About Our Cyber Security Third Party Due Diligence Practice

Law & Forensics Third Party Due Diligence practice works with organizations to assess not only vendors’ professional and technical offering, but also to perform a thorough due diligence process to identify any compliance issues and risks before implementation and deployment within the organization.

Our team is well versed in the processes involved in selecting and evaluating vendors for many organizations, including local authorities, companies in the private sector, and non-profit organizations. We work with our clients to assess the most suitable solution, by working closely and engaging key stakeholders in the organization.

Our Services

100s of years of collective experience doing cybersecurity. And of course working out of the box and solving problems…

Mergers and Acquisitions Cybersecurity Due Diligence

  • Detect tangible cybersecurity gaps and/or potential at-risk areas in the target company. Efforts included reviewing security programs, leveraging patent threat scanning technology, and assessing the alignment of policies and controls with the underlying cybersecurity program.
  • Quantify costs to remediate cybersecurity gaps identified using our proprietary financial models and cyber industry expertise.
  • Author a report summarizing gaps and financial costs to remediate said issues identified in the target company.

Information Security and Risk Policy and Control Effectiveness

  • Independently assess the target’s commitment to cyber/data security and ascertain the alignment with corporate policies and compliance with any laws or regulatory frameworks that apply to target (DFS, CFATS, HIPAA, and etc.).
  • Evaluate the effectiveness of a target’s audit and information security programs.

Cybersecurity Program Review

  • Ascertain the target’s cybersecurity program and effectiveness to detect and respond to a cyber incident and benchmarking it against industry norms.
  • Review existing policies and controls to identify any material gaps in the target’s cybersecurity program.
  • Analyze the target’s cybersecurity insurance coverage to ensure coverage is appropriate.

Case Studies by Industry

Industry/Sector: Healthcare

Type of Service: Independent Review of Cybersecurity Program for Board of Public Company.

Description: Hired by Board of Directors of large healthcare company to independently assess the cybersecurity program. Efforts included the following:

    • Interviewing CISO and senior leadership.
    • Evaluating alignment of controls and policies with cybersecurity technologies.
    • Auditing existing training programs.
    • Providing a written report to the board documenting findings.
    • Presenting to the Audit Committee the results of our efforts.
441+ Third-Party Vendors


59+ Companies

advised in diligence

37+ Mergers

and acquisitions

78+ Reports

delivered to companies

113+ Insurance Coverage

policies reviewed

102+ Full Internal Cybersecurity

audits assessed

Cybersecurity Third Party Due Diligence Practice Edge


Veteran team with more than 10 decades of experience in assessing technological solutions and each engagement is led by a senior member with more than 100+ years of collective experience. Our teams’ unique experience and training allows us to examine every solution from an attacker’s point of view to identify and remediate any potential gaps in security and compliance.

Competitive fees

Our fees structure is competitive, we offer clients success based, hourly and/or fixed fee arrangements while ensuring that each engagement is spearheaded by a knowledgeable and experienced senior team member of our team.


Law & Forensics has worked with dozens of large companies and private equity firms to evaluate the cybersecurity posture of companies that were potential acquisition targets, identifying gaps and issues with the targets cyber policies and practices, and providing a detailed report for senior management on identified issues and proffering appropriate remediation steps.

Quality Control

We deliver prompt solutions and thoughtful recommendations that rigorously meet or exceed industry best practices and meet the needs of our clients.