Business consulting services
Our business consulting services can help you improve your operational performance and productivity, adding value throughout your growth life cycle.
Business process solutions
We can help you identify, understand and manage potential risks to safeguard your business and comply with regulatory requirements.
Business risk services
The relationship between a company and its auditor has changed. Organisations must understand and manage risk and seek an appropriate balance between risk and opportunities.
As organisations become increasingly dependent on digital technology, the opportunities for cyber criminals continue to grow.
Forensic and investigation services
At Grant Thornton, we have a wealth of knowledge in forensic services and can support you with issues such as dispute resolution, fraud and insurance claims.
Mergers and acquisitions
Globalisation and company growth ambitions are driving an increase in M&A activity worldwide. We work with entrepreneurial businesses in the mid-market to help them assess the true commercial potential of their planned acquisition and understand how the purchase might serve their longer- term strategic goals.
Recovery and reorganisation
Workable solutions to maximise your value and deliver sustainable recovery
Transactional advisory services
We can support you throughout the transaction process – helping achieve the best possible outcome at the point of the transaction and in the longer term.
We provide a wide range of services to recovery and reorganisation professionals, companies and their stakeholders.
The International Financial Reporting Standards (IFRS) are a set of global accounting standards developed by the International Accounting Standards Board (IASB) for the preparation of public company financial statements. At Grant Thornton, our IFRS advisers can help you navigate the complexity of financial reporting from IFRS 1 to IFRS 17 and IAS 1 to IAS 41.
Audit quality monitoring
Having a robust process of quality control is one of the most effective ways to guarantee we deliver high-quality services to our clients.
Global audit technology
We apply our global audit methodology through an integrated set of software tools known as the Voyager suite.
Corporate and business tax
Our trusted teams can prepare corporate tax files and ruling requests, support you with deferrals, accounting procedures and legitimate tax benefits.
Direct international tax
Our teams have in-depth knowledge of the relationship between domestic and international tax laws.
Global mobility services
Through our global organisation of member firms, we support both companies and individuals, providing insightful solutions to minimise the tax burden for both parties.
Indirect international tax
Using our finely tuned local knowledge, teams from our global organisation of member firms help you understand and comply with often complex and time-consuming regulations.
Innovation and investment incentives
Dynamic businesses must continually innovate to maintain competitiveness, evolve and grow. Valuable tax reliefs are available to support innovative activities, irrespective of your tax profile.
Private client services
Our solutions include dealing with emigration and tax mitigation on the income and capital growth of overseas assets.
The laws surrounding transfer pricing are becoming ever more complex, as tax affairs of multinational companies are facing scrutiny from media, regulators and the public
Tax policies are constantly evolving and there are a number of complex changes on the horizon that could significantly affect your business.
Businesses have ploughed billions of dollars into technology that promises to keep cyber threats at bay. Gartner claims that end-user spending for the information security market is estimated to grow at a CAGR of 8.5% between 2017 and 2022, reaching $170bn.[i]
While technology undoubtedly plays a major role in combating digital threats, other areas have been neglected. Tellingly, mid-market business leaders surveyed in Grant Thornton’s International Business Report (IBR) say that over-reliance on software is their weakest point in managing cyber and privacy-related threats.
It’s encouraging that business leaders acknowledge this. But now they must act, by improving their employees’ awareness and specialist skills in cyber security.
This doesn’t necessarily mean spending more money. In many cases, companies will be able to taper technology spending as they strengthen and invest in their business acumen, processes and in-house skills.
Customer trust is built on more than technology
“It is essential that businesses understand that investing in technology alone is not the only answer to reducing digital risk, and it will not protect them from losing customer trust should the worst happen” says Mike Harris, cyber security services, Grant Thornton Ireland. “A key starting point for companies is understanding the type of business they’re in, and the value they deliver to the customer”.
Once this is understood, companies will have a clearer idea of the potential impact a breach would have on that relationship, and can better work out how to mitigate this, through a range of measures. Internal governance, processes and people are the other crucial ingredients here.
Take a casino chain as an example. Many casino customers are high-net-worth individuals, who take the security of their financial data – such as transaction history and payment information – extremely seriously. The casino can have the best technology systems in place to protect this data, but it is not enough in isolation.
The company must have robust governance procedures, customer relationship managers and trust policies in place to complement the technology and to protect the company’s reputation in the event of a breach. In this example, the value the casino provides to its customer revolves around customer service, trust and entertainment – with technology acting simply as an enabler to make this happen. Therefore, the company’s approach to digital risk must mirror this – with robust trust procedures around in place, complemented by top-class technologies.
Insure against the inevitable
“There are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”
These are the words of former FBI director Robert Mueller back in 2012.
His message is clear – and just as relevant today as it was seven years ago: a breach is inevitable. It makes a strong case for investing in insurance as another way to manage digital risk.
“Any reasonable cyber security programme has to have an element of detection, response and insurance, because cyber events will happen,” says Harris. “We see increased adoption of insurance that covers both cyber attacks and data privacy regulatory breaches. But while it’s imperative and its use is increasing, the majority of businesses still don’t have this type of insurance or aren’t protecting the right data assets.”
Understand your most valuable data assets and protect accordingly
Businesses should undertake a structured programme to assess and understand their data assets, using a categorisation and classification process. Then, they can identify their ‘crown jewels’ and invest in appropriate insurance cover.
But how do you do this? One way to identify your most critical data is to think like a hacker and then consider the maximum damage they could cause. “The current data security environment is consistently evolving with new threats and vulnerabilities,” says Harris. “Leaders have to be willing to step into the shoes of cyber criminals, understand the threats these groups pose and come up with proactive strategies to protect their business’ interests.”
Which email threads could a former employee leak to embarrass their former managers? What intellectual property and trade secrets would be of interest to a foreign power? And how might a cyber criminal use your data to try to extort money from your business? These are just some of the questions you need to ask before purchasing insurance as part of your digital risk management plan.
Five recommendations for balanced cyber risk management
- Companies must understand that the increasing amount of data that customers share with brands means that trust is more important than ever. It’s essential that businesses understand the necessity of trust management, and that digital risk policies and procedures go a long way to ensuring this.
- Traditional approaches to cyber training are not working. Businesses should develop shorter, more frequently distributed training videos and simulate phishing attempts to better educate their workforces.
- Businesses need to identify and map out their digital vulnerabilities. They need to recruit staff with specialised cyber skills that complement cyber security technical skills. This will ensure that their investment in preventive software is focused on the right areas.
- All businesses will suffer a cyber attack – no matter how much they invest in preventive software. Investing in insurance can bolster your risk management but it is crucial to insure your most valuable data assets and explore specific insurance that covers both cyber attacks and data-privacy breaches.
- Once insurance is secured, businesses must be vigilant about adhering to the terms and conditions. If they fail to install updates, it could nullify the insurance.
These recommendations must be implemented in the context of businesses’ specific digital risk environments. The first step for business leaders is to understand their specific vulnerabilities and threats. Only then can they implement the most relevant technologies, training initiatives and insurance coverage.
[i] gartner.com - Forecast for Information Security Worldwide, 2016-2022 - 25 July 2018