Prism Infosec has become one of only 16 global firms accredited under the Bank of England’s CBEST scheme, a regulatory-led cyber resilience testing framework for the financial sector.
The certification is administered by CREST, the international accreditation body for cyber security.
The accreditation comes as cyber-attacks on the UK’s financial services sector have more than tripled in just two years, rising from 187 incidents in 2021 to 640 in 2023, according to official figures. The CBEST certification enables Prism Infosec to deliver advanced, intelligence-led cyber resilience tests designed to uncover vulnerabilities within financial institutions and Financial Market Infrastructure (FMI) organisations.
Prism Infosec provides security assessment services for some of the world’s largest firms, including Silicon Valley enterprises, global banks, media and technology companies, as well as government and defence organisations. The company is known for its technical expertise in penetration testing, red teaming simulations, and threat-led security assessments.
CBEST testing, required by UK regulators every three years, combines technical penetration testing with red team attack simulations to assess both technical security measures and operational resilience. Insights from these tests allow financial institutions to address weaknesses before they are exploited by real-world attackers.
The firm also holds STAR-FS accreditation, a complementary framework for simulated cyber security testing in the financial sector, which it gained last year. Together, these certifications place Prism Infosec among a select group of trusted UK providers capable of strengthening the cyber defences of the country’s most critical financial institutions.
Prism Infosec founder & CEO Phil Robinson said: “The UK is a market leader in helping organisations bolster their defences against online threats. This is due in part to the skills, talent, and capabilities within our mature cyber security sector, thanks to our ever-evolving accreditation and certification schemes.”
He added: “CBEST is an example of this. It is a critical, intelligence-led test designed to help financial institutions and regulators – including the Bank of England, Prudential Regulation Authority, and Financial Conduct Authority – better understand a firm’s vulnerabilities and weaknesses. We combine penetration testing to evaluate technical security controls with red teaming, which simulates real-world attack scenarios to test an organisation’s response and resilience. This insight enables banks to take targeted remedial action to strengthen their defences against potential attacks and other forms of operational disruption.”
Phil Robinson concluded: “As an independent consultancy we’re proud to have achieved this world-class accreditation as a threat-led penetration testing provider under the CBEST scheme. Our team brings decades of experience delivering bespoke services across Critical National Infrastructure, government, and the banking and financial sector, supporting organisations in meeting and exceeding the required regulatory standards.”
Keep up with all the latest RegTech news here
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
