-
Privacy and Data Protection
Our digital risk team is made up of a combination of subject matter experts and technical specialists who can help your business comply with the GDPR.
-
Governance, Risk and Compliance (GRC)
While business goals and strategies evolve, our services support you wherever you are in your business cycle. The digital economy is simultaneously increasing the magnitude of new business opportunities while increasing the difficulty of getting it right.
-
ISO 27001 and ISO 27701
Grant Thornton’s ISO 27001 and ISO 27701 specialists will arrange and oversee the formal audit process.
-
SOC 1,2,3
As a service organization there are many ways to provide assurance to your customers and in turn other stakeholders over your control environment. One of the most effective and cost-efficient ways is to issue a Service Organization Control (SOC) Report.
-
Incident Response
Grant Thornton’s Cyber Incident Response Team can support your business in the event of a cyberattack or data loss event. We work alongside your existing IT and Legal teams to provide a co-ordinated, timely and efficient investigation and remediation.
-
Hacking Services
At Grant Thornton, our cyber security experts can develop a bespoke penetration testing plan to meet your business needs and unique IT environment. We can undertake the full suite of testing or conduct individual assessments, as required.
-
Cyber Health Check
Approximately 54% of organizations report that they have experienced at least one cyber-attack during the past year. Grant Thornton’s cyber health check provides you with an objective, jargon-free assessment of your current cyber security, drawing on both qualitative and quantitative elements.
-
Dark Web Threat Intelligence
We use a variety of dark and deep web monitoring tools that continuously scans illegal sites to discover any mention of your data, ranging from breached security credentials such as usernames and passwords to leaked confidential documents of your company.
-
Digital forensics and electronic discovery
We offer a full suite of digital forensics and data acquisition services in investigations related to cybercrime, disputes, fraud and regulatory investigations.
-
Insolvency
If you're facing a time of personal or corporate financial crisis you need advice from someone who listens, who understands your specific issues and deals with them in a supportive and sensitive manner.
-
Crisis stabilisation and turnaround
In periods of financial distress, management teams often face considerable challenges, with many directors having little or no experience of similar conditions.
-
Operational and financial restructuring
Companies challenged by underperformance often need support in identifying options for financial or operational restructuring. Tapping this type of advice helps them create a stable platform for business turnaround.
-
Accelerated M & A
Even fundamentally sound businesses run into difficulties. Cash flow can come under pressure from the loss of a big client, or a dip in performance can threaten a breach of banking covenants if there is insufficient headroom.
-
Indirect Tax
Our experienced VAT specialists are available to assist companies and entrepreneurs of all industries and sizes in meeting their obligations.
-
Direct Tax
We can help you ensure a bespoke balance between tax compliance and effective tax planning for your special circumstances.
-
Ημερίδα Γνωριμίας με την Grant Thornton Κύπρου
Σας προσκαλούμε σε μια μοναδική ευκαιρία να γνωρίσετε την Grant Thornton Κύπρου! Την Τρίτη, 5 Νοεμβρίου 2024, θα έχετε τη δυνατότητα να συναντήσετε την ομάδα μας, να ενημερωθείτε για επαγγελματικές ευκαιρίες και να εξερευνήσετε πιστοποιήσεις όπως ACCA.
-
Life at Grant Thornton
At Grant Thornton Cyprus, we are taking a holistic approach and reimagining the way we work, continually assessing it and making necessary changes to better support our people.
-
In the community
Unlocking the potential for growth in our local communities.
-
Diversity and inclusion
Diversity helps us meet the demands of a changing world. We value the fact that our people come from all walks of life and that this diversity of experience and perspective makes our organisation stronger as a result.
-
Global talent mobility
One of the biggest attractions of a career with Grant Thornton Cyprus is the opportunity to work on cross-border projects all over the world.
-
Learning and development
At Grant Thornton we believe learning and development opportunities allow you to perform at your best every day.
-
Our values
We are a values-driven organisation and we have more than 56,000 people in over 140 countries who are passionately committed to these values.
How to be cyber secure
07 Oct 2015Cyber attacks are set to grow in their number and nature; those companies that embed security measures into their culture will be most successful at fending them off
Type ‘cyber crime’ into any search engine and you’ll get an array of pictures of shady-looking young men in hoodies, hunched over laptops in dark corners. Today, that stereotype couldn’t be further from the truth.
Cyber attackers, who once acted in isolation, have evolved into organised, skillful, extremely agile profit-driven businesses that usually operate internationally to make it harder for national crime agencies to track them down. Increasingly, they use underground supply chains to develop, distribute and deploy customised malware to carry out attacks. New Grant Thornton research suggests the direct impact of cyber crime is now costing companies more than $300 billion a year globally.
Financial gain is the main motive behind cyber crime, but hackers are also launching attacks for a number of other reasons. Extra-marital affair website Ashley Madison was recently targeted by ‘hacktivists’ who disclosed clients' personal data, claiming their actions were driven by a moral imperative, while the systems of manufacturer Dyson have had their intellectual property stolen without any recourse from official authorities in the country where the theft occurred. A number of governments have even been accused of sponsoring attacks that target corporate intellectual property and industrial secrets as they seek to gain a competitive advantage in a globalised economy.
Some companies fall victim to criminal organisations that are trying to launder stolen funds, while other attackers are simply on a ‘fishing’ expedition to see if anything of value or interest is out there. Dig for deeper motivating factors and a growing degree of political, economic, social and job polarisation across the world will rear its head.
Whatever the motive, cyber crime is expected to grow, both in number and the level of sophistication, as the push towards globalisation, the blurring of business and country borders and the integration of technology systems converge to increase the risk of attacks.
Slow to respond
Governments’ response to cyber crime has, on the whole, been slow and inadequate. Many Asian countries still don’t require mandatory reporting of data breaches, which could be why companies in the region are targeted around a third more than the global average – a figure reported by US security network company FireEye Inc.
New Zealand is another country that doesn’t compel its companies to report cyber attacks, although that may change as the government seeks to gain a greater slice of global business. In Ireland, the repercussions for cyber criminals are limited. The local courts have convicted less than ten people, with sentences totaling less than ten years behind bars.
However, other countries are getting their act together. Launched in 2014, the UK’s National Cyber Security Programme sets out five technical controls that will protect firms against the majority of cyber threats. Several household names have already gained Cyber Essentials accreditation by adopting these controls, including Vodafone, Barclays and GlaxoSmithKline. The US continues to indict and move forward with extradition of perpetrators of cyber crime around the world. The FBI is working proactively around the world to identify the cyber crime actors and track them down.
Singapore’s government is putting regulations in place to ensure that the city-state becomes a safer place in which to do business, while South Africa recently passed a Protection of Personal Information Act. Clauses dealing with the set-up of an Office of the Regulator are already in effect; remaining clauses will come into force once the regulator is fully functioning, which is expected to happen in 2017. The Cybercrimes and Cybersecurity Bill is also going through the South African parliament.
Clearly, governments and regulators need to play a much bigger part in identifying cyber attacks as a business risk, as well as educating their people of the dangers. Government agencies need to improve their collaboration with each other, while rules across different jurisdictions need to be harmonised. That said, governments and regulators don’t have the resources or skills needed to fight cyber criminals on their own – the private sector needs to play its part, too.
Cyber security: Failing to act
Failing to shore up your cyber defences can, at best, be costly and, at worst, threaten the very survival of a company. The direct financial hit that a business takes doesn’t account for the long-term reputational damage and loss of trust that it suffers when its systems are breached. Operational damage can last for months; when US entertainment giant Sony was hacked in 2014, it couldn’t deliver audited financial statements at the beginning of 2015 because its systems were still down.
Lloyds of London insurer Aegis London, which underwrites cyber insurance for a global client base, says attacks are becoming increasingly destructive and fully expects a business to fail in 2015 due to the financial consequences of a cyber attack. Research by global reinsurer PartnerRe and Advisen, an insurance intelligence firm, found that between 2006 and 2013 there was a five-fold increase in cyber insurance purchases. Current estimates suggest the global cyber insurance market is worth more than $1 billion.
Despite these risks, our research found that a surprising 52% of firms are putting themselves in the firing line, with no comprehensive strategy in place to prevent cyber crime. Lack of experience and awareness of the importance of cyber security at board and senior management level is the main reason why it goes unaddressed, and companies often think they aren’t vulnerable to attack because they have “nothing worth stealing”.
In this tough economic climate, other priorities can also take over. The South African Institute of Risk Management puts cyber crime at number six in its list of the top 10 risks facing South African companies by likelihood, but cyber security should be in every organisation’s top five, if not top three, business risks. Unfortunately, too many organisations don’t appreciate this and are ill-prepared. Many fail to include cyber risk in their enterprise risk management programmes; something that should be done as a matter of best practice.
Companies are more vulnerable to cyber attacks than they might think; particularly those with large digital footprints that spread across their supply chains, including their outsourcing providers. Cyber criminals are constantly looking for weaknesses in a company’s defences, such as an absence of mechanisms to monitor the robustness of an organisation’s IT infrastructure – the equivalent of having no security guards on your perimeter, if you like.
Cyber attacks: Defending yourself
There is no one-size-fits-all approach to cyber security, but the strategies that work are built around three pillars: people, processes and technology. Organisations that get this right educate their people to be their first line of defence, building a culture of security awareness; they implement the right security processes; and they use technology to enforce those processes, where necessary.
What does that mean in practice? Cyber security strategies are tailored to fit an organisation, taking account of regulatory demands within the given jurisdiction and focusing on what needs to be protected most rather than offering blanket coverage. Identifying priorities for protection starts with a risk assessment and gap analysis. Continual reassessment is important to ensure that the right areas of an organisation are always protected. Performance of the strategy needs to be consistently monitored for effectiveness, too.
The board, the CEO and heads of business need to take overall responsibility for the success of the strategy, rather than leaving it to the IT department, but everyone across the organisation should be aware of and understand the role that they have to play in making their firm cyber-secure. That’s achieved by cascading agreed policies down to all employees through awareness-raising and training programmes that help to make the cyber threat relevant to each and every individual. This top-down communication should always be genuine; not a tick-box exercise.
Effective policies and strategies embed cyber security within the business success metrics of an organisation. That contributes towards a culture in which everyone takes the issue seriously at all times and shares ownership. At that point, when cyber-security is not seen as a one-off project but part of ‘business as usual’, companies might be able to rest a little easier about the circling cyber threats.