Independent Cyber Governance Advisory | FCA-Regulated IFA Firms

Your directors carry
full accountability
for cyber risk.

Does your board have independent, documented visibility of it?

GOIA Technologies provides the governance oversight that sits above your IT provider - translating cyber exposure into board-level decisions before regulatory pressure, an insurer, or an incident forces the conversation.

Book Your Executive Review - £1,750 + VAT See how it works

5,500+UK IFA firms in scope

20+yrsCybersecurity expertise

50+yrsIFA sector authority

10 daysReport delivery

NCSC CAF aligned

FCA PS21/3 mapped

No system access required

Fixed fee - no surprises

The Governance Gap

"Our IT provider handles cybersecurity."

This is the most expensive assumption in financial services.

IT providers manage systems. They cannot provide governance oversight, board-level risk visibility or structured director accountability - and they never will.

Under FCA Consumer Duty and PS21/3 operational resilience rules, your directors are personally accountable for cyber risk - regardless of what your IT provider does or does not do.

GOIA exists to close that gap: independent, structured, board-ready cyber governance advisory for IFA managing directors who need documented oversight - not another IT tool.

Not IT supportWe do not manage systems or sell tools. Pure advisory.

Independent - alwaysNo conflict of interest with your IT provider relationship.

Board-level languageGovernance, risk and regulatory terms - not technical jargon.

Understand the gap GOIA closes →

Why it matters

Three business reasons your board needs cyber governance

Revenue Continuity

A cyber incident stops advisers accessing client data, halts transactions and disrupts servicing. The financial cost of downtime is immediate.

Regulatory Exposure

Directors face personal accountability under FCA operational resilience rules and Consumer Duty. Without documented governance, there is no defensible answer when the FCA asks.

Client Trust and Firm Value

A cyber incident damages client confidence and reduces firm valuation at sale or succession. Governance evidence protects both the relationship and the exit.

The Four-Stage Pathway

From first conversation to ongoing assurance

A structured progression designed for owner-managed IFA firms. Every stage builds the next.

Stage 0

£250+VAT

Cyber Risk Exposure Snapshot

Rapid diagnostic. High-level risk visibility across external exposure, email security and governance posture. Credit applies toward the Executive Review.

Core Engagement

Stage 1

£1,750+VAT

Executive Cyber Risk and Resilience Review

8-domain governance assessment. Board-ready report. Risk register. 90-day roadmap. Fixed fee. 10 working days.

Stage 2

On request

Cyber Risk Stabilisation Projects

Targeted remediation aligned to Review findings. Defined scope, ownership and board-level progress reporting.

Stage 3

£750-£2k/mo

Governance and Assurance Retainer

Monthly check-ins. Quarterly board reports. Annual re-assessment. IR tabletop exercise. Ongoing advisory access.

Start with the Executive Review Full service detail

8-Domain Assessment

What GOIA reviews − and what you receive

Aligned to NCSC CAF, FCA PS21/3, NIST CSF v2.0 and CIS Controls v8. No privileged system access required. No IT disruption.

Structured interviews, document review and passive open-source analysis - conducted by practitioners who understand IFA governance, not generic cybersecurity consultants.

Every review includes:

Executive summary with RAG ratings per domain

Prioritised risk register for your FCA compliance file

90-day stabilisation roadmap with ownership

CIS Controls v8 gap map for your IT provider

Insurer Evidence Pack on request

See Full Methodology

External Exposure and Attack Surface

Domains, open ports, leaked credentials via passive OSINT.

You receive: Exposure risk rating + remediation list

Identity and Access Management

MFA enforcement, privileged accounts, offboarding processes.

You receive: Governance rating vs NCSC guidance

Email Resilience and Phishing

SPF, DKIM, DMARC configuration and anti-phishing posture.

You receive: Config findings + NCSC recommendations

Backup Integrity and Recovery

Frequency, restoration testing, RTO/RPO vs FCA expectations.

You receive: Recovery posture rating + gap analysis

Incident Response Maturity

IR plan, board awareness, insurer notification readiness.

You receive: IR maturity score + minimum plan structure

Regulatory Defensibility

FCA operational resilience mapping, Consumer Duty linkage.

You receive: Regulatory gap register for FCA file

Accountability and Governance Clarity

Board cyber ownership, MI reporting, governance documentation.

You receive: Accountability map + governance structure

Third-Party and Supply Chain Risk

MSP posture, platforms (Transact, Nucleus, Parmenion).

You receive: Third-party risk matrix + supplier questions

The Founding Team

The combination no competitor can replicate

One co-founder with 20+ years inside cybersecurity. One who has spent 50+ years building and running the exact type of firm GOIA serves.

Gerard Ouattara

Co-Founder and CEO

Cybersecurity leader advising IFA leadership teams where cyber exposure intersects with operational, regulatory and financial accountability. 20+ years in cybersecurity engineering, digital forensics, incident response, cloud security, GRC and governance advisory. Built enterprise security architectures that reduced incident rates by 75%.

He holds a postgraduate degree in Information Systems Management (London South Bank University) and completed executive education in Cybersecurity for Leaders at the Indian School of Business.

MSc ISM, LSBUISB Cybersecurity for LeadersCompTIA CSAPCySA+CCPA

Patrick Murphy

Co-Founder - IFA Sector Authority

50+ years in UK financial services. Former winner, Money Management Financial Planner of the Year and Wrap Planner of the Year. Founded, scaled and exited Zen Wealth LLP. Chartered Financial Planner. Leading authority on FCA AGBR and Consumer Duty.

Chartered Financial PlannerFP of the YearWrap Planner of the Year

No other UK cyber advisory firm has a co-founder who has personally run an FCA-regulated IFA practice. When Patrick speaks about cyber governance as a director accountability issue, his audience recognises someone who has lived the consequences - not a vendor reading from a script.

Client Perspectives

What directors say after the review

We had no idea some credentials were exposed. The review was a wake-up call for our leadership team and the actions were clear.

Managing Director, Financial Planning Firm

Clear and practical. It gave us what we needed for our risk register and board discussion without unnecessary technical detail.

Partner, Accountancy Practice

This helped us identify gaps our internal reporting had missed. It gave us clarity before our renewal discussions.

Operations Director, Law Firm

The Investment Case

£1,750 + VAT fixed fee.
Against alternatives that cost considerably more.

Traditional consulting-led cyber and GRC engagements can run from £50,000 to £250,000 and take 6 to 12 weeks to deliver. They are typically built for larger financial institutions, which means they do not always reflect the operating model of IFA firms.

Boutique cyber GRC support typically sits in the £1,200 to £2,500 per day range. vCISO-style retainers are often £2,000 to £5,000 per month for advisory support, increasing where deeper involvement is required.

GOIA's Executive Review is £1,750 + VAT fixed, IFA-specific, board-ready and delivered in 10 working days. A single cyber insurance premium reduction or avoided exclusion pays for it several times over.

Large firm cyber GRC engagement£50,000-£250,000+

Boutique GRC (daily rate)£1,200-£2,500/day

vCISO retainer£2,000-£5,000/mo

GOIA Executive Review£1,750+VAT fixed

Fixed fee. IFA-specific. Board-ready in 10 working days.

Book the Executive Review

Methodology Alignment

Aligned to the frameworks your insurers and supervisors reference

NCSC CAF

Cyber Assessment Framework - primary structural reference, cited directly in FCA operational resilience guidance

FCA PS21/3

Operational Resilience - regulatory anchor for Important Business Services identification and impact tolerances

NIST CSF v2.0

Technical depth reference, recognised by insurers and compliance auditors internationally

CIS Controls v8

Prioritised, actionable control guidance - IG1/IG2 mapped directly to GOIA's target client size

If the FCA asks what cyber governance you have in place − what do you say today?

The Executive Review gives you a documented, defensible answer. The cost of not having one is far higher than £1,750.

Book Your Executive Review Start with the £250 Snapshot