Livingstone is an international mid-market mergers and acquisitions and debt advisory firm that delivers corporate finance solutions to entrepreneurs, boards, major corporations, private equity investors and debt providers around the world from offices in Beijing, Chicago, Düsseldorf, London, Los Angeles, Madrid and Stockholm.
Bruce Martin, the recently-appointed Finance Director at Livingstone, has overall responsibility for the organisation’s IT, including cyber security, and wanted to understand what Livingstone should be doing to better protect the organisation from cyber-crime. “From a reputational point of view, if we did have a security breach and we didn’t manage it effectively there is a potential for considerable brand damage. We wanted to ensure that we as a business are doing everything we can to help prevent a cyber security attack, and to make sure that our name and strong standing in the marketplace is protected should anything occur,” Martin explains.
In addition to this, the prospect of future financial penalties was also a concern for Livingstone. With the General Data Protection Regulations (GDPR) coming into force in May 2018, any organisation that fails to report a breach in cyber security within 72 hours could face a fine of up to 2% of global turnover.
How Intuitus helped
Intuitus consultant Carl Chapman, a CISSP-qualified and highly-experienced C-level Executive, undertook the cyber security review at Livingstone, which focused on four key areas:
- Primary information assets and responsibilities;
- Effectiveness of Board oversight, particularly as it relates to cyber risk management and organisational cyber culture;
- Assessment of operational cyber security processes and controls; and
- The overall organisational approach to incident response readiness.
As part of the engagement Intuitus ran a one-day workshop at Livingstone to help the team plan the next steps. Establishing a cyber security maturity model for the business helped provide focus for key areas of investment. The Intuitus report also included information on the type of cyber security activity undertaken by companies of a similar size working in similar sectors, as well as benchmarking processes that could be used to measure Livingstone’s cyber security effectiveness.
Our policies and processes on cybersecurity really benefited from the review. Intuitus provided guidance on what we should be including, as well as common risk factors to look out for – risks specific to Livingstone as a business and also more general risks. We’re confident as a business that we’re doing our best to prevent and protect ourselves from cyber-crime.