NCC Group vs Rapid7
Side-by-side comparison of NCC Group and Rapid7 for penetration testing services. Compare their services, accreditations, compliance expertise, pricing, and overall scores.
NCC Group leads in our overall scoring, primarily on the strength of industry accreditations and team research and activity. That said, scores don't tell the full story — the right provider depends on your specific testing scope and compliance requirements. A key distinction: NCC Group holds CREST accreditation, which is often a procurement requirement for regulated organisations. Rapid7 holds SOC 2 and ISO 27001 instead, which may or may not matter depending on your compliance framework. Both operate at a global level but from different home bases — NCC Group in Manchester and Rapid7 in Boston — which can affect response times and familiarity with local regulatory environments. NCC Group covers 16 distinct service lines compared to Rapid7's 10, making it a stronger choice if you need a single vendor across multiple testing types. Rapid7's tighter focus may translate to deeper specialisation in its core areas.
| NCC Group | Rapid7 | |
|---|---|---|
| Headquarters | Manchester, United Kingdom | Boston, Massachusetts, United States |
| Founded | 1999 | 2000 |
| Team Size | 500+ | 500+ |
| Pen Testers | — | — |
| Geography | Global | Global |
| Markets | Global, UK, North America, Europe, APAC | Global, North America, Europe |
| Pricing | — | — |
| Services | Web ApplicationNetworkMobile AppIoTCloudAPISocial EngineeringRed TeamingPurple TeamingPhysicalWirelessSCADA/ICSVulnerability AssessmentSource Code ReviewConfiguration ReviewAssumed Breach | Web ApplicationNetworkMobile AppCloudAPISocial EngineeringRed TeamingVulnerability AssessmentConfiguration ReviewWireless |
| Accreditations | CRESTCHECKCBESTISO 27001SOC 2Cyber Essentials PlusNCSC AssuredPCI QSACouncil of Registered Ethical Security Testers | SOC 2ISO 27001 |
| Compliance | ISO 27001SOC 2PCI DSSGDPRNIS 2DORA+2 | SOC 2PCI DSSHIPAANIST CSFISO 27001GDPR+1 |
| Best For | EnterpriseGovernmentCritical Infrastructure | EnterpriseMid-MarketGovernment |
| Methodologies | OWASP, PTES, CREST, CBEST, OSSTMM, TIBER-EU | OWASP, PTES, NIST |
Shared Services (10)
Only NCC Group (6)
Only Rapid7 (0)
Comparison FAQs
How does NCC Group compare to Rapid7?+
NCC Group is headquartered in Manchester, United Kingdom and offers 16 services. Rapid7 is based in Boston, Massachusetts, United States with 10 services. Both providers offer 10 services in common.
Which provider has more accreditations?+
NCC Group holds 9 accreditations (CREST, CHECK, CBEST, ISO 27001, SOC 2, Cyber Essentials Plus, NCSC Assured, PCI QSA, Council of Registered Ethical Security Testers), while Rapid7 holds 2 (SOC 2, ISO 27001).
What services are unique to each provider?+
NCC Group uniquely offers: IoT, Purple Teaming, Physical, SCADA/ICS, Source Code Review, Assumed Breach Testing. Rapid7 uniquely offers: no unique services.
Have you worked with NCC Group or Rapid7? Help others decide.