As cyber security attacks become increasingly sophisticated, corporate finance and private equity firms represent a potentially high-profile target for cyber criminals. With this in mind, Livingstone took the conscious decision to review the cyber security and disaster recovery provisions at its London office. As part of a cyber security review Intuitus analysed the organisation’s current approach to cyber security and advised on a plan of action to ensure that Livingstone is able to manage any potential cyber breach in the future, and protect its clients, employees and brand.
Livingstone is an international mid-market mergers and acquisitions and debt advisory firm that delivers corporate finance solutions to entrepreneurs, boards, major corporations, private equity investors and debt providers around the world from offices in Beijing, Chicago, Dusseldorf, London, Los Angeles, Madrid and Stockholm.
Bruce Martin, the recently-appointed Finance Director at Livingstone, has overall responsibility for the organisation’s IT, including cyber security, and wanted to understand what Livingstone should be doing to better protect the organisation from cyber-crime. “From a reputational point of view, if we did have a security breach and we didn’t manage it effectively there is a potential for considerable brand damage. We wanted to ensure that we as a business are doing everything we can to help prevent a cyber security attack, and to make sure that our name and strong standing in the marketplace is protected should anything occur,” Martin explains.
In addition to this, the prospect of future financial penalties was also a concern for Livingstone. With the General Data Protection Regulations (GDPR) coming into force in May 2018, any organisation that fails to report a breach in cyber security within 72 hours could face a fine of up to 2% of global turnover.
How Intuitus helped
Intuitus consultant Carl Chapman, a CISSP-qualified and highly-experienced C-level Executive, undertook the cyber security review at Livingstone, which focused on four key areas:
- Primary information assets and responsibilities;
- Effectiveness of Board oversight, particularly as it relates to cyber risk management and organisational cyber culture;
- Assessment of operational cyber security processes and controls; and
- The overall organisational approach to incident response readiness.
As part of the engagement Intuitus ran a one-day workshop at Livingstone to help the team plan the next steps. Establishing a cyber security maturity model for the business helped provide focus for key areas of investment. The Intuitus report also included information on the type of cyber security activity undertaken by companies of a similar size working in similar sectors, as well as benchmarking processes that could be used to measure Livingstone’s cyber security effectiveness.
Results, Return on Investment and Future Plans
“Our policies and processes on cyber security really benefited from the review,” says Martin. “Intuitus provided guidance on what we should be including, as well as common risk factors to look out for – risks specific to Livingstone as a business and also more general risks,” says Martin.
“We’re confident as a business that we’re doing our best to prevent and protect ourselves from cyber-crime.”
To find out more about Intuitus' Cyber Security Review service get in touch.