An advertising organization grew through acquisition of several companies. The business entailed collecting and processing personal information from citizens in the U.S. and E.U. Regulations such as GDPR and the lack of visibility to cyber risk was a serious concern for their board.
The enterprise consisted of many business entities. The business processes used to technologies used to collect and process data were varied and loosely defined. This created a challenge to develop a consolidated view of enterprise cyber risk.
Our Data & Technology Risk Assessment and Cybersecurity Governance Implementation was a perfect fit for the customer. We collaborated with the parent company CFO and CIO to establish a common understanding of outcomes. After conducting workshops to understand business processes and technologies associated with the collection and processing of personally identified information, we analyzed their capabilities and identified gaps in regulatory compliance, customer contractual requirements, and cybersecurity leading practices.
The deliverable was a prioritized, actional roadmap to close identified gaps. This along with the Risk Register provided leadership a clear understanding of cyber risk and what to do about it.
The results achieved as a result of the engagements include:
- Ability to communicate cyber risk to the Board and secure the funding needed to close gaps
- Ability to effectively and accurately communicate cyber risk and cyber security posture to external parties
- Increased cyber risk visibility and enabled informed cybersecurity decisions
- Established a foundation to build the right cyber risk culture