Why the work mattered
A large university is one of the hardest defensive briefs in the UK: tens of thousands of users, research data worth stealing, and an estate assembled over decades. Glasgow’s security team knew its risks in detail. What it lacked was the thing knowledge alone never buys: sustained, board-approved funding to fix them, which meant convincing a university court to commit serious multi-year investment.
What CyPro did
The work started with the argument rather than the technology. CyPro benchmarked the University’s posture against recognised frameworks, agreed a target state that respected real-world constraints, and sequenced the gap into a costed, prioritised roadmap. Every page was written for the people who would sign the cheque, governors and executives, rather than for engineers who already agreed.
The result
Leadership approved a multi-million pound cyber security investment on the strength of the case. Risks that had sat on a register for years became budgeted workstreams with named owners and dates, and the security team gained the thing rarer than budget: a standing mandate to keep improving.