What Is GCRA’s 3-Step Approach’s Objective & Where Is Good Place to Start Reviewing & Closing Holes/Gaps?

The primary differentiation point to note is that our process- and standards-based methodology seeks to stress tests the cyber readiness of mission critical supply chain service providers/other vendors and augment potentially stale post-data breach practices by continuously uncovering, then remediating identified holes, gaps and other deficiencies/vulnerabilities. This to improve at scale Third-Party Risk Management (TPRM), as well as strengthen overall cyber, increase operational resiliency and ultimately minimise total enterprise risk.

Indeed, as a trusted advisor to be used as a resource that consistently reliable, highly-experienced provides advice, guidance and general support in the current “state of play” of an increasingly data-centric/digital business environment ever-besieged by hackers, we are particularly mindful of recent statistics that point to supply chain 3rd-party service providers / other vendors rapidly becoming THE source these days of more than half (maybe upwards of 61%+?) of data breaches, ransomware and other cyber attacks.

Accordingly, we strongly recommend the adoption/full implementation of our process- and standards-based methodology begin by first reviewing client’s TPRM program to confirm the veracity and effective of suppliers’ self-attestations in response to initial and periodic follow-on due diligence questionnaires.

Indeed, by working closely with senior management initially through the General Counsel/Head of Legal, as well as the CCO, CISO, CRO, CTOs and other senior staff directly affected, plus the handful of outside counsel that have this niche 

The following multiple benefits might then be realized going forward (where appl.):

  • Obtaining & maintaining cyber insurance policies.

  • Possibly as a consultant to initially mid-size cyber insurance brokers and/or carriers, continuously rehabilitating the cyber readiness of both potential new & existing brokerage customers or premium-paying policy holders, resp., to ensure that they pose year-on-year decreasing future claims risk.

  • Our assistance might also well be provided to re-insurance companies to assure continuously lowered risk of claims being made in the future.

  • Avoid during the due diligence phase diminishing & even enhancing valuation of an M&A deal, IPO, secondary, etc.

  • Increase the likelihood of successfully increasing hedge fund/PE AUM when seeking new money by being able to demonstrably show institutional investors how “buying in” to have the cost for potentially dramatical overall cyber (incl. TPRM) upgrades spread evenly amoung their private fund(s) as a properly allocated expense will guard diminishment of ROI

The above goals/objectives to be achieved via our front-to-back uniquely practical, pro-active, comprehensive & blended service offering that combines top-tier cyber vendor with oversight provided by senior staff who are former CISOs & BISOs at peers of Citi, State St. Bank, the Fortune 20 Siemens, etc. to support the independent-assessment of holes, gaps, etc. in the safekeeping internal controls of the investment/asset manager to protect critical data/related information, etc. are filled/plugged by Gartner-/Forrester-acknowledged global leading wrapper cyber vendors and highly-regarded CPAs, as well as such fixes sticking/remaining in place.

How Does It Work & What Pain Points Might Be Markedly Lessened?

Our way, if adopted, fully implemented and consistently embraced, provides a solution that will see the independent conducting of multi-layered assessments in Step 1, Step 2 remediation of identified deficiencies and the Step 3 performing by CPAs of SOC 2/3/SOC For Cyber audits.

As a result, in addition to the ones previously noted, we seek to assist clients avoiding the following potential pain points that have a direct dilatory effect on business growth prospects:

1) Regulatory fines.
2) Post-data breach compensatory damages (punitive too?) in class actions.
3) Negative headlines after a ransomware/other cyber attack that might well lead to stock dips if the client is publicly-held or disgruntled institutional/retail investors threatening to go to an industry peer/competitor which demonstrate that they are currently cyber ready by having in place at minimum then-adequate safekeeping internal controls to protect critical data/related information.
4) possibly severely diminished market competitiveness.
5) Lost profit opportunity.
6) Business disruption.


Building on the tested and proven programs at major financial/other firms and being the next logical step in the evolution of this multi-disciplinary/non-siloed source of concern, the answer is at the very least as straightforward as our tailorable 3-Step Approach: our senior staff draws on their noted deep and broad “in the seat/chair” experience to enable us to assure senior management of clients that sign off on enterprise budget spends as to our highly competitive fees result are laser-targeted.