Some Security and Privacy Consulting Firms Exceeding Expectations - Cover

Some Security and Privacy Consulting Firms Exceeding Expectations

The recent sharp rise in cybersecurity attacks is especially concerning in the healthcare sector, where there are many potential vulnerabilities. The stakes are understandably high in healthcare; some of the consequences of vulnerabilities include an increased risk of compromising patient safety and data, damaged organization reputations, and financial penalties from the OCR.  

To reduce their risk, organizations often use outside consulting firms that focus on enhancing security and data privacy. KLAS’ recent Security and Privacy Consulting Services 2022 report examines several of these firms to determine who effectively helps their provider customers reduce risk.

Types of Consulting Work

When you read this report, it is important to look at it in the context of the types of consulting work these firms perform. We have a list of the types of consulting work in the report that we’ll share below. So, when we talk about security consulting work, this list is what we’re referring to:

  • Security risk assessment
  • HIPAA privacy assessment
  • Security program assessment/development
  • IoMT/medical device security assessment
  • Virtual/Interim CISO services
  • Implementation of security technologies
  • Penetration/vulnerability/network/web application security testing
  • Social engineering and phishing

Please note that while the bulk of this report is focused on consulting services for security and privacy, we also briefly address the two firms that KLAS measures for security and privacy managed services.

Exceeding Expectations

One of the standard evaluation questions KLAS asks professional services clients is the following: Does this firm consistently exceed expectations? This question helps identify the firms that go beyond set expectations and excel in customer delight and delivery. With that in mind, we looked at which firms have a high percentage of their clients saying that they do exceed expectations.

exceeds expectationsThe firms that exceed expectations have established consistent, strong partnerships with their clients. Thanks to these relationships, clients often feel like their firm has their best interests at heart.

Another important factor for security and privacy consulting engagements is the expertise that firms bring, both around security needs and the complexity of healthcare environments. Using that expertise, firms can help clients identify and reduce risk in a constantly evolving healthcare security landscape.

Where the Market is Moving

The current increase in attacks is making the services offered by security and privacy consulting firms more of a necessity rather than something that’s nice to have. Because of that, KLAS expects to see firms in this space continue to offer more ongoing managed services rather than simple one-time engagements, since an annual check alone may not be sufficient to address the number of potential breaches that an organization may face.

To read more specifics about each firm’s performance and see customer commentary, we recommend reading the report.


Photo credit: adam121, Adobe Stock