Loading...

Subscribe to newsletters
About Us
Industries
Careers
Events
Locations
Services
Professionals
Client Portals
Insights
Contact Us
Legal & Privacy
Pay Invoice

Baker Tilly US, LLP and Baker Tilly Advisory Group, LP and its subsidiary entities provide professional services through an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable laws, regulations and professional standards. Baker Tilly US, LLP is a licensed independent CPA firm that provides attest services to clients. Baker Tilly Advisory Group, LP and its subsidiary entities provide tax and business advisory services to their clients. Baker Tilly Advisory Group, LP and its subsidiary entities are not licensed CPA firms. © 2025 Baker Tilly Advisory Group, LP

Baker Tilly Advisory Group, LP and Baker Tilly US, LLP are independent members of Baker Tilly International. Baker Tilly International Limited is an English company. Baker Tilly International provides no professional services to clients. Each member firm is a separate and independent legal entity and each describes itself as such. Baker Tilly Advisory Group, LP and Baker Tilly US, LLP are not Baker Tilly International’s agent and do not have the authority to bind Baker Tilly International or act on Baker Tilly International’s behalf. None of Baker Tilly International, Baker Tilly Advisory Group, LP, Baker Tilly US, LLP, nor any of the other member firms of Baker Tilly International has any liability for each other’s acts or omissions. The name Baker Tilly and its associated logo is used under license from Baker Tilly International Limited.

Cybersecurity

Proactively protect and address your cybersecurity and information technology (IT) risks.

A man and a woman analyzing IT data together

Featured

Cyber resilience: A guide to navigating modern risks

Not-for-profit organization enhances workflow and performance with cloud-based solution

Featured

Ransomware prevention guide

Capitol building reflection at sunrise

Featured

Strategies to address the new SEC cyber disclosure rule (and how to do it!)

Team of professionals working with advanced information technology

Featured

NIST publishes major revision to Cybersecurity Framework (CSF): What organizations need to know

Abstract data

Featured

Key cybersecurity trends from industry-leading reports

Cybersecurity

Insights
Industries
Services
Events
Professionals

Case Study

hitrust inheritance model efficiency

International payment solutions provider gains efficiencies to multiple HITRUST assessments by leveraging inheritance model 

Article

cmmc assessment guide

CMMC assessment guide: Getting started and what to expect

In the News

Digital lock over financial data representing cybersecurity in asset management

Cybersecurity in asset management: a growing battlefield

Article

soc 2 frequently asked questions

SOC 2+ FAQs: How to enhance SOC 2® compliance 

Webinar

soc 2 compliance

SOC 2+: Enhancing SOC 2® compliance with additional frameworks 

In the News

American flag in the sun

Unlocking Defense Contracts: How U.S. Moldmakers Can Join the DOD’s Mapping Initiative

Article

hitrust compliance strategy

Compliance steps for success: Preparing for your HITRUST external assessment 

Webinar

Security consultant reviews data

CMMC readiness: Practical insights and lessons learned

Whitepaper

A man and a woman analyzing IT data together

Cyber business interruption report

Whitepaper

View of a computer server room

NYS DFS cybersecurity rules compliance guide

In the News

Thumbprint used for increased security

Top cybersecurity priorities for CFOs

Article

Digital tools: phone, computer and notepad

2025 insurance industry outlook: Key trends and strategic insights for insurers

In the News

Family planning meeting

Digital Collaboration: Risk Assessment’s Next Chapter

Whitepaper

cyber predictions

2025 cyber predictions

Article

Coworkers discuss strategy in an office lounge

Proactive assurance FAQ: Key benefits and leading practices  

In the News

hand typing on laptop technology

AI and other top cybersecurity predictions for 2025

Article

healthcare industry transformation

Driving change in healthcare: Trends reshaping the industry 

Article

hottest topics of soc reporting

In the SOClight: Navigating the hottest topics of SOC reporting

In the News

Programmer performs systems testing on software

5 cybersecurity threats CFOs should look out for

In the News

team member talking digital screen

Breached but not broken.

 

Fallback image

View all related insights

Two advisors reviewing financial services dashboard data

Financial Services

Capitol building | government contract consulting

Government Contractors

Life sciences presentation on data dashboard

Healthcare & Life Sciences

Students review schedules on campus

Higher Education

manufacturer optimizes and innovates through the help of manufacturing consulting from Baker Tilly

Manufacturing & Distribution

circle of hands at a not-for-profit organization

Not-for-Profit

Group of private equity services professionals meeting with tablet and charts

Private Equity & Portfolio Companies

Commercial real estate consulting firms in city

Real Estate

Neighborhood street leading to state and local government building

State & Local Government

Programmers work on software development | technology industry trends

Technology

Business meeting in conference room

Board & Audit Committee Governance

Cybersecurity professionals provide cybersecurity risk assessment services at a computer

Cybersecurity Risk Assessments

consultant looking at tablet providing cmmc services

Cybersecurity Maturity Model Certification (CMMC)

Abstract data

Digital Assets

environmental social governance esg advisory

ESG & Sustainability

Woman works on computer at night

General Data Protection Regulation (GDPR)

wind and solar energy - IRA

GRIP Program Solutions

Technician analyzes security of data on servers

HITRUST CSF Assessment Services

IT team meets to review IT Sarbanes-Oxley (SOX) compliance

IT Sarbanes-Oxley (SOX) Compliance

IT audit consultant analyzes data on a computer

IT Audit Solutions

internal audit services office building and a star-filled sky

Internal Audit

vulnerability assessment and penetration testing

Penetration Testing & Vulnerability Assessment

View of a computer server room

Privacy

Climbers move forward avoiding risks to reach their goal, the summit

Risk Advisory

typing a soc compliance report on computer

System & Organization Controls (SOC) Reporting

Steps of the U.S. Capitol Building | compliance sarbanes oxley

Sarbanes-Oxley (SOX) Compliance

ConferenceMay 7

Chicago skyline with a lot of activity in the sky, sunset/sunrise, clouds

RIMS RISKWORLD 2025 

Jeff Krull

Jeff Krull

Principal

CPA, CISA, CITP

Mike Cullen

Mike Cullen

Principal

CISA, CISSP, CIPP/US

Emily Di Nardo

Emily Di Nardo

Principal

CPA, CITP, HITRUST CHQP

Matt Gilbert

Matt Gilbert

Principal

CISA, CRISC, CMMC

Garrett Gosh

Garrett Gosh

Principal

CPA, CITP

Madhu Maganti

Madhu Maganti

Principal

CPA, CISA, M.S.

Brian Nichols

Brian Nichols

Principal

CISSP, CIPP/US

Joe Shusko

Joe Shusko

Principal

CISA, PMP

Christopher J. Tait

Christopher  J. Tait

Principal

MBA, CISA, CCSK, CFSA

Organizations need an accurate and objective view of their cybersecurity profile to safeguard information assets and protect the organization's value.

Proactively protect and address your cybersecurity and information technology (IT) risks.

Information assets and technology investments left ungoverned and unprotected leave organizations vulnerable to compromise and loss of reputation, revenue/value, customers and intellectual property. Couple these risks with the increasing demands for transparency, accountability and compliance by regulators, government entities, shareholders and others, and you have a perfect storm of risks.

While sophisticated hacking is a valid threat to organizations, it is rarely the root cause of a data breach. The vast majority of data breaches and cybersecurity incidents are actually caused by a breakdown of basic cybersecurity processes and controls.

Baker Tilly’s cybersecurity specialists work with organizations to assess their risk and achieve measurable security enhancements and cybersecurity control improvements. We will evaluate your cybersecurity controls, deliver recommended improvements and provide assurance that your cybersecurity controls are working.

Connect with us

Our solutions

Our clients count on our proactive, experienced guidance to manage cyber risk, helping them win now and anticipate tomorrow.

Cybersecurity and IT assessments

Cybersecurity and privacy compliance

Professional uses tablet to check cybersecurity in server room

Cybersecurity and IT assessments

  • System and Organization Controls (SOC) reporting​
  • IT and cybersecurity internal audits​
  • IT Sarbanes-Oxley (SOX) compliance​
  • Cybersecurity risk assessments: NIST CSF, ISO, CSC​
  • Technology due diligence​
  • Penetration testing and vulnerability assessment
Contact our team
Team of professionals working on computer

Cybersecurity and privacy compliance

Certifications​

  • Cybersecurity Maturity Model Certification (CMMC)​
  • HITRUST​

Privacy compliance assessments​

  • General Data Protection Regulation (GDPR)​
  • California Consumer Privacy Act (CCPA)

Security compliance assessments​

  • Cybersecurity Maturity Model Certification (CMMC)​
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Microsoft Supplier Security & Privacy Assurance Program (Microsoft SSPA)
  • New York State Department of Financial Services (NYSDFS)
  • National Institute for Standards and Technology (NIST) 800-171
  • National Institute for Standards and Technology (NIST) 800-53
Contact our team
2025 cyber predictions

2025 Cyber predictions e-book

Download our 2025 cyber predictions e-book, where we explore the evolving landscape of cybersecurity. This year, we focus on the increasing sophistication of attack vectors, the growing risk of catastrophic cyber events related to insider threats and the critical importance of consumers being better protected on their personal devices.

Download the e-book

Our industries

Supervisor observes an energy power plant

Energy

With expertise in oil and gas, power and utilities and renewable energy, we provide a collective view with measurable results.

Two advisors reviewing financial services dashboard data

Financial Services

The financial services industry continues to diversify, but competition and more complex vendor relationships make determining business strategy more complicated.

Life sciences presentation on data dashboard

Healthcare & Life Sciences

Baker Tilly helps organizations win now, and explore the options for tomorrow, through an orchestrated approach and understanding encompassing all facets of the healthcare ecosystem.

Students review schedules on campus

Higher Education

We empower higher education leaders to navigate the greatest challenges and ensure universities and colleges continue sustainability to drive social mobility, knowledge creation, economic and workforce development while contributing to a healthier and more just and civil society. Baker Tilly will help you articulate and realize your goals and maximize your chances of achieving them. Let's go there. Now, for tomorrow.

Technician analyzes security of data on servers

HITRUST CSF Assessment Services

The HITRUST CSF provides an integrated, certifiable approach to securing PHI. Any organization handling PHI on behalf of customers may be required to obtain a HITRUST CSF certification.

Lawyer on mobile phone in law firm office

Law Firm & Professional Services

In the face of intense competition, successful law firms must deliver quality legal services and practice effective business management.

manufacturer optimizes and innovates through the help of manufacturing consulting from Baker Tilly

Manufacturing & Distribution

Providing manufacturing consulting solutions to help businesses reduce risk and improve efficiencies across the supply chain.

Commercial real estate consulting firms in city

Real Estate

Innovative real estate consulting, tax and assurance solutions for developers, owners, investors and property managers.

“
We are making great headway on security policies, procedures and it’s measurable. Our exposed surface area for cyber-attack is smaller than it’s ever been.
Director of Information Systems for a large insurance company

Our professionals

Jeff Krull

Jeff Krull

Principal

Mike Cullen

Mike Cullen

Principal

Emily Di Nardo

Emily Di Nardo

Principal

Matt Gilbert

Matt Gilbert

Principal

Madhu Maganti

Madhu Maganti

Principal

Joe Shusko

Joe Shusko

Principal

Christopher J. Tait

Christopher  J. Tait

Principal

Featured Insights

enhancing cybersecurity identity access management

Enhancing cybersecurity through identity and access management

Enhancing cybersecurity through IAM is crucial. Organizations should verify identities, prevent breaches, protect data, and assess and improve practices.

2024 cybersecurity landscape threats and opportunities

Cybersecurity on the horizon: Preparing for 2024’s threats and opportunities

Discover why organizations should remain agile and forward-thinking in their defensive strategies when navigating the cybersecurity landscape.

securing your organization vulnerability management

Securing your organization: A practical approach to vulnerability management

This article discusses vulnerability management and the proactive process of identifying, prioritizing and mitigating security weaknesses in an organization’s environment to minimize risk.

key cybersecurity trends industry leading reports

Key cybersecurity trends from industry-leading reports

This article discusses cybersecurity trends from 2023 and how organizations can protect themselves from cyber threats in 2024.

soc readiness faq

SOC readiness FAQ: Examining the basics and complexities

This article addresses frequently asked questions about system and organization controls (SOC) readiness assessments.

© 2024 Baker Tilly US, LLP