Technology Risk · Resilience · Advisory

Find the risk.
Understand the cost.
Fix what matters.

Ashcairn works with leadership teams on the technology and cyber risks that actually matter. Clarity on exposure, cost, and what to do about it.

Work with us → What we do →
Who we are

Small by design.
Senior by default.

Boutique by design, owner-led in delivery. You work directly with senior advisors whose background spans cyber risk consulting, insurance, threat intelligence, and operational continuity.

We help leadership teams make sound cybersecurity decisions grounded in real threats and commercial reality. Our threat-led approach means security investment is directed where it reduces risk and protects business value — not where it looks good in a report.

"No layers between the problem and the people solving it. We kept it that way deliberately."

What we do

From exposure
to resolution.

Understand
The threats you actually face

Most risk assessments describe categories. We identify the specific threats your organisation faces: who, how, and from where. Then give you an accurate picture of your exposure.

Measure
What it would actually cost

We translate technical risk into financial terms. What would an incident cost in operations, revenue, and recovery? We give leadership something concrete to work with.

Solve
Solutions built around reality

The right answer is one you can implement. We design solutions around your risk appetite and your budget. Not around what looks credible in a report.

Our team

The people behind the advice.

Careers built across the major advisory firms. When you work with Ashcairn, you work with us — directly.

JB
Jano Bermudes
Director
CM
Cal McGuire
Director
FW
Freddie Witzmann
Director
SK
Samuel Kudláč
Director
What we
specialise in

Deep expertise.
Commercial clarity.

Crisis simulation
Test your response before it's tested for real
Realistic, scenario-based exercises that put your organisation under genuine pressure. We simulate the operational, financial, and reputational dynamics of a live incident. The exercise surfaces gaps in process, communication, and decision-making before they matter.
Threat assessment
Identify what matters. Ignore what doesn't
Not a checklist. We use real-world intelligence to identify the specific threats your business faces across technology, operations, and supply chains. The output is clear, prioritised, and built to drive decisions rather than satisfy compliance.
Bespoke advisory
Strategy built around your reality
No standard playbook. We build cybersecurity strategies around your operational constraints, regulatory obligations, and commercial priorities. Targeted intervention or full end-to-end programme. Either way, the output is something you can actually deliver.
Selected work

Work across sectors
and situations.

Critical National Infrastructure
CNI cyber risk assessments and architecture
UK Gas and Electricity Network
Financial Services
Cyber supply chain risk management
Central bank, leading G7 nation
Industrial Technology
Global OT security assessment programme
Swiss-based international industrial firm
Financial Services
Regulatory-driven business continuity framework
Multinational banking and financial services
Retail & Consumer
Data asset mapping and governance transformation
British multinational food and fashion retailer
Financial Services
Bespoke scenario creation for threat-led penetration testing
Global fintech and challenger banking group
Government
Intelligence-led attack simulation to test resilience
UK central government department
Financial Services
Outsourced cyber M&A due diligence service
Leading global insurance corporation
Energy & Infrastructure
Multi-year cybersecurity improvement programme
UK and European renewable energy asset manager
Telecommunications
Global post-breach assessment and remediation
Global telecommunications provider
Financial Services
Cyber insurance controls review and peer benchmarking
Leading South African banking group
Private Equity
Portfolio risk review and competitor benchmarking
London-based international private equity firm

A selection of engagements · Further detail available on request

Featured case study

Supporting a renewable infrastructure asset manager to uplift cybersecurity across thermal electricity generating sites

The situation

The client was early in their security journey with no in-house expertise. Unable to secure cyber insurance at a workable price, they faced real financial exposure. Previous vendors had produced solutions that were technically coherent but commercially undeliverable. Too costly and too compliance-heavy to actually implement.

How we worked

We went to the sites and worked directly with the people running them. Using a business risk-based methodology, we worked out what an incident would actually cost — then designed a right-sized security approach built around what the client could genuinely deliver. We stripped back anything that existed to look good rather than to work.

What we delivered
Cyber maturity assessment and loss quantification model
High-level architecture for a full cybersecurity solution
Revised minimum viable design, built around what the client could afford
Vendor selection support for required technical products
Transformation delivery framework
What changed
Projected costs reduced from multiple millions of EUR over three years to commercially acceptable one-off and recurring values
Security responsibility moved from onsite engineers to specialist OT vendors, so the solution holds regardless of who leaves
Sites in a meaningfully stronger position to prevent or recover from an incident
Get in touch

If the problem
is complex,
we should talk.

info@ashcairn.com linkedin.com/company/ashcairn

Why Ashcairn

We take on a small number of engagements each year. If you are working through something that needs a clear head and a senior one, reach out.

Start a conversation →