights from a local Security Review
Many SMEs assume their systems are secure because they “seem to work fine”. However, cybersecurity is rarely visible. To illustrate the value of a professional audit, we recently completed a Security Posture Review for a Sussex-based customer. While they believed their Microsoft 365 setup was “fine,” the evidence told a different story.
We uncovered several high risk gaps:
- A Microsoft Secure Score of just 29%: This indicated dozens of missing controls that attackers routinely exploit.
- Incomplete MFA: Administrative multi-factor authentication was using “legacy” settings, and user MFA was only partial. Without full enforcement, any stolen password could grant an attacker full access.
- Missing Email Authentication: No domains had a DKIM record. This made email spoofing easier and significantly increased the risk of phishing.
- Hidden Entry Points: We found 19 “stale” devices still registered that had not checked in for over three months.
- Silent Data Exfiltration: External email forwarding was enabled, a high risk setting that attackers use to quietly steal data.
The customer walked away with a prioritised roadmap of what to fix first, including immediate actions they could take under their existing licence.
Why visibility matters for Sussex SMEs
The National Cyber Security Centre (NCSC) continues to warn that cybercrime is rising. According to the UK Government’s Cyber Security Breaches Survey 2025, 67% of all medium-sized businesses experienced a cyber incident in the previous 12 months.
Most of these incidents are not the result of sophisticated, targeted attacks. Instead, they stem from everyday vulnerabilities: an old password, an unpatched laptop, or a misconfigured email rule. These are the small cracks that lead to downtime, financial loss, and reputational damage.
A clear path to protection: The ERGOS Assessments
To help Sussex businesses gain visibility, we provide three specific assessments delivered by experienced engineers. These are designed to provide clarity without unnecessary complexity or inflated fees.
1- Dark Web Scan:Identifying credential exposure
Credential theft is the starting point for many attacks, including business email compromise and ransomware. Our dark web scan is a no cost assessment that checks your business domain against known breach repositories. It identifies exposed staff credentials, giving you the chance to reset passwords and enforce MFA before a criminal exploits them.
2- Cybersecurity Vulnerability Assessment: A device health check
While the dark web scan focuses on identity, this assessment examines the devices your staff use every day. Our engineers review up to five devices to highlight real world weaknesses. We look for outdated security patches, unsupported operating systems, and unmanaged software. This is a complimentary health check designed to empower you with knowledge, not a sales pitch.
3- Security Posture Review: Strategic, high impact insight
For organisations wanting a deeper view, this review provides a comprehensive analysis of your Microsoft 365 environment. We examine identity governance, conditional access policies, and threat protection settings. We translate these findings into a business-friendly report that highlights exactly what improvements will deliver the greatest impact. This service is low cost (around £100 to £200) or fully included if you partner with ERGOS for ongoing support.
Why ERGOS?
Based near Gatwick, ERGOS has spent decades supporting SMEs across Sussex and the wider South East. We understand that cybersecurity must be practical, proportionate, and aligned with your operations.
Our approach is simple: no jargon, no scare tactics, and no unnecessary complexity. We combine a local presence with enterprise grade expertise, backed by our Security Operations Centre (SOC) and deep experience in Microsoft 365 security.
Frequently asked questions
What are the absolute basics a Sussex business needs to stay safe?
While every organisation is different, a strong foundation usually includes Multi-Factor Authentication (MFA), consistent patch management, and robust endpoint protection. We also recommend email security protocols and regular vulnerability assessments to ensure no new gaps have opened up in your defences.
We already have an IT provider. Why would we need a Security Posture Review?
Think of it as a professional second opinion. In our experience, many business leaders believe their setup is secure because they haven’t had a major issue yet. However, our reviews often uncover hidden risks, like the Sussex firm we found with a 29% security score despite having an existing setup. It provides an evidence-based roadmap that your current team or provider can use to strengthen your protection.
How much do these assessments cost?
We believe in providing immediate value to our local community. Our Dark Web Scan and Cybersecurity Vulnerability Assessment (covering up to five devices) are provided at no cost and with no obligation. For those wanting a strategic deep dive, our Security Posture Review is available for a low cost of approximately £100 to £200, or it is fully included if you choose to partner with us for ongoing support.
Will these reviews disrupt our daily work?
Not at all. These assessments are designed to give you visibility without causing downtime. The Dark Web Scan is performed remotely against your business domain. The vulnerability assessment is an engineer-led health check of your devices, and the Posture Review is a strategic analysis of your existing cloud environment. Our goal is to provide clarity, not complexity.
Why choose a local Sussex provider over a national firm?
Working with a partner based near Gatwick means you get a team that understands the local business landscape and can provide faster, more personal support. We don’t believe in one-size-fits-all solutions. Instead, we offer practical guidance that is proportionate to the size and needs of your specific organisation.
Take the first step towards clarity
Cybersecurity does not have to be overwhelming. With the right visibility and the right partner, every business can build strong, resilient protection. If you want to understand what is exposed and what to do next, we are here to help.
The following external sources were referenced to provide factual grounding and authority for the article:
- UK Government – Cyber Security Breaches Survey 2025: This source provides the statistical data regarding the 67% of medium-sized businesses experiencing cyber incidents.
- National Cyber Security Centre (NCSC): Referenced for official guidance and warnings regarding the rising threat of phishing, credential theft, and ransomware for SMEs.
- Microsoft Security – Secure Score Documentation: Contextual reference for the “Secure Score” mentioned in the ERGOS case study.