Select Page

Every week, we hear about a new cyber attack on an organization’s technology infrastructure costing billions in repairs, lost business, reputational damage, and stolen client data.

Regulators concerned about the danger posed to clients, firms, and the broader economy are weighing in with new cyber risk rules and frameworks at both national and local levels. This means cyber risk is no longer the sole responsibility of the IT department, but one that belongs to risk and compliance teams as well.

Cordium’s team of experts can assist organizations and private equity firms looking to manage portfolio cyber risk in a number of different ways:

Every week there is a new headline about a cyber event – in the news and social media. These attacks on the technology infrastructure of organizations cost billions in repairs, lost business, and reputational damage. The target may be money or data – or both.

Regulators — concerned about the danger posed to clients, firms, and the broader economy – are weighing in with new cyber risk rules and frameworks at both national and local levels. This means cyber risk is no longer the sole realm of the IT department. Risk and compliance teams must step up to the challenge.

Cordium helps organizations manage the risks they face through their use of technology and use of third parties. Cyber risk is now a part of normal regulatory compliance – from data protection rules to third party relationship requirements.

Private equity organizations now need to better understand the cyber risks inherent in the portfolios of companies they invest in, as well. These companies may be from a wide range of industries, and face a variety of different kinds of cyber threats.

Cordium’s team of experts can assist organizations in a number of different ways:

Vendor Risk

  • Vendor Selection
  • Vendor Ranking
  • Due Diligence
  • Contracts
  • Performance review
  • SSAE 16/18 Review


  • Application Policy
  • Application Standards
  • Code Review
  • Application Security


  • Mock Regulatory Exam
  • Incident Response
  • Cyber Resiliency
  • Ongoing Support
  • Strategic Plans
  • Awareness Training

Policy Review
& Development

  • Security Program
  • Security Policy
  • Security Procedures
  • Security Standards
  • NIST Cybersecurity Framework


  • Cyber Assessment Tool
  • Inherent Risk
  • Maturity Level
  • Pen Testing
  • Phishing
  • Vulnerability Scan
  • FFIEC, NYDFS, SEC Assessments
  • GDPR Readiness


Cybersecurity Factsheet


NYDFS Factsheet


NYDFS Cybersecurity Requirements Checklist


GDPR Factsheet



Cordium helps organizations better understand their cyber risks and vulnerabilities, and develop a practical and achievable Cybersecurity Strategic Plan to mitigate them.

Cybersecurity Risk Assessment

Cyber risks, threats, and potential impacts are assessed through key leadership team interviews – either individual or workshop-based. The organization’s information security policies are reviewed against the NIST Cybersecurity Framework, applicable regulatory requirements, and leading practices.

Cybersecurity Controls Analysis
Through IT staff interviews and workshops, Cordium will assess cybersecurity controls governance, implemented technologies, and reporting metrics. Information security policies, standards, and procedures are reviewed against applicable regulatory requirements, the NIST Cybersecurity Framework, and leading practices. Cordium will provide recommendations to close control gaps, improve control maturity, and mitigate risks.
Cybersecurity Strategic Planning
Together Cordium and the organization will create or revise the Cybersecurity Strategic Plan – identifying and aligning cybersecurity initiatives with identified cyber risks, threats, and vulnerabilities. A “risk-based” approach to risk mitigation and acceptance is undertaken.
GDPR - General Data Protection Regulation

The European Union’s General Data Protection Regulation (GDPR) comes into force on May 25, 2018. It will have a significant impact on any organization housing or servicing data of European residents, irrespective of where that institution is based.



Cordium’s experts will assess the cyber risk programs of private equity portfolio companies and provide a report for the investment portfolio.

Portfolio Company Cyber Risk Assessment
Cordium reviews each portfolio company’s information security policies and conducts IT staff interviews to identify sector-specific inherent cyber risks. Cordium then provides the private equity group a report on the cybersecurity risks within the investment portfolio. A standard method to measure and report on each portfolio company’s cybersecurity risks and program design is also included.
Cybersecurity Program Design Analysis
Cordium will assess each portfolio company’s cybersecurity program design and documented information security policies. The team of experts will review each set of policies against applicable regulatory requirements, as well as the NIST Cybersecurity Framework and leading practices.
Portfolio Company Cyber Risk Report
Cordium will report on the inherent cyber risks and cybersecurity program design for each portfolio company, as well as on the weighted cyber risks across the investment portfolio. Cordium will provide each portfolio company with recommendations to improve their cybersecurity preparedness.