NCC Group vs MDSec
Side-by-side comparison of NCC Group and MDSec for penetration testing services. Compare their services, accreditations, compliance expertise, pricing, and overall scores.
NCC Group leads in our overall scoring, primarily on the strength of industry accreditations and team research and activity. That said, scores don't tell the full story — the right provider depends on your specific testing scope and compliance requirements. Both hold CREST accreditation, but their credentials diverge beyond that — NCC Group additionally carries SOC 2 and NCSC Assured, while MDSec holds STAR and Cyber Essentials. Both operate at a global level but from different home bases — NCC Group in Manchester and MDSec in Southam — which can affect response times and familiarity with local regulatory environments. There's a meaningful size gap: NCC Group (500+ team) brings deeper bench strength and capacity for concurrent engagements, while MDSec (11-50 team) offers the smaller firm advantage of senior-led engagements and direct access to principal consultants.
| NCC Group | MDSec | |
|---|---|---|
| Headquarters | Manchester, United Kingdom | Southam, United Kingdom |
| Founded | 1999 | 2011 |
| Team Size | 500+ | 11-50 |
| Pen Testers | — | — |
| Geography | Global | Global |
| Markets | Global, UK, North America, Europe, APAC | UK, Europe, Global |
| Pricing | — | — |
| Services | Web ApplicationNetworkMobile AppIoTCloudAPISocial EngineeringRed TeamingPurple TeamingPhysicalWirelessSCADA/ICSVulnerability AssessmentSource Code ReviewConfiguration ReviewAssumed Breach | Web ApplicationNetworkCloudRed TeamingVulnerability AssessmentConfiguration ReviewSource Code ReviewSocial EngineeringPhysicalAssumed Breach |
| Accreditations | CRESTCHECKCBESTISO 27001SOC 2Cyber Essentials PlusNCSC AssuredPCI QSACouncil of Registered Ethical Security Testers | CRESTCHECKCBESTSTARISO 27001Cyber EssentialsCyber Essentials Plus |
| Compliance | ISO 27001SOC 2PCI DSSGDPRNIS 2DORA+2 | ISO 27001PCI DSSGDPRNIS 2DORANIST CSF+1 |
| Best For | EnterpriseGovernmentCritical Infrastructure | EnterpriseGovernmentCritical Infrastructure |
| Methodologies | OWASP, PTES, CREST, CBEST, OSSTMM, TIBER-EU | OWASP, CREST, TIBER-EU, CBEST, STAR, NIST |
Shared Services (10)
Only NCC Group (6)
Only MDSec (0)
Comparison FAQs
How does NCC Group compare to MDSec?+
NCC Group is headquartered in Manchester, United Kingdom and offers 16 services. MDSec is based in Southam, United Kingdom with 10 services. Both providers offer 10 services in common.
Which provider has more accreditations?+
NCC Group holds 9 accreditations (CREST, CHECK, CBEST, ISO 27001, SOC 2, Cyber Essentials Plus, NCSC Assured, PCI QSA, Council of Registered Ethical Security Testers), while MDSec holds 7 (CREST, CHECK, CBEST, STAR, ISO 27001, Cyber Essentials, Cyber Essentials Plus).
What services are unique to each provider?+
NCC Group uniquely offers: Mobile App, IoT, API, Purple Teaming, Wireless, SCADA/ICS. MDSec uniquely offers: no unique services.
Have you worked with NCC Group or MDSec? Help others decide.