Case study · Higher education

From risk register to funded programme

CyPro turned the University's understood-but-unfunded cyber risks into an investment case its leadership backed with multi-year money.

Client

University of Glasgow

University of Glasgow logo

Outcome

Multi-million pound investment case made and won

Why the work mattered

A large university is one of the hardest defensive briefs in the UK: tens of thousands of users, research data worth stealing, and an estate assembled over decades. Glasgow’s security team knew its risks in detail. What it lacked was the thing knowledge alone never buys: sustained, board-approved funding to fix them, which meant convincing a university court to commit serious multi-year investment.

What CyPro did

The work started with the argument rather than the technology. CyPro benchmarked the University’s posture against recognised frameworks, agreed a target state that respected real-world constraints, and sequenced the gap into a costed, prioritised roadmap. Every page was written for the people who would sign the cheque, governors and executives, rather than for engineers who already agreed.

The result

Leadership approved a multi-million pound cyber security investment on the strength of the case. Risks that had sat on a register for years became budgeted workstreams with named owners and dates, and the security team gained the thing rarer than budget: a standing mandate to keep improving.

"The University was able to secure a multi-million pound cyber security investment as a result of the cyber roadmap work we did."
Danielle Cairns , Cyber Risk & Assurance Manager, University of Glasgow
3D rocket illustration for booking a free certification discovery call

Take the first step

Get Cyber Essentials Plus without the guesswork

Book a free 45 minute discovery call to scope your certification: what the audit will test, what needs fixing first, and exactly what it will cost. No obligation, no hard sell.