Cybersecurity Third Party Due Diligence

Cybersecurity Third Party Due Diligence

About Our Cyber Security Third Party Due Diligence Practice

Law & Forensics Third Party Due Diligence practice works with organizations to assess not only vendors’ professional and technical offering, but also to perform a thorough due diligence process to identify any compliance issues and risks before implementation and deployment within the organization.

Our team is well versed in the processes involved in selecting and evaluating vendors for many organizations, including local authorities, companies in the private sector, and non-profit organizations. We work with our clients to assess the most suitable solution, by working closely and engaging key stakeholders in the organization.

Our Services

100s of years of collective experience doing cybersecurity. And of course working out of the box and solving problems…

Mergers and Acquisitions Security, Risk, and Control Cybersecurity Program Review

Mergers and Acquisitions Cybersecurity Due Diligence

Detect tangible cybersecurity gaps and/or potential at-risk areas in the target company. Efforts included reviewing security programs, leveraging patent threat scanning technology, and assessing the alignment of policies and controls with the underlying cybersecurity program.
Quantify costs to remediate cybersecurity gaps identified using our proprietary financial models and cyber industry expertise.
Author a report summarizing gaps and financial costs to remediate said issues identified in the target company.

Information Security and Risk Policy and Control Effectiveness

Independently assess the target’s commitment to cyber/data security and ascertain the alignment with corporate policies and compliance with any laws or regulatory frameworks that apply to target (DFS, CFATS, HIPAA, and etc.).
Evaluate the effectiveness of a target’s audit and information security programs.

Cybersecurity Program Review

Ascertain the target’s cybersecurity program and effectiveness to detect and respond to a cyber incident and benchmarking it against industry norms.
Review existing policies and controls to identify any material gaps in the target’s cybersecurity program.
Analyze the target’s cybersecurity insurance coverage to ensure coverage is appropriate.

Case Studies by Industry

Healthcare

Industry/Sector: Healthcare

Type of Service: Independent Review of Cybersecurity Program for Board of Public Company.

Description: Hired by Board of Directors of large healthcare company to independently assess cybersecurity program. Efforts included the following:

- Interviewing CISO and senior leadership,
- Evaluating alignment of controls and policies with cybersecurity technologies,
- Auditing existing training program,
- Providing a written report to the board documenting findings,
- Presenting to Audit Committee the results of our efforts.

Private Equity

Industry/Sector: Finance

Type of Service: Perform cyber due diligence for a private equity firm.

Description: Retained by Private Equity group team to perform due diligence review and analysis of the cybersecurity posture of an e-commerce company. Efforts included the following:

- - Reviewing alignment of cybersecurity controls and policies with systems,
  - Meeting and interviewing senior executives and board members about the cybersecurity program,
  - Auditing third-party vendor risk management program, quantifying cyber risks and remediation of risks,
  - Providing a written report with findings to client.

Home Appliance

Industry/Sector: Home

Type of Service: Cyber due diligence for a home appliance company

Description: Hired by outside counsel to assist an appliance organization in a transaction involving a social media monitoring and analytics start-up. Efforts included the following:

- Conducting an independent expert current state assessment of a social media monitoring and analytics startup information security program and practices based on CISSP domain standards and ISO27001 guidelines,
- Drafting report for counsel regarding gaps identified and remediation estimates,
- Providing a written report with findings to client.

100’s Of third party

vendors assessed

58 Companies

advised

33 Mergers

and acquisitions

76 Reports delivered

to companies

100’s Of insurance coverage

policies reviewed

100’s Of full internal cybersecurity

audits assessed

Cybersecurity Third Party Due Diligence Practice Edge

Capabilities

Veteran team with more than 10 decades of experience in assessing technological solutions and each engagement is led by a senior member with more than 100+ years of collective experience. Our teams’ unique experience and training allows us to examine every solution from an attacker’s point of view to identify and remediate any potential gaps in security and compliance.

Competitive fees

Our fees structure is competitive, we offer clients success based, hourly and/or fixed fee arrangements while ensuring that each engagement is spearheaded by a knowledgeable and experienced senior team member of our team.

Expertise

Law & Forensics has worked with dozens of large companies and private equity firms to evaluate the cybersecurity posture of companies that were potential acquisition targets, identifying gaps and issues with the targets cyber policies and practices, and providing a detailed report for senior management on identified issues and proffering appropriate remediation steps.

Quality Control

We deliver prompt solutions and thoughtful recommendations that rigorously meet or exceed industry best practices and meet the needs of our clients.