Using our proprietary cybersecurity risk assessment framework, we perform an “outside-in” review. Based on only publicly available information, we develop a high-level profile of cybersecurity risk based on the likelihood of an issue and its possible impact. M&A managers use these profiles to evaluate deals. These are time-boxed efforts that can be run on individual targets or groups of companies.

An “outside-in” assessment is used as a precursor to a deeper analysis to gather information firsthand using our proprietary cybersecurity risk assessment framework. This includes a targeted analysis of critical risk dimensions such as a maturity assessment of cybersecurity incident response capabilities, security infrastructure, etc. Projects often include review of key procedures (e.g., incident response, 3rd party vendor risk, insider threat) that may have a direct impact on the deal. Typically, this service takes two to four weeks and may involve a short onsite visit to perform professional interviews.

The security score rating and critical risk dimensions provides the in-depth insight required to make remedial decisions and assess the potential extent of required security improvements. Assessments include a full onsite risk assessment and an internal/external vulnerability assessment and threat lead penetration testing services. Typically, this service requires two to four weeks for completion.

We provide design and implementation support to enable the business to integrate or extract an organization, while ensuring appropriate security controls and governance processes are in place. Our experts design required capabilities to manage risk, create new solutions, establish new organizational approaches and governance models. We partner with you, as needed, throughout the implementation process, providing advisory services that help with architecture design, vendor/product selection, and general implementation support.