Search for:
  • Advisory
  • Assurance
  • Tax
  • Strategic Alliances


Your Cybersecurity and Privacy Journey Starts Here

The protection of your organization’s data has never been more important, and the threats against it more present. Cyber and privacy breaches impact the reliability and availability of your systems and data, which can directly impact your bottom line, your reputation, and your brand.

The cybersecurity landscape is constantly evolving. Hackers are well-funded, and they utilize advanced and emerging technologies such as cloud computing, artificial intelligence, and advanced deepfakes to compromise data and financial security at organizations of all sizes and in all industries. In addition to targeting your technology, these bad actors go after one of the largest vulnerabilities in every organization – people.

Cherry Bekaert’s Information Assurance & Cybersecurity practice offers a wide range of cybersecurity services to help protect information systems and data from cyber threats. We can help identify relevant cyber and privacy risks and develop realistic solutions and plans to help minimize the likelihood and impact of your systems and data being impacted.

Our information professionals will work with you to right-size a solution of people, processes and technology based on your business requirements, industry, key stakeholders, compliance requirements and budget. Our flexible and scalable solutions allow us to fill the security gaps in your business through fully integrated technologies.

Why Choose Cherry Bekaert Cybersecurity Services?

  • Decades of experience in rapidly responding to complex threats across a wide range of industries, systems and networks.
  • Adept at identifying, deterring and mitigating advanced and persistent threats.
  • Technology-enabled capabilities illuminate risk, track IP loss and assess the cost of remediation.

Contact Our Cybersecurity Services Team

Cybersecurity Transformation Journey

Cherry Bekaert’s customized engagement structures meet a variety of cyber, privacy and risk needs:

Compliance Readiness

Are you ready? Ensure your organization meets compliance needs across all cyber and privacy domains, policy frameworks and regulatory requirements.

Certifications and Audits

Establish key cybersecurity and privacy criteria, frameworks and regulations – including SOC Reporting, HITRUST, CMMC.

Internal Audit Technical Assistance

Engage our trained professionals to help support your efforts and response on any cyber and privacy audit needs.

Cyber Process Improvement

Improve and enhance the people, process and technology elements of your cyber and privacy programs.

Cyber Due Diligence

Identify and proactively manage cyber risks in business transactions through tailored cyber due diligence assessments.

Managed Cyber Service

Establish cyber program management, vulnerability management, system protection, monitoring, threat detection and incident response.

Point-in-Time Cyber Assessments

Identify and prioritize threats to your IT systems, applications and operations.

Our Information Assurance & Cybersecurity Services and Solutions

Cherry Bekaert’s Information Assurance & Cybersecurity practice offers a full range of cybersecurity, privacy, attest and risk mitigation services to help protect your information systems, data, and people from cyber threats. Our cybersecurity professionals carry a variety of professional certifications. Among them are:

  • Certified Information Systems Security (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Ethical Hacker (CEH)
  • Certified Common Security Framework Practitioner (CCSFP)
  • Certified Information Systems Manager (CISM)
  • Certified CMMC Professional and Assessor (CCP/CCA)

Cyber threats exist outside of – and within – your organization. The resilience of your systems and networks to cyberattacks can and should be measured, and your ability to detect and respond to cybersecurity threats in real time needs to be evaluated.

Cherry Bekaert’s security professionals utilize advanced tools to determine the feasibility and impact of a cyber-attack on your organization. Our assessments can help you determine where your vulnerabilities exist – people, process, and technology – and how to remediate them most efficiently.

Cybersecurity Assessments

  • Cyber and Privacy Risk Assessments
  • Vulnerability Scanning (Network, Web, Mobile)
  • Network Segmentation
  • Cloud and On-Prem Security Architecture
  • Security Configuration Assessments
  • Ransomware Readiness
  • Identity and Access Management

Penetration Testing (Ethical Hacking)

  • Network Testing (Internal, External, Wireless)
  • Application Testing (Web, Application Programming Interface (API), Mobile)
  • Social Engineering

Cybersecurity Process Improvement

  • Business Continuity and System Resiliency
  • Incident Response and Threat Hunting
  • Risk Mitigation and Cyber Insurance

We act as facilitators, interpreters, and liaisons between your IT teams, your auditors, and your regulating authorities. We can simplify your compliance process and create efficiencies, helping to mitigate risks. We offer support in the following compliance areas:

Contractual and Third-Party Requirements

Regulatory Compliance

  • Banking Regulations and Compliance Services
    • Federal Financial Institutions Examination Council (FFIEC)
    • Gramm-Leach-Bliley Act (GLBA)
    • NY Department of Financial Services (NYDFS) Cybersecurity Regulation
  • Privacy and Cybersecurity
    • General Data Protection Regulation (GDPR)
    • California Consumer Privacy Act of 2018 (CCPA)
    • SEC Cyber Disclosure

Cherry Bekaert can help to define your enterprise’s approach for assessing, prioritizing, managing, and monitoring security risks. In addition, we help define your security risk tolerance posture and an approach for making cost-benefit decisions with respect to accepting residual security risk. A large part of this is the development or update of information security policies and procedures. These serve as a primary element of cybersecurity and are the roadmap for your organization.


  • Virtual Chief Information Security Officer (vCISO)
  • Security Awareness Training and Programs
  • Cyber Governance, Strategy, Policies, and Procedures
  • Fully Integrated Governance, Risk & Compliance (GRC) Framework

Managed Security Services

  • Advanced Endpoint Protection
  • Security Information and Event Management (SIEM)
  • Security Orchestration and Response (SOAR)
  • Breach Coaching and Incident Response Advisory
Let's Talk

Steven J. Ursillo, Jr.

Partner, Information Assurance & Cybersecurity Leader

Let's Talk

Dan Sembler

Dan Sembler

Partner, Information Assurance & Cybersecurity

Let's Talk

Related Thought Leadership
Mar 05

The Imperative of Cybersecurity Vigilance to Safeguard Critical Assets...

Learn More
Feb 29
Case Study

HITRUST Services for a Healthcare Company

Learn More
Jan 16

Anti-Money Laundering (AML) Model Part 2: Testing & Monitoring Be...

Learn More
Jan 12

2024 Outlook: Trends in Financial Services Industry

Learn More
Nov 29

401 Access Denied Podcast: Securing Compliance: Insights with Steven U...

Learn More
Nov 17

Pioneering Trustworthy AI Solutions in Response to President BidenR...

Learn More

Common Cybersecurity Use Cases

Our experienced professionals help organizations defend their information assets by quickly assessing, auditing, transforming, and securing their IT environment. Utilizing a flexible and business-friendly approach, we collaborate with you based on your priorities, strategic plans, and budget. We utilize leading industry recognized tools, processes, and frameworks to achieve your cybersecurity and privacy goals.

Obtaining a Service Organization Controls (SOC) Report – or Other Attest Standards

As an independent CPA firm, we provide detailed, thorough, and efficient SOC attestations. These attest services may be used to provide assurance to applicable stakeholders that various controls can be relied upon for financial reporting (SOC 1) or in compliance with operational criteria (SOC 2, SOC 2 Plus, SOC 3, SOC for Cyber, SOC for Supply Chain) as specified by the AICPA Trust Service Criteria. Assurance may also be delivered in the form of other non-traditional attest services.

Assessing your Cyber Posture and Risk

Organizations need to know the ins and outs of their critical data – what types they have, where it is stored, where it travels, who can access it, and who can change it. To help you understand your organization’s security posture, a Cherry Bekaert Cyber Risk Assessment will identify, assess, and prioritize threats to your IT systems, applications, and operations. These may include security/privacy threats, fraud, and abuse exposures, and inefficient or ineffective operational vulnerabilities.

Penetration Testing your Networks and Systems

Cyber threats exist inside and outside an organization, and the risks that these threats pose cannot be fully quantified without detailed technical testing. A penetration test (also known as ethical hacking) is used to determine the feasibility of an attack as well as the impact should one of these attacks be successful. Our professionals perform tests to mimic how a real-world attacker exploits the security weaknesses across your IT landscape. Beyond just identifying vulnerabilities, we apply human expertise to exploring the effects of real-world attacks that link individual vulnerabilities in the context of your overall environment.

Monitoring for Cyber Threats

The time, expertise and technology required to build and manage a Security Operations Center is daunting. Stakeholders, regulators, and customers are demanding an enterprise-class cybersecurity organization, but the resources to invest in expensive infrastructure and labor are out of reach for many teams. We provide you regular security checks and tests of your IT environment, as well as the incident alerting and remediation you need to keep hackers at bay.

Fortifying System Resiliency and Continuity

Organizations are increasingly dependent on the operations of their sophisticated IT infrastructure, and everyday business processes are reliant on databases, customer information systems, production control servers, and transaction processing software to deliver goods and services to customers. The rise of ransomware attacks poses a significant threat to business operations, potentially leading to data loss, financial loss, and reputational damage. To mitigate the risk of ransomware attacks, organizations need robust detection and prevention measures – including advanced intrusion detection systems, email filtering systems, redundant systems, network segmentation, failover mechanisms, and regular backups of critical systems and data.

Establishing Governance over your Cyber Program

Organizations find it difficult to hire a qualified and experienced Chief Information Security Officer (CISO) to oversee their information security program and related IT risk and compliance programs. Maintenance and enforcement of security policies and procedures are foundational elements of a cyber program, and leadership must also focus on assessing, prioritizing, managing, and monitoring their cyber risks, defining their risk tolerances, and complying with laws and regulations. We offer a Virtual CISO as a single point of contact to deliver the experienced and certified skills and knowledge, without a long-term investment needed to hire a full-time information security officer.

Reducing your Internal Audit Burden

Technology teams are burdened with numerous cyber requirements from regulators, customers, and internal stakeholders, and Internal Audit teams are stretched and challenged to conduct audits against a variety of complex and technical prescribed criteria. In the financial service sector alone, regulations such as FFIEC and NYDFS can seem daunting. And the challenges expand to every regulated industry. Cherry Bekaert can provide the technical audit experience that Internal Audit teams need, and can also act as facilitator, interpreter, and liaison between you, your external auditors, and your regulators.

Training your Workforce to be ‘Cyber-Ready’

Ransomware attacks are costly and pervasive. Building and maintaining a resilient technology platform relies on security policies, procedures and protocols being consistently applied and enforced. Security Awareness Training Programs are designed to empower your employees and contractors with appropriate guidance on how to fulfill their responsibilities to protect your information systems. Periodically assessing the knowledge and compliance of your insiders helps them identify and avoid potential social engineering threats like phishing scams.

Finding the Vulnerabilities in your IT Environment

Every IT environment has inherent vulnerabilities, and new ones are being discovered every day. Vulnerabilities result from a variety of issues; anything from vulnerable endpoints, mobile or web applications, databases, operating systems, cloud-based systems, or a small misconfiguration in a firewall or router can put your information at risk. When a hacker exploits these vulnerabilities, the impact is damaging. When organizations fall victim to a cyber-attack, usually the vulnerability could have been easily avoided.

Identifying Cyber Threats in your Business Transactions

Cyber breaches, and the risks they pose, are costly to any organization. They can drastically impact the value of a business deal, even after the transaction has closed. Astute investors assess the health, safety, and location of an organization’s data prior to committing a substantial investment. Sellers can benefit by performing due diligence to demonstrate a mature security posture prior to engaging in a transaction. Cherry Bekaert professionals produce third party reports on cybersecurity maturity, which can increase investor confidence and expedite the closing of a deal. We assess across all elements of an organization’s cyber posture – all levels of governance, regulatory compliance, vulnerability, threat exposure, administrative, technical, and physical controls – can and should be assessed before any merger or acquisition.

Complying with DoD Cyber Requirements

Government contractors play a critical role in securing and protecting our nation’s data. Achieving cyber compliance is a necessary step in the Department of Defense’s procurement process, and certification is required prior to bidding on certain contracts or supporting contractors.

Understanding the Cybersecurity Maturity Model Certification (CMMC) requirements and diligent preparation is key to undergoing a successful certification assessment. Cherry Bekaert is an authorized CMMC Third-Party Assessment Organization (C3PAO) and certified Registered Provider Organization (RPO) by the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, Inc. (The Cyber AB). Our certified assessors and professionals understand the intricacies and demands of transforming your cyber program to achieve certification.


Cybersecurity: Compliance, Risk Mitigation & Managed Services

Learn how we can help establish appropriate cybersecurity programs for your business with our Cybersecurity...

Learn More

Cybersecurity Services for Financial Services Companies

Learn about our Cybersecurity Services for Financial Services Companies and how we can help you...

Learn More

Cybersecurity Services

Learn about our Cybersecurity Services & how we assist clients in identifying relevant cybersecurity risks,...

Learn More

Risk Assurance & Advisory Services: Cybersecurity Protection Solutions

Implement customized cyber assessment and methodologies with our cybersecurity solutions to help your organization mitigate...

Learn More

Cybersecurity Services for Financial Services Companies

Learn about our Cybersecurity Services for Financial Services Companies and how we can help you...

Learn More

System & Organization Controls SOC 2 Services

Discover our full suite of System and Organization Controls SOC 2 Reporting Services. Let us...

Learn More

Information Lifecycle & Data Management Services

We help organizations with Information Lifecycle & Data Management to improve risk management, reduce costs,...

Learn More

Contact Our Cybersecurity Professionals