Why invest a lot of time and money doing a cybersecurity risk assessment to receive a lengthy report to find out all the things you know you didn’t have, all the things you know are broken and all the things you know need to be fixed?
Yes, a top-notch Cybersecurity Analyst will report all of that, but it should only be a portion of the overall findings. An experienced Cybersecurity Analyst will find a lot of things your IT department didn’t know because they either lack the expertise or simply lack the bandwidth to get to these findings. Most IT departments are overused and are spending the majority (if not all) of their time just trying to keep the lights on.