Your Basket
Cyber security for any size of business
CREST member company
Team of friendly certified experts

About Us

Hedgehog Security is a family owned and run, CREST regulated, Cyber Security company. We operate from four locations around the world, the United Kingdom, Gibraltar, Spain and Japan. In 2021 we will be re-opening our US office in New Orleans.

Established in 2009, we service companies of all different standings and sizes. We are a small team of highly talented Cyber Security professionals with many years’ worth of knowledge in our field. At Hedgehog we have the ability not only to detect and discover potential threats to your business and systems, but also to provide you with the solutions to fix them and prevent their re-occurrence. We offer a multitude of different services to suit every business regardless of size or scale.

We are a small business with a vast, global reach and where life really reflects the true hacker ethos. While each member of the Hedgehog family has a job title, that really describes what they do day to day. In reality, everyone gets involved with everything that they feel capable doing.

Whether that's the CEO making tea and cooking up some lunch while the team are working on a longer engagement, or a tester running down to the bank with paperwork, we all get stuck into everything to ensure that we maintain success for ourselves and our clients.

Our Vision

The ultimate test for any cyber security service is the robustness of service and the quality of delivery.

You should take comfort in knowing that Hedgehog are committed to providing a first-class service. We offer dedicated resources to ensure consistency of service delivery, effective account management and winning cyber strategies. Our team include qualified penetration testers, consultants and support staff who provide outstanding expertise and support at the time most needed.

Our Commitment to being a Good Company

We are committed to supporting the needs of our employees, clients, the local community and wider society. Central to this approach is the belief that our business objectives must be strategically compatible without behavioural, social and environmental obligations. To ensure we adhere to this, we follow our four key pillars.

Community: mutually beneficial engagement with the local and wider community.

Workplace: creation of a working environment for employees characterised by equal opportunities, training and personal development, and regular and open communication.

Environment: reduction of our carbon footprint.

Marketplace: commitment to treat clients fairly; monitor and confront cybercrime; and comply with good ethics.

We are dedicated to providing you with high quality service and we want to ensure that we maintain this at all times. If you feel that we have not offered you a first-class service or you have any questions or concerns about your engagement, you should in the first instance contact your account manager. In the event that you remain dissatisfied and wish to make a complaint you may do so in writing or verbally to our CEO.

Hedgehog Cyber is governed and regulated by CREST, the Council for Registered Ethical Security Testers. Our CREST membership is for Europe, Middle East and Asia and covers all of our operations. As a CREST member company, we hold CE, CE Plus, ISO27001 and ISO9001 certification, independently audited and certified by DAS Certifications Limited, a UKAS regulated audit firm. The scope of our ISO and CE Plus certification is as follows: “The provision of Penetration Testing and Cyber Security Consulting services in Europe, the UK, Middle East and Asia.”

As required by local law, our CREST membership and common sense, we hold extensive insurance coverage through TOKIOMARINE HCC.  The geographical limits of our insurance are Worldwide with a Jurisdiction of Worldwide.

Professional and Employers Indemnity: GBP 10,000,000

Public, Product and Pollution Liability: GBP 5,000,000

Data Protection & Retention

We have long subscribed to the mantra of what you don’t have you can’t breach but with today’s legislation on retention we have had to revisit this mantra.

Audit Reports: are encrypted with a 4096-bit PGP key and retained for 10 years.

Test Reports: are encrypted with a 4096-bit PGP key and retained for 10 years.

Technical Test Data: is retained for no longer than 90 days post engagement. It is deleted by encrypting with a one-time key and 7 times overwrite.

All other information: is retained for no longer than 7 years after being used.

Our global Data Protection Policy takes into account the regional data protection acts from each principle jurisdiction in which we operation. These include the UK, the EU (with GDPR), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and for the US regions, Gramm Leach Bliley Act (GLBA) along with Health Insurance Portability and Accountability Act (HIPAA). With the demise of the Internal Safe Harbour Privacy Principles in 2015, we adopted the above policy to address the security and confidentiality of personal information throughout its business.

Any personal data which is collected, recorded or used in any way whether held on paper, computer or other media, will have appropriate safeguards applied to it to ensure that we comply with the Data Protection Act. We endorse the rights of data subjects, including the statutory right to request personal data relating to them. Personal information will never be disclosed, shared, exchanged or sold with any third party.

Life at Hedgehog Security


We offer all Hedgehog family members the ability to work from any of our locations. Whether that is in the beautiful Peak District in the UK, on the rocky sides of Gibraltar, the sandy beaches of Malaga, Spain or in the metropolis of downtown Tokyo, Japan, everyone has the chance to get out and enjoy the world.

We encourage our family to their families on holiday breaks.


During the day (or night, depending on what we are working on), it is all about the work. And the work can be overpowering and all consuming. It is only right that we have down time. On of the best things about Hedgehog is our various “unwork” days throughout the year to keep everyone in the Hedgehog family to depart from the work train for a while. Previous activities include Trackdays and Motorsport (with our GT Endurance team), sailing and fishing trips, hiking, horse riding, painting and bushcraft.

Mental Health

What we do is hard and taxing on the pink CPU cycles, we recognise that. We also recognise that society would brand the majority of our industry with various three or four letter acronyms. We reject that mode of thought. Everyone at Hedgehog deserves to be treated equally, regardless of labels that society place on us. We therefore we uphold a strong mental health policy (well, we call it our Health Policy) that ensures we look after each other in the right way. To find out more, read our blog "health at Hedgehog".

Contact Us

Ask us a question, any question at all. As long as it has to do with Information Security / Cyber Security, we will get back to you with an answer.