More detail on our services
Cyber security strategy | Implementing a cyber security strategy within your organisation is an effective way to manage complexity, provide direction, and gain board-level support. Cyber threats are running ahead of government policy, regulation and business strategy. To counter the evolving cyber threats facing organisations today, business leaders must ensure they have an integrated approach to cyber security. Our consultants can help you develop a cyber security strategy that covers governance, processes, people and technologies. |
Cyber security operating model | Our consultants help define operating principles for the cyber security roles, responsibilities, and ownership of the cyber security capabilities to deliver your cyber security strategy. |
Cyber security maturity assessment (CSMA) | Our CSMA provides an in-depth review of an organisation’s ability to protect its information and respond to cyber threats. Our assessment takes a balanced view of how prepared the organisation is for cyber threats across people, processes and the technologies deployed to counter vulnerabilities. The CSMA will help your organisation develop a roadmap to enhance your cyber maturity and strengthen your security programme. |
Virtual CISO (vCISO) | The role of the vCISO provides you with a dedicated cyber security expert to align your cyber security with your business objectives, helping to protect you from the growing threats. Taking on the role of Information Security Officer within your organisation, the vCISO will effectively manage your security strategy, budget, risks and regulatory compliance. |
Cyber compliance and assurance | Cyber security compliance obligations are becoming increasingly complex. We assist organisations in achieving compliance or alignment with the landscape of all key UK and international cyber related laws, standards and frameworks |
Ransomware and incident readiness assessments | Our consultants help assess organisations’ posture on the processes and controls required to effectively prevent and respond to a range of different cyber attacks, including ransomware. |
ISO 27001:2022 services | ISO/IEC 27001:2022 (also known as ISO 27001) is an international standard that sets out the specification for an ISMS (information security management system). Our services are designed to help organisations on their roadmap to ISO 27001 certification or alignment:
|
Identity and access management (IAM) | IAM is the principle of ensuring that the right people have the right access to the right resources at the right time. Managing application accounts throughout the user lifecycle, for example joining, moving and leaving, can become a daunting task that many businesses struggle with. Given the current emphasis on global workforce mobility enabled by technology, poor IAM can open your organisation up to further risks internally and externally. We can help by:
|
M&A cyber due diligence | Gain a clear picture of the cyber security capabilities of your partner, acquisition target or third-party vendor and the potential risks they may present. Equally, if you are the seller, conducting a self-cyber due diligence before going public will increase the value of your proposition. |
Third-party risk assessment | Our services are designed to increase visibility over your suppliers’ cyber security posture through risk assessments aligned to industry good practice to identify red flags, quick wins and longer term opportunities. |
Cloud security services | Our services provide assurance for security and technology-based risks for Cloud provisioned services. The approach is built on global assurance standards supported by significant experience of technology-based risks. Service features
|
Why work with Forvis Mazars?
Dedicated cyber security consultants
We have a dedicated cyber security team in the UK and around the world with more than 150+ experts to support you wherever you are.
Highly qualified
Our cyber security & privacy professionals hold qualifications such as ISO/IEC 27001 Lead Auditor, Certified Information Systems Security Professionals (CISSP), Certified Information Security Managers (CISM), CREST Qualified Consultants, Cyber Scheme Qualified Consultants, Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), Fellow of Information Privacy (FIP) and Certified Data Privacy Software Engineer (CDPSE), Microsoft Certified: Azure Security Engineer Associate (AZ-500).
International reach
The UK Cyber Security team is part of the Forvis Mazars global Cyber Security Group encompassing excellence centres around the world. Forvis Mazars is a CREST and Cyber Scheme accredited company for penetration testing services.
Tailored approach
We devise a bespoke service approach for each client. Solutions orientated Provide realistic and pragmatic solutions. Value-driven Provide the highest quality of service at a fair price. Responsive and accessible Client responsiveness is our highest priority.
Our consulting practice
Our consulting teams support clients in solving critical and complex problems through a broad range of services including risk assurance, technology advisory, business transformation, regulatory consulting and actuarial support. Our expertise ranges from financial services and insurance to retail, government and education. In a rapidly changing business world, we help clients overcome the challenges that they face today and prepare for whatever the future may hold
Get in touch with our cyber security professionals
For more information on our cyber security and advisory services, please get in touch with our team of experts via the form below.
Case studies
Our experience – global consumer sector business
Background
We were engaged by a global consumer sector client operating across 34 countries with over 25,000 people.
The challenge
Built through acquisition over the years, the business operated different processes and used different technologies across countries and regions. They wanted to drive revenue growth, improve efficiency and reduce cost.
Approach
We carried out a global cyber security maturity assessment. The aim was to provide an independent insight into security controls designed to reduce the risk of cyber threats being realised and to help the client strengthen their technology environment in line with industry good practice.
The project delivered a comprehensive assessment and an understanding of the current cyber exposure and remediation and improvement activities. The results of assessment served as the foundation to help the client develop the future cyber strategy and roadmap to improve the capabilities.
Our work helped the client to:
- Articulate the desired state across cyber security capabilities;
- Secure the required investment to address security weaknesses; and
- Increase the visibility of cyber risk at executive level.
Our experience - major supplier to automotive industry
Background
Our client was a foundational part of the supply chain for multiple leading car manufacturers globally facing significant push from customers to meet more stringent Cyber Security requirements as a result of modernising technology in the automotive space.
The challenge
The organisation faced significant challenge from their customers in the automotive sector to achieve certifications predominantly ISO 27001 and the Trust Information Security Exchange (TISAX). In many cases this became a contractual requirement with customers, actively impacting the client’s ability to drive business.
Approach
An initial gap assessment was performed to understand the current state of the client and identify a set of tactical quick wins and more strategic long-term goals towards achieving certification.
Following this gap assessment we worked with the client to develop a multi-year programme across the domains of ISO 27001 and supported in designing and implementing key parts of the Information Security Management System (ISMS).
Through this work we have built a trusted relationship with this client, delivering several pieces of additional work over the years in Incident Response, Physical Security and Threat Intelligence.