Prevent and Detect Cyber Threats

Meet Compliance Challenges

Manage Third-Party Cyber Risks

Continually Manage Vulnerabilities

Cyber risk solutions for the financial services industry

CyberFortis® provides assurance to the financial sector, answering the need for solutions that will help protect customer data, prevent reputation harm, and uphold fiduciary responsibility.

cyberfortis_fCyberFortis® builds on over a decade of proven cybersecurity support for federal agencies, the nation’s largest utilities, Fortune 500 companies, and international insurance underwriters to provide business-critical risk awareness, threat intelligence, and actionable recommendations to improve security posture.

Cybersecurity Assessments

Our holistic assessment of six major risk domains gives financial institutions a 360° view of their security posture. By looking beyond data security and examining often-overlooked areas such as third-party relationships, insider threats, and governance, this holistic cyber risk approach enables risk-based decisions and supports compliance readiness. The results and prioritized recommendations delivered through our Secure Halo® assessment empower you to plan security strategy, prioritize spending and reduce vulnerabilities.

Scalable to business size and need, Secure Halo® baselines an organization’s ability to protect, detect, and recover from cyber incidents.

Compliance Readiness

Due to increasing regulatory demands aimed at protecting customer data, the financial sector must be able to demonstrate that it has invested in cybersecurity protections which are routinely assessed and tested by an objective third party. CyberFortis® assesses your compliance readiness and offers strategic recommendations for productive and impactful investments needed to meet regulatory requirements in the following areas:

  • Payment Card Industry Data Security Standards (PCI DSS)
  • The Federal Information Security Management Act (FISMA)
  • The Securities Exchange Commission Office of Compliance Inspections and Examinations (SEC)
  • The Federal Financial Institutions Examination Council (FFIEC)
  • The Gramm-Leach-Bliley Act of 1999 (GLBA) and Sarbanes Oxley (SOX)
  • The New York Department of Financial Services (NYDFS)

Third-Party Cyber Risk Management

Outsourced third-party service providers have always been subject to regulatory scrutiny. Now, regulatory expectations regarding the cyber readiness of financial industry vendors is even greater. Secure Halo® is a user-friendly, online tool that enables your institution to assess your vendors’ cybersecurity risks and readiness.

Efficient Vendor Risk Management:

  • Easily distribute assessment to business units or vendors
  • View results and recommendations in a convenient dashboard
  • Compare data over time
  • Make better-informed decisions

Download our data sheet >


Secure Halo Screenshot

Managed Security Services

Cyber threats constantly evolve, increasing the potential for weaknesses in your security systems. Many banks and financial services firms don’t have the time or resources to consistently scan for vulnerabilities and to ensure robust patch management on IT systems. With personal support tailored to your needs, our Managed Security Services are an extension of your team.

Deploy a top-tier Vulnerability Management Program without the hassle of running it yourself:

  • Lower security costs
  • Respond quickly
  • Improve security posture and maturity
  • Meet compliance objectives
  • Maximize investments in security technology

Security Programs and Strategic Planning

A proactive and resilient cybersecurity posture requires strategic planning and security program development. Regulators are increasing demands on banks, including greater board oversight, hiring of information security officers, and proof that critical third-party vendors are being assessed, monitored and managed.

CyberFortis® works with Boards, C-Suites, and Management to:

  • Assess the effectiveness of current cybersecurity practices
  • Identify vulnerabilities and prioritize mitigation strategies
  • Establish cyber risk governance policies and procedures
  • Evaluate internal operations - employees, technology, facilities
  • Review external dependencies - vendors and customers

Training and Education Programs

CyberFortis® helps clients promote a cybersecurity culture by increasing employee awareness, skills and knowledge. Working with the organization’s management team, we develop a customized training approach that defines and communicates the roles of each employee in achieving and sustaining cyber resilience across the enterprise.

  • Organizational training and awareness program with role-specific content targeted to the board, management, and employees
  • Focused learning opportunities including skills and knowledge assessments, table-top exercises, and online or in-person testing

Contact CyberFortis® to coordinate a training opportunity or workshop


CyberFortis® is not simply another cybersecurity company. It brings unique insight into the financial industry’s cyber risk challenges by combining the skills and experience of financial, regulatory, and cybersecurity experts. The CyberFortis® team includes former Massachusetts Bank Commissioner David Cotney, and other professionals with decades of experience in the financial services sector.

CyberFortis® builds on a proven track record of providing state of the art cybersecurity services to the federal government, Fortune 500 companies, and leading global underwriters. Working together, CyberFortis brings best in class cyber services to community banks, large financial institutions, credit unions, FinTech companies, and other licensed financial services providers.

David Cotney

David Cotney is Executive Vice President and Regulatory Director for CyberFortis, where he leads our efforts to bring high quality cyber risk management services to financial institutions.

As the former Massachusetts Commissioner of Banks, for six years he oversaw the supervision of more than 200 banks and credit unions. While Commissioner, he served as chairman of the board of directors of the Conference of State Bank Supervisors (CSBS), the association of all state bank regulators. Having begun his career as a bank examiner, Mr. Cotney now has over 26 years of experience as a regulator, and currently serves as a board member at a New Jersey community bank. Mr. Cotney holds a BA from Tufts University, an MBA from Boston University, and an MPA from the Harvard Kennedy School.


Infographic - 5 Resolutions to Improve Cybersecurity Right Now

Article in Homeland Security Today - David Cotney on what every bank, vendor, and customer should do to protect the nation’s financial sector
     Read More

White Paper - Beyond Compliance: Making Security a Business Strategy
     Download the white paper

Webinar with ICBA - Third-Party Cyber Risk: From Compliance to Enterprise Risk Management
     View the slides
     Listen to the archive recording

White Paper - Regulators Expect More With Vendor Management
     Download the white paper

Article for NextGen Banking - Viewing Cyber Risk Across the Enterprise
     Download the article

Contact CyberFortis®