Church of England Case Study - Cyber Review and Remediation Plan

The Church of England faced major cyber vulnerabilities and unknown risks that left it exposed to reputational, operational, and financial damage. By conducting a thorough assessment, remediating critical issues, and transferring knowledge to internal teams, Understanding Solutions transformed its security posture within 12 months, leaving the organisation resilient, self-sufficient, and equipped with a long-term roadmap.

The Challenge the Client Faced

The Church of England was operating in a highly vulnerable position. Their cyber environment was immature, with a number of known weaknesses and — more concerningly — a large number of unknown risks. With such a vast and complex organisation, the consequences of a successful cyber incident were significant: reputational damage, operational disruption, and financial loss.

They needed a partner who could not only uncover and remediate immediate threats, but also design a long-term roadmap to strengthen resilience, upskill their teams, and leave them with the capability to manage future risks independently.

Understanding Solutions' Approach 

Understanding Solutions began with a six-week discovery phase, deploying one of our senior consultants to complete a detailed security assessment and remediation plan. This phase provided the Church with full visibility of their cyber maturity and highlighted critical issues that had previously gone undetected.

Once the risks were understood, we moved swiftly into Phase 1.5, bringing in two expert consultants: one dedicated to daily operational support, and the other focused on complex technical remediation. Together, they tackled the highest-priority risks, stabilised infrastructure, and built the cyber documentation and processes the organisation had been lacking.

Key initiatives included:

> Closing critical vulnerabilities by remediating 217 failed ASR rules in Sentinel, dramatically reducing the attack surface.

> Restoring operational reliability by diagnosing email delivery issues, resolving a Lambeth Palace network outage, and addressing Bishopthorpe’s internet failures.

> Safeguarding financial systems through penetration testing and remediation of the Parish Giving website and Unified Payment Management (UPM) system, fixing 11 Critical and 5 High vulnerabilities.

> Building resilience by designing cyber incident playbooks, enhancing Conditional Access policies, and implementing a scalable Azure Virtual Desktop solution.

> Strengthening risk management by completing the Cyber Insurance questionnaire and successfully navigating a third-party supplier compromise with minimal impact.

> Throughout the engagement, we emphasised knowledge transfer. Our consultants worked alongside the Church’s internal teams, not only resolving today’s problems but ensuring they had the skills, processes, and documentation to prevent tomorrow’s.

The Outcome

In just 12 months, the Church of England’s cyber posture transformed from vulnerable to resilient. Immediate threats were eliminated, operational stability was restored, and the organisation gained the confidence that comes from having a robust long-term security roadmap.

Beyond technical fixes, the Church was left in a better place than we found it:

> A clear roadmap for continuous improvement.

> Internal teams equipped with the knowledge and playbooks to respond to future incidents.

> A more secure, resilient environment to protect their reputation, operations, and financial integrity.

Finally, this programme exemplified our “project-to-perm” model. After stabilising the environment and embedding new practices, we helped the Church shape the permanent roles they needed — replacing our consultants with three full-time hires, ensuring sustainable in-house capability for the future.