Abacus, a global provider of IT Managed Services (MSP) and Managed Security Services (MSSP) for highly regulated sectors, has announced that its penetration testing services have earned accreditation from the Council for Registered Ethical Security Testers (CREST).

This globally recognised certification confirms that Abacus conducts penetration testing in line with stringent technical, ethical, and legal standards. The independent CREST assessment—trusted by regulators—reviewed the company’s methodologies as well as the skills and qualifications of its team.

To achieve accreditation, Abacus was required to demonstrate robust practices in areas such as client data management, quality assurance, and control processes. The company also provided evidence of continuous professional development for its staff and submitted multiple client references validating its professionalism, depth of testing, and overall service quality.

With CREST validation, Abacus strengthens confidence among clients and prospects, assuring them that its services align with industry-leading security practices and that advanced penetration testing is delivered safely and effectively.

At a time when only a limited number of MSPs meet this high cybersecurity benchmark, the accreditation further establishes Abacus as a trusted global provider of penetration testing services, dedicated to safeguarding sensitive data and ensuring regulatory compliance.

Tom Cole, Senior Managing Director for EMEA at Abacus, commented that in today’s environment of persistent cyber threats and evolving regulations, clients need assurance that they are partnering with a top-tier provider. He added that the CREST accreditation confirms alignment with international best practices and offers clients in regulated industries—such as finance and healthcare—confidence in the technical rigor of Abacus’ Red Team operations.

Abacus’ penetration testing services enable organisations to better understand their potential attack surface and overall security posture by simulating real-world cyberattacks. This involves replicating the actions of malicious actors attempting to exploit vulnerabilities across cloud systems, networks, and server environments.

In addition, the company now provides an advanced adversarial simulation service that blends agentic AI capabilities with the expertise of experienced Red Team professionals. This combined approach ensures testing that is both highly precise and context-aware.

The CREST accreditation process for Abacus took place between October 2025 and February 2026. To maintain this status, the company will undergo annual renewals to ensure continued adherence to the required standards.

In 2023, there were 2,365 cyberattacks affecting over 343 million individuals—about 10 million more than the U.S. population—according to Forbes Advisor. USA Today reports that by 2024, the cost of cybercrime is expected to hit $9.5 trillion, and by 2025, exceed $10.5 trillion. Additionally, by 2031, cyberattacks on businesses, governments, and devices are predicted to occur every two seconds. With data breaches costing an average of $4.5 million per incident, organizations can no longer afford to overlook the growing threat of cybercrime.
 
Alongside their efforts to address climate change, aging infrastructure, and environmental regulations, utility companies are also focused on safeguarding their systems from cyberattacks to ensure reliable services for their communities. While environmental challenges remain a priority, cybersecurity has become an essential part of their overall strategy.
 
With cyberattacks increasing in sophistication and frequency, utility companies must stay vigilant. A failure to do so could result in significant service disruptions and severe consequences for the communities they serve. The 2024 Black & Veatch Electric Report highlights the critical need for investment in both information technology (IT) and operational technology (OT) security. According to the report, 70% of respondents identify phishing attacks as their top IT concern, while ransomware and malware are the next most worrisome threats. For OT, malware (52%) and ransomware (47%) are the most feared, with cloud vulnerabilities concerning 35% of respondents.
 
Though no defense is impenetrable, utilities have many tools at their disposal to enhance their cyber defenses. However, the rapid increase in attacks on OT systems outpaces the maturity of many industrial cybersecurity programs. As systems become more automated and connected, they become more exposed to skilled cybercriminals, and many OT managers lack a complete understanding of their networks, further increasing vulnerability.
 
This leads to a significant issue: most utilities' cybersecurity measures are too immature to protect their OT assets adequately. Only 25% of respondents in the survey reported employing full-time cybersecurity staff, while around half have consulted external cybersecurity experts, leaving many without specialized protection. Alarmingly, 20% of respondents have never hired or consulted grid cybersecurity experts.
 
Despite this, there is some confidence in utilities' ability to withstand cyberattacks, with 70% of respondents expressing some level of confidence in their IT resilience and 71% expressing similar sentiments for OT. However, the real test lies in how quickly they can recover from an attack and minimize its impact.
 
As the energy landscape evolves and new regulatory standards emerge, utilities must do more than meet compliance requirements. While 18% of respondents believe compliance is the most critical factor in managing cyber risks, simply adhering to regulations is insufficient for real security. Compliance should not be confused with comprehensive protection, as many compliant organizations have still fallen victim to cyberattacks. Effective cybersecurity requires ongoing vigilance, regular updates, and rigorous testing of defenses to keep pace with evolving threats.
 
To illustrate, homes with not just security alarms but also gates, lighting, and warning signs are less likely to be targeted, demonstrating the importance of layered and robust defenses in cybersecurity.
 
Click here to download the 2024 Black & Veatch Electric Report.