Organisations of all sizes, across all sectors are undergoing digital transformation to varying degrees. They are embracing digital technologies for improved business models, selling in new markets, with new products and moving into entirely new spaces. 

These technologies, for all of their undoubted benefits, also carry risks and cybercriminals are anxious to exploit them. Cybercrime isn’t just reserved for large multinational organisations, every company operating across every sector is at risk. It’s no longer a question of if an organisation will be attacked, it’s when. Increasingly, the risk from Cybercrime in amplified by the regulatory focus whether from GDPR, the Central Bank of Cyprus or the NIS directive. 

The Grant Thornton Cyprus Digital Risk Services team helps organisations defend against attacks, recover from them, minimise the damage caused and meet their regulatory obligations. Our team is one of the largest in the country and is made up of technical and subject matter experts who have deep practical experience in multiple disciplines in the areas of Cybersecurity, Data Protection, Governance, Risk and Compliance (GDC), Incident Response and Digital Forensics, IT Audit, Third-Party Assurance, Training and Awareness. 

Our Digital Risk

Privacy and Data Protection

Our digital risk team is made up of a combination of subject matter experts and technical specialists who can help your business comply with the GDPR.

Governance, Risk and Compliance (GRC)

While business goals and strategies evolve, our services support you wherever you are in your business cycle. The digital economy is simultaneously increasing the magnitude of new business opportunities while increasing the difficulty of getting it right.

ISO 27001 and ISO 27701

Grant Thornton’s ISO 27001 and ISO 27701 specialists will arrange and oversee the formal audit process.

SOC 1,2,3

As a service organization there are many ways to provide assurance to your customers and in turn other stakeholders over your control environment. One of the most effective and cost-efficient ways is to issue a Service Organization Control (SOC) Report.

Incident Response

Grant Thornton’s Cyber Incident Response Team can support your business in the event of a cyberattack or data loss event. We work alongside your existing IT and Legal teams to provide a co-ordinated, timely and efficient investigation and remediation.

Hacking Services

At Grant Thornton, our cyber security experts can develop a bespoke penetration testing plan to meet your business needs and unique IT environment. We can undertake the full suite of testing or conduct individual assessments, as required.

Cyber Health Check

Approximately 54% of organizations report that they have experienced at least one cyber-attack during the past year. Grant Thornton’s cyber health check provides you with an objective, jargon-free assessment of your current cyber security, drawing on both qualitative and quantitative elements.

Dark Web Threat Intelligence

We use a variety of dark and deep web monitoring tools that continuously scans illegal sites to discover any mention of your data, ranging from breached security credentials such as usernames and passwords to leaked confidential documents of your company.

Digital forensics and electronic discovery

We offer a full suite of digital forensics and data acquisition services in investigations related to cybercrime, disputes, fraud and regulatory investigations.

Digital risk services

Network and Information Security (NIS) Directive

Find out how we can help

Digital risk services


We help you understand your current exposure to cyber security risk and support you to develop an effective security capability. Our services include: 

  • cyber security risk and threat assessments e.g. ISO27001, ISO 27701 
  • security policy development 
  • security process improvement 
  • technical assessments 
  • third-party cybersecurity assurance
  • compromise assessment. Identifying ongoing or past Cyber intrusions in to your network 
  • simulating a phishing or general Cyber attack.

We develop and implement the technical framework and broader processes required to protect you from Cyber-attacks. We can help you with: 

  • security architecture and design 
  • security technology implementations (e.g. SIEM) 
  • security process design and implementation 
  • identity and access management 
  • data classification 
  • business continuity and disaster recovery 
  • penetration testing, Red Teaming, Hacking Services. 

We can help you improve and better manage your cyber security capability. We will help you develop and implement a strategic plan to build a robust capability to defend your organisation while meeting the regulatory obligations. Our services include: 

  • security programme strategy and planning 
  • security transformation 
  • security governance 
  • security awareness.

Cyber security improvement includes assisting with:

  • implementing a strategic plan to transform your organisation’s ability to defend itself from Cyber-attacks
  • improving security related processes e.g. security operations or incident response
  • selecting and implementing security related technologies e.g. SIEM etc
  • raising awareness of Cyber risk in your organization.