Confidential Investigation of a Financial Services Corporation’s Regulatory Cybersecurity Practices

Analysis Group was retained on behalf of a financial services company that potentially exposed its customers’ documents on the internet. We supported a multidisciplinary team of four experts to evaluate the company’s cybersecurity program with respect to regulatory compliance. The experts’ roles included opining on the company’s cybersecurity policy and practices; assessing the qualifications and disclosures made by their chief information security officer; opining on the confidentiality of documents; and designing and implementing a sampling and review plan to identify the presence of non-public personal information.