Premium Reports
Contact KLAS
 Download Report Brief  Download Full Report    Zoom in charts

Preferences

   Bookmark

Related Series

Security & Privacy Consulting Services 2022
|
2022
Security & Privacy Consulting Services 2021
|
2021
Cybersecurity Services 2018
|
2018

 End chart zoom
Security Advisory Services 2016 Security Advisory Services 2016
* A page refresh may be necessary to see the updated image

Security Advisory Services 2016
Which Firms Are Helping Providers Sleep at Night?

author - Mike Smith
Author
Mike Smith
author - Lois Krotz
Author
Lois Krotz
 
October 11, 2016 | Read Time: 3  minutes

Healthcare is one of the industries most targeted by cybercriminals—and attacks can disrupt patient care and damage a health system’s brand, reputation, and financial health. To address this growing threat, providers are shifting focus from HIPAA compliance—the area in which the majority of 2014 security advisory work was done—to developing and enhancing security programs to prevent, detect, respond to, and recover from attacks; in this research, 54% of firms' validated engagements included some aspect of security-program work. To help providers searching for a security firm, this report explores several selection factors: impact on security preparedness, type and scope of work offered, and which firms small, midsize, and large organizations typically use.

type of work performed

1. CynergisTek Sets Bar for Highest Performance and Highest Impact

In a high-performing market, CynergisTek clients report the highest overall satisfaction. CynergisTek has the most clients who say the firm's work had a significant impact on security preparedness, and many have signed multiyear partnership agreements due to the level of trust and strategic expertise they experience. Strong relationships and executive leadership set CynergisTek apart, as do their healthcare-specific focus, experience setting up security frameworks, and strong action plans. There have been some misses when it comes to effectively communicating their message to customers. CynergisTek has the most validated engagements for security/risk assessment, security-program assessment/development, and HIPAA assessment/program development in this report; many clients report using the firm in all three areas.

what impact did your firm have on your security


2. Security-Program Work Experiences Most Growth: PwC and CynergisTek Lead the Way

In 2014, KLAS validated only a few engagements that involved developing and enhancing security programs; this year, over half of validated engagements included some aspect of this type of work. PwC and CynergisTek have by far the most validated engagements. Clients say PwC understands security frameworks, develops and implements strong strategies, has deep security knowledge and expertise, and provides good communication.

CynergisTek clients say the firm is comparatively inexpensive, consultants have deep knowledge, methodology is flexible to meet clients' needs, and executives are deeply involved. Deloitte is also used often for security-program work and excels at creating urgency and visibility around security issues.


3. PwC and Deloitte Are the Most Common Choices for Large Health Systems

Over three-quarters of the PwC and Deloitte engagements in this research were with health systems over 1,000 beds, which often have more mature, complex security operations. Both firms leverage worldwide, cross-industry security operations for best practices and communicate effectively with hospital executives and boards to ensure buy-in for security initiatives and programs. Thanks to this deep communication, over two-thirds of PwC clients indicate that the firm's work has had a significant impact on their organization's overall sense of security.

Multiple clients feel that the firm is not involved enough in project execution and that consultants should be more engaged in day-to-day work. Deloitte's engagements tend to be larger and can be very progressive. Both firms have capable security experts; however, Deloitte clients have experienced some challenges due to turnover and gaps in specific healthcare knowledge.

validated project scope and service type



4. Clearwater Compliance and Dell Specialize In Small And Midsized Hospitals

Clearwater Compliance and Dell Services have the highest percentage of work with community and midsized hospitals, respectively; such hospitals tend to focus on security assessment and compliance work. Clients say Clearwater’s niche focus on HIPAA assessment, strategy, and software allows consultants to gain deep knowledge and provide consistent methodology. Clearwater clients do report a lower impact, saying the firm is more focused on providing tools and templates than strategic guidance. Dell Services provides one of the largest managed security services in the industry.

Clients praise their tools’ ability to detect and analyze threats. Due to a lack of strategic guidance, only half say Dell had a significant impact on security preparedness; they view Dell as a tactical partner that doesn’t lead out on strategy. CynergisTek also has a large presence in this space, and providers report high satisfaction with engagements. Though feedback is limited, another vendor who serves this type of client, ClearDATA, has the lowest overall performance of all measured firms, mainly due to tool-customization challenges and a lack of client understanding.

author - Emily Paxman
Writer
Emily Paxman
author - Robert Ellis
Project Manager
Robert Ellis
 Download Report Brief  Download Full Report

This material is copyrighted. Any organization gaining unauthorized access to this report will be liable to compensate KLAS for the full retail price. Please see the KLAS DATA USE POLICY for information regarding use of this report. © 2024 KLAS Research, LLC. All Rights Reserved. NOTE: Performance scores may change significantly when including newly interviewed provider organizations, especially when added to a smaller sample size like in emerging markets with a small number of live clients. The findings presented are not meant to be conclusive data for an entire client base.

​