Abacus, a global provider of IT Managed Services (MSP) and Managed Security Services (MSSP) for highly regulated sectors, has announced that its penetration testing services have earned accreditation from the Council for Registered Ethical Security Testers (CREST).

This globally recognised certification confirms that Abacus conducts penetration testing in line with stringent technical, ethical, and legal standards. The independent CREST assessment—trusted by regulators—reviewed the company’s methodologies as well as the skills and qualifications of its team.

To achieve accreditation, Abacus was required to demonstrate robust practices in areas such as client data management, quality assurance, and control processes. The company also provided evidence of continuous professional development for its staff and submitted multiple client references validating its professionalism, depth of testing, and overall service quality.

With CREST validation, Abacus strengthens confidence among clients and prospects, assuring them that its services align with industry-leading security practices and that advanced penetration testing is delivered safely and effectively.

At a time when only a limited number of MSPs meet this high cybersecurity benchmark, the accreditation further establishes Abacus as a trusted global provider of penetration testing services, dedicated to safeguarding sensitive data and ensuring regulatory compliance.

Tom Cole, Senior Managing Director for EMEA at Abacus, commented that in today’s environment of persistent cyber threats and evolving regulations, clients need assurance that they are partnering with a top-tier provider. He added that the CREST accreditation confirms alignment with international best practices and offers clients in regulated industries—such as finance and healthcare—confidence in the technical rigor of Abacus’ Red Team operations.

Abacus’ penetration testing services enable organisations to better understand their potential attack surface and overall security posture by simulating real-world cyberattacks. This involves replicating the actions of malicious actors attempting to exploit vulnerabilities across cloud systems, networks, and server environments.

In addition, the company now provides an advanced adversarial simulation service that blends agentic AI capabilities with the expertise of experienced Red Team professionals. This combined approach ensures testing that is both highly precise and context-aware.

The CREST accreditation process for Abacus took place between October 2025 and February 2026. To maintain this status, the company will undergo annual renewals to ensure continued adherence to the required standards.

Cybersecurity and data protection are critical priorities across the organization, reflected in our interactions with customers and suppliers. Our holistic strategy to safeguard data and business systems from attacks, breaches, or losses combines advanced technologies, policies, procedures, and a 24/7 cybersecurity operations team that monitors for threats and responds immediately.

We require all employees to undergo annual information security awareness training, with additional training for specialized roles. Regular simulations of cyberattacks or malicious activities are conducted to improve awareness and responsiveness. Additionally, third-party penetration and vulnerability testing are performed.

Our security policies are reviewed and updated annually to reflect changes in regulations, emerging threats, and best practices. We assess potential cybersecurity risks through internal and external sources, documenting and prioritizing them in a risk register. These risks are reported to a cross-functional cybersecurity risk committee for validation.

While we emphasize prevention and detection, we also have response and recovery plans, service agreements, and partnerships in place to address any incidents. Our security incident response plan outlines the procedures for timely and accurate reporting of significant cybersecurity events. Cyber liability insurance is also maintained.

To strengthen our ability to prevent, detect, and respond to security threats, we have appointed a Chief Information Security Officer (CISO) and a dedicated team to lead the enterprise-wide information security strategy, policies, standards, and processes. The Audit Committee of our Board of Directors meets quarterly with the CISO, Chief Information and Digital Officer, and other senior leaders to review cybersecurity risks, security system improvements, and assessments of our security program. Wesco has also earned ISO 27001 certification for its Information Security Management System.

Thanks to these robust measures, we did not experience any significant data breaches in 2023. Additionally, we completed the planned three-year integration of Wesco and Anixter's infrastructure and security, achieving significant progress in implementing Zero Trust configurations and data loss prevention strategies.

Click here to know more about Wesco’s 2024 Sustainability Report.