CYBER RISK & LAW
CYBER RISK & LAW
SmallBusiness.jpg

Cyber Risk Management

Legal Support for Risk Managers, CISOs and Small Business.



Cyber Risk Management

“85% of companies share data with business partners…but only 28% of companies have security standards for sharing data.”

— “Cybersecurity for Today’s Digital World”, ATT Cybersecurity Insights, Vol. 7 2019

KNow Your exposure

Insurance is a smart way to manage cyber risk but even the best policy provides only limited cover. And most of those policies are going to require you to know your cyber exposure before and during the policy year. Knowing your cyber exposure requires you to define your cyber risk tolerance based on the threats confronting your enterprise, the particular vulnerabilities that impact it, and the controls, risk response and monitoring defenses that you have implemented.

Whether you are collecting data, providing information or services over the internet, or just sending the occasional email to your once and future customers, you need to carefully assess your cyber risk and find a way to manage it. We offer simple, cost effective methods for assessing and managing cyber risk. Following the NIST CyberSecurity Framework, we can prepare high level risk assessments to help you understand your exposure and help train your workforce. We offer self assessment questionnaires, and can perform in depth management and employee interviews. We can also write, review or negotiate contracts with service providers because, well, we wrote a lot of those contracts.

There are some things that we don’t do, but we know who does, and we will help you select the right vendors and negotiate a rate that is fair for your information technology environment. Whether you need help with ransom negotiation, digital forensics, or network testing and scanning, I can help you find the right provider.

With our help you can:

  • Complete a fluid risk register that outlines your risk.

  • Develop a Board-ready risk assessment that details your threats, vulnerabilities, current controls and proposed improvements.

  • Respond to risk management inquiries from clients, customers, vendors, partners and regulators.

  • Prepare contracts that require cyber risk management and cyber risk transfer from partners and vendors.

  • Train your workforce and third party partners on cyber risk management.

  • Manage a process for interviewing, hiring and monitoring third party service providers such as MSSPs, scanning and testing services.