The need for a cyber due diligence, however, to be useful it must be done with all the rigor and extent required by a process like the acquisition of a company. It is not enough, for example, the analysis of the budget dedicated to technology and security equipment, or the use of external digital rating systems of the "black box" type to determine its exposure to attacks from the Internet.
Both are a good start but insufficient, since they do not take into account fundamental aspects such as the maturity of the organization in the establishment and implementation of policies and procedures, the training and awareness of its personnel, or the preparation and recovery capacity to manage security incidents.
Our cybersecurity rating analyzes and evaluates all the factors that are relevant to determine the real level of cybersecurity, and we also incorporate a "black box" analysis to learn about potential vulnerabilities from the outside.
The process is unique and its results provide all the information you need to understand the organization's cybersecurity positioning and capabilities.
The results report shows you:
- An objective, homogeneous and comparable rating or assessment, which shows the global positioning "at first sight" of the level of security in the Confidentiality, Integrity and Availability dimensions.
- Detailed results in 14 domains and 73 sections, to highlight the strengths and weaknesses in all the factors of relevance with impact on security.
- Assessment of exposure to the Internet.
- Comments on the results obtained in comparison to those desirable for the typology of services / activity of the company.