Cybersecurity Benchmark + Roadmap

Strengthen your security stance

What It Is

Small and midsized financial firms face the same cybersecurity threats as their larger counterparts. With the Cybersecurity Benchmark + Roadmap offering, Nemertes provides a comprehensive review of your company’s current security capabilities, and current and future security needs. We assess your networks, identity management, firewalls, XDR, EDR, antivirus, data loss prevention (DLP), single sign-on (SSO), Virtual Private Networks (VPNs), Secure Access Service Edge (SASE), encryption, data protection, disaster recovery and prevention, and Incident Response Plan (IRP) including ransomware response.

We do a deep-dive in areas of particular vulnerability for small-to-midsized financial firms, such as cloud, collaboration, and facilities/IoT security. In each area, we look not just at your current and planned technology, but also your current and planned organization, operations, policies, processes, and security education. We also assess the suitability to your organization of third-party providers for services such as PEN testing, SOC operations, and cybersecurity insurance. We leave you with a roadmap detailing your path to security success.

Security in community banks must be as thorough as security at large banks. Every company is a target for increasingly sophisticated cyber attackers. I’ve known Jerry Murphy [Senior Nemertes Analyst] for years and trust his understanding and knowledge of both the banking industry and the underlying technology that ties it together.
—CTO, Northeastern regional bank

What You Get

We benchmark your people, processes, and technologies against comparable organizations and provide you with the following:

  • A detailed benchmark of your current cybersecurity environment; we highlight areas requiring remediation, as well as validating areas in which your cybersecurity investment is paying off
  • A customized set of practical, actionable recommendations for improvement
  • A roadmap/timeline on which to execute the recommendations
  • A discounted rate on Nemertes’ annual Research and Advisory Relationship, which provides regular, frequent and interactive strategic guidance and problem-solving, access to an online library of tools and templates, and the ability to submit inquiries to Nemertes analysts.

The Team

Contact us today to secure your areas of particular vulnerability for small-to-midsized financial firms!

Why Nemertes?


Our principals have been delivering expert cybersecurity advice and recommendations to financial firms since the 1990s. We serve on the board of the Wall St. Technology Association (WSTA) and count leading-edge financial firms among our client base. Our analysts have advised hundreds of financial organizations and have ourselves been (and currently are) IT and cybersecurity professionals. We understand not just the technical details of technology, but the regulatory and business environments faced by financial firms from community banks and credit unions to equity firms, insurance companies, and large banks.


Unlike vendors, VARs, or systems integrators, we are not paid to promote any vendor’s solution. We do not get referral fees either, so we have no hidden agenda driving what we advise you to use or avoid. You can be confident we recommend only those products and services that make the most sense for you.


Although the general principles of effective cybersecurity apply to everyone, what actions a financial firm should take depend in large part on its current situation, the regulatory environment, and its desired goals. Nemertes gives advice that is context-specific. We customize our recommendations to meet your company’s specific needs, whether you’re a 12-branch credit union or a 200-person private equity firm. In addition, we can usually identify concrete actions you can take immediately, without added investment, to achieve measurable improvements in your cybersecurity. We also outline medium and long-term actions that can give your company a precise plan for the future.


Although we do the heavy lifting of developing the scorecard, benchmark, and roadmap, we share our processes and thinking with you so you have the tools to continue on, with or without our assistance. Our goal is to provide your team with the insight to further your cybersecurity initiatives independently.

Learn More About This Offering

Explore our Community