Cyber Risk & Security

The current era of digital revolution eases access to offensive cyber weapons for online predators. Thus, companies are being increasingly threatened by cyber attacks. As a result, Executive Committees, sector regulators and legislators are stepping up initiatives and security requirements for companies to comply with.

 

With more than 170 people across our offices worldwide, our Cyber Risk and Security Business Unit supports more than 40 leading groups in the assessment of cyber risks and the deployment of security systems. Our activity has experienced an average growth of more than 30% since 2010.

ORGANISATION

In order to better meet our clients expectations, we have structured our organisation around three practices:

  • Business Alignment: Cyber ​​Issue Evaluation and Digital Risk Control.
  • Cyber ​​Security Transformation: instilling “discipline” into risk management and deploying agile business risk and competence management models.
  • Expertise & support: providing service expertise to business and IT projects.

About 20 of our Managers ensure a daily proximity management of all of our client assignments. We are recognised for the quality of our services: our management system through quality is ISO 9001: 2015 certified. Finally, our activities are compliant with the requirement of the French National Cybersecurity Agency (ANSSI) through our PASSI qualification.

APPROACH

We help our clients answer 3 key questions:

  • How to reconcile the business departments growing needs for agility and flexibility to the need of risk management regarding worsening threats and regulations?
  • How to adjust the security devices to the acceleration of technological disruptions?
  • How to ensure the development and maintenance of cyber risk and security skills when faced with a relentless shortage of experts?

We approach each of our projects with an innovative attitude in order to provide our clients with a dynamic vision and new perspectives to manage the challenges they face.

POSITIONING

We accompany our clients through all the steps of securing their digital transformation: work “hand in the hand” with involved business departments to identify cyber risks, management of the organizational and technological evolution programs of management and industrial IT (SCADA), and daily provision of strong security expertise, particularly on Cloud, BigData, IoT and AI initiatives.

On a daily basis, our two main issues are:

  • Integrating organisational, methodological and technological innovation into our solutions.
  • Mobilising key players within the company to build together pragmatic and sustainable solutions.

We help our clients build a strong partnership with business departments, have an agile operational model and a high level of expertise. We support them in involving business sponsors, aligning security solutions with business issues, optimising efficient security processes, ensuring successful security projects and integrating security in digital projects .

+ more details

Business security alignment

Resilience

  • Crisis management, BCP, DRP

Data Protection

  • Data Privacy compliance (GDRP)
  • Asset classification
  • DLP process & monitoring
  • IAM & access profiling

IT Assurance

  • IT Risk framework and maps
  • IT Risk and Security dashboard
  • IT permanent control and compliance audit
  • CS Insurance

CS Transformation

Cyber Security Program

  • Security strategy & roadmap
  • Program Management, PM, PMO

Framework organization

  • Organization, Workforce Education
  • ISO 27001 ISMS, security policy
  • RFP, Operating Model process

Industrial Control Systems

  • SCADA vendors security control
  • Security upgrade plan of plants and SCADA system (ISA 99ISO/IEC 62443)

Sec Expertise as a Service

Security for application project

  • Security risk assessment for project
  • Architecture security review
  • Security technical notes for Cloud, Big Data, IoT, AI

Technical expertise

  • Application security, code review
  • Vulnerability assessment
  • Penetration testing
  • Physical & configuration audit

CISO support

  • CISO Chatbot, assistance, coaching
  • Security incident management
  • IT permanent control and compliance audit
  • CS Insurance

SOME OF OUR ACHIEVEMENTS

How to reconcile digital transformation and cyber risk reduction? A vital challenge for large groups.

A team of fifteen of our Consultants worked for a leading retail bank on a managed assignment.

Their achievements:

  • The cyber risk assessment of projects and recommendations to key business and project stakeholders
  • A “security counter” to optimise processes, unify security methods and deliverables, maintain IT risk mapping and streamline communication with key stakeholders

Our intervention allowed the client to gain expertise in security, agility, efficiency and visibility.

Have you identified which vulnerabilities will be exploited by your enemies? The steady pace of business transformation requires a strong and constant monitoring of their organisational and technical cyber risks.

A senior auditor and three junior auditors accompanied one of the world’s leading B2B / B2C delivery players on an organisational and technical vulnerability audit campaign targeting several of its sites around the world (Brazil, Hungary, Ireland …).

Their achievements:

  • A detailed and complete report on all the technical and organisational tests carried out
  • Observations made and associated security recommendations

The quality of our intervention was based on our ability to understand and integrate the key business issues of the group in our executive communications and to combine it with a very strong technical expertise.

How to ensure the protection of secret and personal data in a completely open information system? Securing data is a strategic issue that requires both technological innovation and user empowerment.

One of our Managers and two Consultants worked at a global insurance leader for a year on the worldwide classification of its data.

Their achievements:

  • A classification based on fun tools and an effective methodology for the business departments. This classification integrates the potential impacts in case of data dissemination, modification or loss
  • A grid of security solutions adapted to each case

Users are now able to identify their critical data themselves and consider this classification as an asset for the development of their activity.

Are directorates-general well prepared to survive a cyber crisis? The very nature of a computer attack makes it extremely difficult for a crisis management team to identify the root causes of the threat and accurately estimate its impacts.

One of our Managers and three consultants worked for three months for an insurance leader to prepare and lead a cyber crisis management exercise and develop a crisis management toolkit.

Their achievements:

  • The implementation of a crisis management process involving general managers, business departments and IT teams
  • The definition of crisis communication models and response sheets for Crisis Management teams

These actions enabled the client to involve and empower the IT & business teams as well as general managers, to identify concrete areas for improvement, and to promote these activities at top level thanks to a crisis simulation managed with realism and success.

How to ensure cyber security compliance on multi-billion euro programs with an international dimension? The challenge for these critical infrastructure programs lies in the companies' ability to implement a global cyber risk management policy without hampering their commercial development.

Five to fourteen of our Consultants worked for five years on a global project on Cyber Industrial Security that represented a total investment of US$35 billion in Europe, the US, Asia and Australia.

Their achievements:

  • The audit of more than 120 suppliers
  • The control and management of more than 4,000 cyber risks

These long-term achievements have enabled the client to ensure business continuity with regards to cyber attacks and have proven our ability to deliver complex programs with an international dimension as well as our expertise in industrial systems.

How to involve Traders in ensuring the cyber security of their tools and data? Cyber security management programs are often seen as a business constraint, especially in business lines where the use of data is essential.

Three of our experienced Consultants took part in a three-year (€15 million) program for a global leading investment bank (involving more than one thousand asset managers).

Their achievements:

  • A multi-year cyber security roadmap (covering 50 projects)
  • The empowerment of business leaders and IT experts involved in the implementation of secured solutions

The investments have enabled our client to gain the trust of the regulators, and also of its customers and partners.

SECTORS

 

BANK – INSURANCE – ENERGY – SERVICES – LUXURY – TOURISM – CONSTRUCTION – RETAIL – INDUSTRY – TELECOMMUNICATIONS & MEDIA

MEET OUR TEAMS IN

PARIS

BRUXELLES

SAO PAULO & RIO

Newsletter

Please, fill in your name
Please, fill in your email
This email address does not seem valid
Une erreur s'est produite lors de l'enregistrement.
Your request is not complete
The requested language does not exists
You are already subscibe, do you wish to unsuscribe
Yes, remove my email address
You have been removed from the list
Your email has been saved
Subscribe