Clarity before complexity.

Cyber Health Checks

A rapid, fixed-scope assessment that shows what matters most and what to do first.

Why this matters

You can’t fix what you can’t see.

A health check gives you an honest, fast picture of where you stand before you spend a dollar on tools. It is the most common way our clients start, because it replaces guesswork with a prioritised plan.

What we do

A rapid, fixed-scope assessment that shows what matters most and what to do first.

Our work includes

  • Rapid security assessment
  • Gap analysis against recognised standards
  • Maturity scoring
  • Prioritised uplift recommendations
  • A clear, costed next step
The outcome

An honest picture of where you stand, in weeks not months.

Book a health check
Choose your health check

Start with the question keeping you up at night.

Each is rapid and fixed-scope, and ends in a prioritised, costed plan. Pick the platform you run or the risk you need to answer.

Platform health checks
Microsoft 365

Microsoft 365 health check

“We pay for licences we do not use, and Copilot worries us.”

We look at

  • Identity, device and data posture
  • What Copilot can reach today
  • Licence fit, the cheapest path to fix
Explore the Microsoft check
CrowdStrike

Endpoint & Falcon health check

“Is our EDR actually configured right, and covering everything?”

We look at

  • Falcon policy posture and coverage gaps
  • Identity threat protection in use
  • Spotlight vulnerabilities, ranked
Book this check
Netskope

Data & SASE health check

“We do not know what is leaving, or which apps staff really use.”

We look at

  • Shadow IT and risky SaaS in use
  • DLP coverage and data in motion
  • VPN exposure and AI tool usage
Book this check
Risk & compliance assessments
Essential Eight

Essential Eight maturity assessment

“A contract or insurer wants evidence of where we stand.”

We look at

  • Maturity rating across all eight
  • Every gap, by severity and effort
  • A sequenced path to your target level
Explore Essential Eight
Data security

Data & DSPM assessment

“We cannot say where our sensitive data actually lives.”

We look at

  • Where sensitive data lives, with Cyera
  • Over-sharing and exposure
  • Readiness for safe AI adoption
Explore data protection
Identity

Identity & access review

“We have too many admins and no clear view of who can reach what.”

We look at

  • MFA and Conditional Access coverage
  • Privileged and stale accounts
  • Joiner, mover, leaver hygiene
Explore identity
Resilience

Backup & ransomware readiness

“If we were hit tomorrow, could we actually recover?”

We look at

  • Backup coverage and immutability
  • Whether recovery has been tested
  • Realistic recovery times
Book this check
Email & human

Email & human risk assessment

“Phishing and invoice fraud keep getting through to our people.”

We look at

  • Email security posture and gaps
  • Human risk and awareness maturity
  • Insider risk signals
Explore Mimecast
SharePoint & Copilot

SharePoint & Copilot readiness

“We want Copilot, but our SharePoint is a sprawl nobody fully controls.”

We look at

  • Teams and SharePoint sprawl and access
  • Entra ID group and permission model
  • Purview labelling and Copilot readiness
Explore SharePoint & data
How a health check works
01

Scope

A short workshop fixes the scope, so you know exactly what is covered and what it costs.

02

Assess

We inspect the real configuration and evidence, not a questionnaire, in days not months.

03

Report & roadmap

A clear findings report, ranked by risk, with a prioritised and costed next step.

Flagship assessment · AI security readiness

How secure and mature is your AI program, really?

AI is moving faster than most security postures. This assessment sets an honest baseline of your AI security maturity and gives you a clear, prioritised roadmap, so you can deploy high-value AI safely instead of holding it back.

Eight domains we evaluate, end to end

AI governance

Policies, oversight and responsible-AI framework.

Infrastructure

Network, compute and cloud security for AI workloads.

Interface security

API, plugin and integration controls.

Identity & access

Authentication, authorisation and privilege.

Data security

Training-data protection, provenance and privacy.

Agent & model security

Development, deployment and runtime protection.

Application security

Input validation, output filtering and guardrails.

Detection & response

Monitoring, threat detection and incident handling.

Scored across four dimensions

Policy & standards · documented requirements and governance
Implementation · controls, processes and tooling in practice
Monitoring & measurement · visibility, metrics and validation
Improvement · feedback loops and proactive risk management

What you receive

Executive brief of top risks, key decisions and business impact
Gap analysis with a prioritised, severity-rated risk catalogue
Maturity scorecard with an overall and per-domain rating
Roadmap of 90-day quick wins and twelve-month initiatives
Book the AI assessment Delivered on the Cyera AI security readiness methodology.

Technology we run health checks on

MicrosoftCrowdStrikeNetskopeCyeraMimecastDelineaVeeamAirlock Digital1PasswordPatch My PCJamfIruMicrosoftCrowdStrikeNetskopeCyeraMimecastDelineaVeeamAirlock Digital1PasswordPatch My PCJamfIru

Why Cornerstone?

We are not another managed service you cannot leave. We design, implement and hand over secure systems your team can run, with the documentation and clarity to stay in control. No lock-ins, just results.

Cyber health check

A clear baseline before your next investment.

Plain-language assessment of where you stand.

What is a cyber health check?

A structured assessment of your current cyber posture: where you stand against the Essential Eight, identity hygiene, device management, data protection, backup and incident readiness. Outputs a clear, prioritised roadmap.

Who is it for?

Mid-market and enterprise organisations who want an honest baseline before their next security investment, after an incident, or before a compliance commitment.

How long does it take?

Two to four weeks depending on scope. Light-touch reviews can be faster; deep reviews of complex estates take longer.

What does it cost?

Fixed-fee, scoped per engagement. We agree the scope and price up front; no surprises.

What do we get at the end?

A plain-language report and a prioritised roadmap, ready for your board. Not a 200-slide deck of jargon.

Do we have to implement with you?

No. The report is yours to act on with any partner. We are happy to implement, but we are not selling you that decision in the assessment.