Cyber Due Diligence
As a specialist advisor, The Security Circle assist organisations to assess cyber risk as part of the due diligence process.
Those who make deals know exactly why due diligence exists. In recent years the cyber element of due diligence has often been overlooked and those making investments are waking up to the significant and disproportionate risk presented by IT and Cyber in particular.
Cyber due diligence is playing an increasing role in this process in assuring investors that they are executing a deal with their eyes wide open; fully cognizant of the risks and safe in the knowledge that proper controls and management is in place or at least that gaps are fully understood. As in any time constrained situation with high stakes clear guidance is required.
Due diligence should afford an investor the best possible appreciation of their risks should the deal go ahead. The Security Circle provide clear recommendations to clients as they assist on what is missing from a People, Process and Technology perspective. Understanding what is, and what is not in place, aids collective understanding and evidences as reasoned, points of negotiation for presentation to the seller, and a plan of action for post-completion.
The Security Circle approach to Cyber Due Diligence is to ensure the bases have been covered in terms of key Cyber Security measurements. We use our own series of standard assessments centred around Critical Controls but which vary based on the time available, the size and sector of the organisation and are weighted toward the trading behaviour; be it B2B, B2C or both.
Once the deal is complete the post deal investment begins, dealing with the RAG reports and Gaps to shore up that risk. This is why our consultants make a broad analysis of the existing organisational risks and establish those gaps that need to be addressed by an appropriate combination of training, process change and technology.
The more time is afforded in due diligence the more accurate the assessment. However, during due diligence there can be many time constraints in play within the selling organisation and time on-site often is limited. A methodology such as that employed by The Security Circle maximises what can be extracted to deliver the best accuracy in the time available. The Security Circle employ pre-visit questionnaires, a clear interview strategy and a tight reporting process around how we deliver our Cyber Due Diligence through our dedicated team of experts to fully support your deal making.