BRG Develops Cybersecurity Preparedness Benchmarking Study

Cyber Risk Preparedness Benchmark StudyEMERYVILLE, CA – Leading strategic advisory and expert consulting firm Berkeley Research Group in conjunction with the Institute of Operational Risk has launched its Cybersecurity Preparedness Benchmarking Study (CPBS).

BRG Director Faisal Amin is leading the study and is supported by Michael Champion, a cyber expert in BRG’s London office. The study offers participants an opportunity to gauge their companies’ security capabilities and readiness in the case of a cybersecurity breach.

“As with every industry, financial services accepts that there are only two kinds of company when it comes to cybersecurity: those who have been hacked and those who don’t know they’ve been hacked”, said Tony Moroney, Managing Director for Governance, Risk and Culture in BRG’s international financial services team.

“With the increased sophistication of cyber criminals and constantly evolving technology, it is impossible to prevent a breach altogether. Companies must seek to mitigate the damage that a cyber breach may cause their company through detailed analysis of their technology, processes and critically, their people.

“Regulators expect firms to understand both strategic and operational risks and to be able to provide assurances regarding their firms’ cybersecurity preparedness”.

Faisal Amin added, “We’ve created this in-depth study to enable companies to understand their security culture structures to improve their security and protect valuable intellectual properties.

“All too often cybersecurity is delegated (or relegated) to IT and security teams. Clearly the technology is a core aspect of what needs defending in any cybersecurity plan but it is not the only source of the problems. As we’ve seen with some of the major hacks in the past year, a company’s processes, supply chain and people can be the source of breaches both malicious and unintended. We have created this study to investigate the source of problems and will be benchmarking companies and industries to monitor trends.”

“CSOs and CISOs have had difficulty measuring and communicating the effectiveness of their security and compliance investments”, said George Clark, Chairman of the Institute of Operational Risk. “Cyber risk has emerged as the most common operational risk concern cited by respondents in a recent survey of op risk practitioners. The CPBS study offers a solution to this challenge. We are delighted to have partnered with BRG on this important initiative.”

The study will deliver security scorecards and specific benchmarks to survey respondents and will aid firms to strengthen their security performance management program based on objective, fact-based metrics, as well as compare how their security programs measure against internal organizational goals, approved risk-management profiles, industry peers and best-practice companies.

The study is open until the end of February. A broad range of industries will be represented in the study. Information submitted by respondents will be held in the strictest confidence. All study results will be anonymous and will be shared only with participants.

Additional information about the CSP study can be found on the BRG website.

About Berkeley Research Group, LLC

Berkeley Research Group, LLC ( is a leading global strategic advisory and expert consulting firm that provides independent advice, data analytics, authoritative studies, expert testimony, investigations, and regulatory and dispute consulting to Fortune 500 corporations, financial institutions, government agencies, major law firms and regulatory bodies around the world. BRG experts and consultants combine intellectual rigor with practical, real-world experience and an in-depth understanding of industries and markets. Their expertise spans economics and finance, data analytics and statistics, and public policy in many of the major sectors of our economy, including healthcare, banking, information technology, energy, construction and real estate. BRG is headquartered in Emeryville, California, with offices across the United States and in Asia, Australia, Canada, Latin America and the United Kingdom.

About the Institute of Operational Risk

The stated mission of the Institute ( is to promote the development and discipline of Operational Risk and to foster and maintain investigations and research into the best means and methods of developing and applying the discipline and to encourage, increase, disseminate and promote knowledge, education and training and the exchange of information and ideas.

What do you think? Comment here...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s