Our Cyber Advisory practice has helped market-leading private equity companies, global banks, and big tech companies to solve their most challenging cyber security problems. We work hard to understand our clients as a business, so that we can make recommendations in line with their specific budgets, risk appetites, and threat landscapes.
WHAT WE DO
We help our clients to identify, quantify, and mitigate cyber risks. Our services include:
- Ransomware Resilience Services: we identify gaps in the people, processes, and technologies in place to prevent, detect, contain, eradicate, and recover from ransomware attacks. We make recommendations to close gaps, and provide costed security-improvement roadmaps in line with your budget, resources, and risk appetite.
- Cyber Insurance Support Services: we help our clients to present their best-case for affordable premiums when seeking to gain or renew cyber insurance coverage in a hardened market. We have close relationships with top insurance companies in the market, and have participated in hundreds of insurance underwriting dialogues, to understand precisely what insurance providers need to know to offer reasonable premiums.
- Framework-aligned Gap Analysis: we help our clients to gain a clear picture of their cyber security maturity across their people, processes, policies, and technology. We do this by assessing the controls within the NIST Cyber Security, CIS-18, or ISO27001:2022 industry frameworks, and assigning maturity scores to each. We also provide recommendations and guidance to enable our clients to reach their desired level of maturity.
- Private Equity Cyber Security Programmes: we partner with private equity firms to provide them with assurance on the cyber security maturity of their portfolio companies. We provide both pre-acquisition due diligence services and support throughout the life cycle of the deal to help our clients quantify their cyber risk and make informed strategic decisions.
- Tabletop Exercising and Crisis Wargaming: we prepare, facilitate, and report on credible and engaging cyber incident response simulations to help our clients understand expectations and rehearse their responsibilities. We work hard to make our exercises as realistic as possible, to ensure that discussion is taken seriously, and that stakeholders develop the ‘muscle-memory’ required to act with confidence in even the worst-case scenario cyber incidents.
- Cyber Transformation Programmes: we support our clients as they implement security improvement programmes. We offer programme management services, solution implementation, configuration, and integration, virtual CISO roles, and Request for Proposal (RFP) process support.
- Threat Intelligence: we use Open Source Intelligence (OSINT) to help you understand the threat actor groups and methods most likely to target your organisation. We also scan the dark web for evidence that your company credentials or sensitive information have been leaked, or that your organisation is being discussed on dark web forums.
- User and Executive Awareness Training: we offer training sessions to help organisations understand the tools and methods used by ransomware threat actors, the layers of defence required to mitigate ransomware attacks, and the key responsibilities of operations, management, and the executive in a ransomware crisis. We also provide training on best practice during the first 48 hours of response to a ransomware incident.
- Third Party Risk Management: we provide our clients with a comprehensive view of supply chain risk, leveraging our own third-party supplier cyber risk questionnaire (based on the NIST Cybersecurity Framework). Our analysis enables our clients to demonstrate due attention to third party risk management, and enables them to make informed decisions during supplier selection.