Cyber Security Vendor Red Flags Handbook

Small Business Cyber Security Vendor Red Flags Handbook

A concise, high‑impact handbook to help SMEs spot early warning signs before signing with a cyber security vendor.

Who this handbook is for

For SMEs who are already speaking to vendors and want a clear way to identify risk and avoid costly mistakes.

1. Commercial red flags

• Vague pricing
• Hidden onboarding fees
• No written SLAs
• No liability clarity 

2. Technical red flags

• No integration documentation
• No architecture diagrams
• No API references
• No security testing evidence 

3. Compliance red flags

• No DPA
• No breach notification process
• No audit trail
• No certification evidence 

4. Support red flags

• Outsourced support with no transparency
• No guaranteed response times
• No escalation path 

5. Behavioural red flags

• Over‑promising
• Avoiding direct questions
• Pressuring for quick decisions
• Refusing to provide references

Download the PDF version

Download the Red Flags Handbook (PDF)

Related resources

• SME Cyber Security Vendor Evaluation Framework
• SME Cyber Security Buyer’s Guide
• Cyber Security Budgeting & Cost Transparency Guide