Drata’s Partner POV series spotlights the leaders and teams in our partner ecosystem who are helping customers modernize security, compliance, and trust. In each installment, we share a partner’s on-the-ground perspective on what they’re seeing in the market—what’s changing, what’s proving difficult, and what’s working—plus practical takeaways for building stronger, more resilient programs.
In this edition, we’re joined by Adam McCaig, CISM-Solutions Manager at Saepio, one of the UKI’s largest independent cyber risk management specialists. Adam shares what’s top of mind for Saepio customers across governance, risk, and compliance, along with the growing focus on operational resilience, third-party risk, and the underestimated risks created by SaaS integrations—plus how Saepio and Drata are partnering to help teams move faster with clearer, more consistent evidence.
Introducing Saepio
Saepio Information Security is one of the largest independent cyber risk management specialists in the UKI. The company focuses on risk management across three pillars: Cyber Resilience Consulting (supporting governance, risk, and compliance and security strategy needs), the resale of security technologies to build resilient networks and applications, and People Services to help stretched security and GRC teams deliver effective risk management outcomes.
Top of Mind Challenges for Saepio Customers
In the GRC space, we’re seeing rapidly evolving regulations outpace customers’ ability to keep up with audit requirements and continue demonstrating trust to their customers and stakeholders. Our UK and EMEA customers have faced changes like updates to ISO 27001 and Cyber Essentials Plus (CE+). The launch of the NIS2 Directive, DORA, and ISO 42001 has also added new requirements to compliance programs.
Through our Cyber Resilience Consulting (CRC) practice, Saepio supports a wide range of frameworks and regulations and delivers assessment, gap analysis, and implementation services—through to retained fractional CISO and security leadership support. We’ve also leveraged our relationship with Drata to develop service offerings that support compliance and trust programs through the implementation and ongoing management of the Drata platform.
More broadly, resourcing is still a consistent challenge for IT security and compliance teams of all sizes. We’re seeing customers look to streamline security operations and engineering with smart, consistent technology investments to address risks like ransomware, business email compromise, and data loss.
Security, Compliance, and Trust Trends in 2026—and Beyond
Customer focus has shifted noticeably toward operational resilience and business continuity as core business objectives. The scale and nature of several headline 2025 UKI cyber incidents—and subsequent government advice—has pushed those priorities higher at board level. Ransomware risk, in particular, remains a clear and specific customer priority.
These incidents (and some of the regulations mentioned earlier) have also increased attention on third-party risk. Through our M-SCORE service, Saepio helps customers implement a continuous third-party risk management program. Drata—and their Trust Center capabilities—have been a key part of the broader supply-chain risk and trust conversations we’re having with customers.
Underestimated Risks via SaaS Integrations
The availability of generative AI has put the “access to” and “use of” SaaS applications back in focus for customers. At the same time, SaaS as a risk vector is still consistently underestimated—both for data loss and as an access path into organizations. We increasingly see breach reports pointing to SaaS integrations as the entry point.
Proper trust management of SaaS applications—along with configuration management, access controls, and identity management (human and non-human)—needs to be treated as a real program of work, not a side task.
How Saepio Customers Use Drata
Saepio customers are increasingly maturing their cyber risk management programs. In practice, that usually means they’re tackling GRC needs for the first time, or their existing GRC requirements evolve, expanding to second, third, or fourth standards, frameworks, and regulations.
With Drata, the ability to cross-map and reuse standardized, consistent evidence is a simple—but hugely valuable—benefit, even when you’re evaluating new alignments.
In addition, automated evidence collection and workflow capabilities are key value drivers for customers using Drata. Combined with the expertise of our Cyber Resilience Consulting team, we’ve helped customers reach time-to-value faster in their GRC programs.
Drata + Saepio = Better Together
We’re genuinely excited that our relationship with Drata enables our CRC team to assess GRC programs, support customers in meeting their objectives, and—just as importantly—help them evidence progress clearly.
Increasingly, customers are asking Saepio to take on day-to-day ownership of their Drata implementation as part of an accelerated GRC consultancy and support engagement.
What’s more, we’ve been pleased with the customer feedback from joint customers. Drata has a compelling proposition for the majority of our ~1,000 customers and is becoming a regular roadmap agenda item.
“I’ve personally worked with Drata for longer across a couple of organizations, and what originally attracted me to Drata still holds true: the team is supportive and laser-focused on customer success. That makes partnering easy, because we’re both advocating for customer outcomes and working toward the same goal in a cooperative, collaborative way.”
- Adam McCaig, CISM-Solutions Manager at Saepio
How Drata Delivers Results
We’re seeing measurable outcomes in reduced operational costs and overhead, which links directly to the resource challenges many customers face. Drata enables customers to work smarter and faster with lower overhead. That’s hugely valuable—and it also frees up time and budget so we can support them beyond core GRC needs, across other cyber risk priorities. Ready to learn more? Schedule your Drata demo.
Saepio + Drata Connection
Saepio’s partnership with Drata is relatively new, but it’s developing quickly and going from strength to strength—driven by the success our growing number of joint customers are seeing, and the feedback they’re sharing.
