Information assets are a key business resource that fuels growth and provides competitive advantage. Today’s business executives need an accurate and objective view of their organization’s ability to protect information assets from theft, compromise and destruction.

Over the past few years, many companies have seen a dramatic change in the cyber-risk landscape. The change is driven by a rise in the importance of digital assets, growing sophistication of cyber-attacks, and the extension of the corporate network to include the networks of customers, suppliers, and others. 

Cyber-criminals often seek to extort money, create business interruption, steal personal identifiable information (PII) or protected health information (PHI), and gain access to intellectual property, such as business plans, trading algorithms, product designs, and source code).

At Baker Tilly, we draw from a deep understanding of your industry and extensive experience working with organizations like yours to build a unique cybersecurity risk profile. We then work with your team to gain a complete picture of your business risks, cybersecurity control environment, and applicable regulatory requirements (e.g., Health Insurance Portability and Accountability Act - HIPAA, Federal Information Security Management Act – FISMA). We provide practical and actionable guidance to strengthen your cybersecurity policies, processes, and technology by utilizing leading cybersecurity frameworks (e.g., NIST, HITRUST, ISO 27000/27001).  

Our services include:


  • Cybersecurity risk assessment
  • Cybersecurity/Privacy compliance readiness (PCI DSS, HIPAA, NIST, FERPA, GLBA, Privacy Shield)
  • Cybersecurity policy & program development
  • Cybersecurity architecture & implementation
  • Breach response preparedness & planning
  • HITRUST assessment
  • Network vulnerability assessment/penetration testing
  • Social engineering/phishing

IT Governance

  • IT project risk review
  • IT risk & effectiveness assessment
  • Business continuity planning & management
  • Disaster recovery
  • Programs addressing:
  • Model Audit Rule
  • ISO 27001

IT Process Assurance

  • Outsourced IT audit
  • Co-sourced IT audit
  • IT Sarbanes-Oxley (SOX) readiness & testing
  • Service Organization Control (SOC) reporting
  • SOC 1
  • SOC 2
  • Cybersecurity attestation readiness

Our Take

image of

Your people and technology are the avenues attackers can use to access your data. We work with clients to implement pragmatic cybersecurity solutions that reduce attack surface. We consider all aspects of protection – human, technological and data-centric – to enhance your cybersecurity and minimize the impact of a breach.

— Thomas R. Wojcinski