We are thrilled to share another client success story at Acora. Our team of cyber security experts have recently completed a three-month consultancy project that set out a strategic maturity programme for one of the UK’s biggest hospitality businesses.

Established for over 30 years, our client operates over 400 restaurants, pubs and concessions throughout the UK, including some of the UK’s best-known brands. Over the last 3 years, they have experienced significant growth, driven by acquisitions, strategic partnerships, and expansion into new markets, with an increased focus on enhancing their customers’ experience.

With the complexities of operating a flexible business model across a diverse range of offices and branches, our client wanted to ensure operational resilience to cyber-attacks within their business was clearly understood and that the technical detect and response functions could protect against an attack.

Despite the large volume of modules to cover within the programme, three key deliverables sat at the top of the list, including:


The number one activity was assessing the existing infrastructure’s cyber security posture and hygiene against ‘known good state’ operating models. Specifically, the configurations and hygiene position of User Endpoints, Servers, Active Directory, M365 and Azure.


Evidence is key. The client desired the ‘as is’ cyber controls approach to protect against increasing levels of attacker capability and detail how to improve their cyber operations as a result.

This heavily involved identifying the Mitre ATT&CK techniques to which the estate was being subjected. By replicating active attack tactics within the estate has allowed the client to work up multiple examples to evidence the business impact of an attacker in multiple ‘assumed breach’ scenarios.


A fundamental part of this programme was rapidly improving their operational Cyber Incident Response (IR) maturity to ensure a timely and appropriate response should an incident occur. Together, we built and delivered a customised, end-to-end Incident Response Framework, guided by Acora’s wisdom of managing 300+ live incidents.

“Using a slightly different approach to leverage cyber posture & hygiene audits, and based on active attacker testing, the client has rapidly matured their prioritised remediation plan and onward Cyber Security Strategic Roadmap. Additionally, if an incident does occur, there is now an active Cyber IR Framework in operation that ensures rapid and appropriate action is undertaken to manage the incident.”

Charlie Muir, Consulting Services Director

Just like that, the customer can now evidence a clear, prioritised view of the potential impact of an attack. With defined remediation actions and strategic considerations to reduce the operational risk and impact, they have adopted an ’Attack Informs Defence’ model that evidences the real-world security of the estate.

As part of this transformative journey, it’s important to recognise that evidence shown from the programme acts as a source of reassurance for the business leaders, allowing them to gain clarity on strategic priorities and aligning with the overarching goal of protecting the business.




Don’t have time to call? Send your enquiry to the Acora team and we’ll get back to you quickly.