GCL Cyber Risk Assessments

Many companies believe cyber risk assessments only involve a security audit (such as SSAE-16 or SOC-1/2), penetration testing, or vulnerability scanning. While these activities and results are useful, GCL links its business process experience and legal expertise with in-depth security knowledge

• Stop business operations
• Result in compliance violations or breaches of customer and business partner obligations
• Result in the loss of data
• Cause enormous financial losses and/or
• Undermine strategic goals and objectives.

GCL conducts a cyber risk assessment that combines technical, legal, and operational considerations and identifies the critical junctions where IT intersects with business operations and legal risk. An examination of strategic corporate documents, corporate organization, policies and procedures, information flows and dependencies, and security program documentation enables GCL to evaluate an organization’s compliance requirements, its enterprise security program, and identify gaps and deficiencies.

Cyber risks today can be determined only after reviewing a client’s system architecture, the technology it has deployed, its operational processes and control points, key security documents, its management policies, compliance requirements and corporate culture. Cyber risks are not managed solely by IT staff and security teams. Cyber risk management is an enterprise issue and there is a role for everyone, especially legal counsel.

GCL’s cyber risk assessments will identify critical operational points and cyber liability risks. Through our partner company, Dempsey Partners, we can identify cyber risks, quantify the cyber exposure cost, and assist clients in determining whether their cyber coverage is adequate or whether they have such coverage at all.