About Our Cybersecurity Third Party Due Diligence Practice

Law & Forensics Cybersecurity Third Party Due Diligence practice works with organizations to assess not only vendors’ professional and technical offering, but also to perform a thorough due diligence process to identify any compliance issues and risks before implementation and deployment within the organization.

Our Cybersecurity Third Party Due Diligence practice’s team is well versed in the processes involved in selecting and evaluating vendors for many organizations, including local authorities, companies in the private sector, and non-profit organizations. We work with our clients to assess the most suitable solution, by working closely and engaging key stakeholders in the organization.

Our Services

100s of years of collective experience doing cybersecurity. And of course working out of the box and solving problems…

Mergers and Acquisitions Cybersecurity Due Diligence

  • Detect tangible cybersecurity gaps and/or potential at-risk areas in the target company. Efforts included reviewing security programs, leveraging patent threat scanning technology, and assessing the alignment of policies and controls with the underlying cybersecurity program.
  • Quantify costs to remediate cybersecurity gaps identified using our proprietary financial models and cyber industry expertise.
  • Author a report summarizing gaps and financial costs to remediate said issues identified in the target company.
Cybersecurity Third Party Due Diligence
Cybersecurity Third Party Due Diligence

Information Security and Risk Policy and Control Effectiveness

  • Independently assess the target’s commitment to cyber/data security and ascertain the alignment with corporate policies and compliance with any laws or regulatory frameworks that apply to target (DFS, CFATS, HIPAA, and etc.).
  • Evaluate the effectiveness of a target’s audit and information security programs.

Cybersecurity Program Review

  • Ascertain the target’s cybersecurity program and effectiveness to detect and respond to a cyber incident and benchmarking it against industry norms.
  • Review existing policies and controls to identify any material gaps in the target’s cybersecurity program.
  • Analyze the target’s cybersecurity insurance coverage to ensure coverage is appropriate.
Cybersecurity Third Party Due Diligence

Case Studies by Industry

Industry/Sector: Healthcare

Type of Service: Independent Review of Cybersecurity Program for Board of Public Company.

Description: Hired by Board of Directors of a large healthcare company to independently assess the cybersecurity program. Efforts included the following:

    • Interviewed CISO and senior leadership.
    • Evaluated alignment of controls and policies with cybersecurity technologies.
    • Audited existing training programs.
    • Provided a written report to the board documenting findings.
    • Presented to the Audit Committee the results of our efforts.
441+ Third-Party Vendors


59+ Companies

advised in diligence

37+ Mergers

and acquisitions

78+ Reports

delivered to companies

113+ Insurance Coverage

policies reviewed

102+ Full Internal Cybersecurity

audits assessed

Cybersecurity Third Party Due Diligence Practice Edge

Cyber Insurance for Law Firms: Understanding the Cyber Risk Policy and Key Considerations for Law Firm Policy Holders


Annual Review of Regulations of Bitcoin and Blockchain in the United States and Abroad

Competitive fees


Review of Alternative Dispute Resolution Case Law in 2018

Quality Control