-
Deals Services
The financial advisors of Grant Thornton offer customized solutions to their clients through personalized methods and services.
-
Technology
Our goal is to redefine how clients do business. With expertise in digital strategy, AI, data insights, and automation, we create personalized solutions to enhance productivity and drive innovation.
-
Strategy and Investments
The Strategy and Investments department supports businesses at strategic, operational and financial level.
-
Environmental, Social, Governance, Risk & Compliance
In the current business and regulatory environment, businesses aspire to meet today's requirements effectively, and to create value on sustainable terms.
-
Audit Services
The dedicated staff of Grant Thornton provide you with audit services such as financial statements for your business by using the HORIZON methodology.
-
Business Growth Advisory
At Grant Thornton, we recognize the need to align financial data with regulatory change, as well as the requirement for accurate financial data and consulting services.
-
Corporate Taxation
Grant Thornton's tax professionals offer Corporate Taxation Services to provide advice and solutions to any issues your business may have.
-
Corporate tax compliance
The Grant Thornton corporate tax compliance specilaists possess long experience in both multinationals and Greek companies in all business sectors.
-
International tax services
Grant Thornton supports all businesses operating at the European and international level with advice on international tax matters.
-
Transfer pricing
Grant Thornton offers comprehensive pricing policy planning and tax audit support for domestic, multinational and corporate tax executives.
-
Tax Controversy
Grant Thornton provides tax audit and risk services because tax disputes are unavoidable in numerous businesses.
-
Private Client Services
In case you are an individual, Grant Thornton provides services like tax returns, transfer of wealth to future generations and expatriate taxation services
-
Indirect taxes
Learn more from Grant Thornton about our services for indirect taxes such as real estate taxes, customs, VAT and stamp duties.
-
Tax restructuring
Grant Thornton provides tax advisory services to companies undergoing tax restructuring or a change in their strategic direction.
-
Diagnostic Tax Review
Diagnostic tax review is a tax service offered by Grant Thornton to assist your organisation in identifying and assessing potential tax exposures.
-
Tax efficient supply chain planning
Get informed about tax efficient supply chain planning and how to improve your company's productivity model by reorganizing your productivity activities.
-
Global mobility strategy
In a globalized world, businesses must work seamlessly across borders. Organizations operate in multiple countries and view international expansion as a strategic objective.
-
Accounting & Tax Compliance Services
Transferring non-core, yet important, activities outside the company and assigning them to specialists - external partners (Business Process Outsourcing) is the best practice applied by companies seeking to maximize efficiency and cut costs.
-
HR & Payroll services
Grant Thornton provides specialized services in payroll management and human resources management for any type of company.
-
Banking
Grant Thornton has a dedicated financial services team that provides banking services such as tax and non-bank accountancy advisory services.
-
Insurance
Here you will find all the financial assurance services that Grant Thornton can offer to your company and the pillars that are included.
-
Asset management
In Grant Thornton, asset management is a business approach that concerns assurance and control services and regulatory compliance services.
-
Banking
Banking & Securities
-
Insurance
Insurance
-
Asset management
Asset management
-
Central Government
Central Government
-
Public Corporations and Organizations
Public Corporations and Organizations
-
Local Government
Local Government
-
NSRF Managing Authorities and Special Services
NSRF Managing Authorities and Special Services
-
Public Health Services
Public Health Services
-
Social Security Services
Social Security
-
Hotels & tourism services
Hotels & tourism services
-
Transportation
Transportation
-
Information Technology
Information Technology
-
Media
Media
-
Telecommunications
Telecommunications
The rapid development of technology, its direct impact on the operation of businesses and the easier than ever access to large amounts of information over the internet have made it necessary to establish rules and practices that are able to enhance the resilience of businesses to cyber risks, provide the confidentiality, integrity and availability of data, and achieve privacy and personal protection Data.
Resilience
According to the NIST (National Institute of Standards and Technology), the resilience of information systems is defined as "The ability to anticipate, withstand, recover and adapt to adverse conditions, pressures, attacks or compromises on systems used or activated by cyber resources”.
Consequently, the resilience of information systems is directly linked to a company's ability to address operational and information risks successfully in order to be driven to the development of a sustainable digital modernization.
Confidentiality, integrity and availability
Confidentiality, integrity and availability refers to a structured set of rules which are the fundamental principles of information security and are intended to provide the assurance that information and data are accurate, available and accessible only by persons who have the appropriate accesses. More specifically, these three fundamental principles are explained as follows:
Confidentiality: Confidentiality is one of the key concepts of cybersecurity, which ensures that information is protected from unauthorised disclosure. The protection of confidentiality is an obligation of all members of a business.
Integrity: Integrity is the ability to ensure the accuracy and reliability of data. Integrity refers to all assets of a business.
Availability: The principle of availability includes ensuring that systems, applications and data are available to authorized users when the need arises.
Protection of privacy and personal data
The first major effort for the protection of personal data was made by Directive 95/46/EC – Law 2472/1997, which, among other things, aimed to achieve an equivalent level of protection between member states and to remove obstacles to the free movement of data, combining prevention on the risks of the processing of personal data.
This Directive was subsequently replaced by Regulation 2016/679 which is also popularly known as the GDPR (General Data Protection Regulation). Regulation 2016/679 was passed on 27 April 2016 and entered into mandatory application from 25 May 2018. While in 2019 and more specifically on 29 August 2019, law 4624/2019 was voted by the Greek Parliament, which aimed at taking measures for the implementation of 2016/679 and its incorporation into national legislation.
The transition from the first Directive was mainly aimed at the processing of personal data within the European Union by individuals, businesses or organisations and designated the key parts of the processing which are the controller and data subjects, while in addition it set out safeguards such as the information of natural persons, the appointment of data protection officers and the implementation of appropriate organisational and technical measures.
The General Data Protection Regulation, as in force, concerns almost all businesses, whether they are private or public, as they handle personal data concerning employees, partners, customers or other natural persons. Therefore, all companies/organisations should, in order to meet the requirements of the Regulation, implement specific security measures, such as regular network and infrastructure security audits, implementation of security policies and procedures, training of users on the proper use of information assets and development of risk identification procedures.
Risks
Risks can come in many forms, including software attacks, identity theft, sabotage, and information blackmail. Since 2019 and the "advent" of the COVID pandemic, there has been a large increase in the risks arising from cyber criminals, with the most widespread attack technique being the attack of social engineering. The most common types of attacks that have been observed during the pandemic and pose a significant risk to personal or non-personal data are the following:
- Malware: Malware can be designed to create permanent access to a network, spy on a user to obtain their credentials, or steal valuable data.
- Phishing: A phishing attack is the attempt of a malicious user to deceive an unsuspecting victim in order to deliver valuable information, such as passwords, credit card details, etc. Phishing attacks often take the form of an email that pretends to be from a legitimate organization or other trusted entity.
- Leakage of information / Data breach: The leakage of information refers to the disclosure of information to unauthorized users. The leakage of information is usually the result of interception attacks. A data breach is an incident in which the information is stolen or received by a system without the knowledge or approval of the system owner.
- Identity theft: Identity theft means using an individual's personal identity information, such as a name, credit card number, or other personal information, without the individual's permission, to exploit it in fraudulent activities.
- Ransomware: A ransom attack is a malware designed to restrict users' access to their files or threaten to leak personal data without the consent of individuals or organizations.
- Cyber espionage: Cyber espionage is a form of cyberattack that targets the theft of classified or sensitive data to gain an illegal advantage over a competing organization.
The Importance of Cybersecurity and Cyber Resilience
Cybersecurity and cyber resilience are inextricably linked. Cybersecurity is about implementing technologies, processes and controls aimed at protecting information systems, networks and data from malicious attacks to ensure the integrity, confidentiality and availability of information. At the same time, cyber resilience allows businesses to ensure their operation, reduce their exposure time to potential threats, reduce the risk and impact of potential threats, and achieve a continuation of their activity.
In order for a business to be able to identify, assess and address the risks arising from its operation, it must fully understand the source of the threats, assess the reasonable likelihood of such threats occurring, create reaction scenarios, check for potential vulnerabilities and assess their relevance and criticality and establish the necessary procedures to address those vulnerabilities.
How can businesses achieve the desired cyber resilience?
The desired resilience to cyber risks can be achieved by adopting a cybersecurity framework that protects the functioning of businesses. In particular, companies should integrate into their operation a set of controls and procedures based on risk management.
The core of this framework consists of a set of cybersecurity activities, focusing on identification, protection, detection, response and recovery. The following is a brief description of the key elements of the cybersecurity framework:
Identification: The identification function helps develop an organizational understanding of cybersecurity risk management in systems, individuals, assets, data and capabilities. Examples of the identification function can be the identification of physical and software assets to create an asset management program, the identification of cybersecurity policies to define a plan governance, the determination of the risk management strategy for the organization, etc.
Protection: The protection function helps in supporting to the limitation of the impact of potential cybersecurity incidents. Examples of the protection function may be the protection of confidentiality, integrity and availability of data, the management of technology to ensure the security of systems, awareness raising and training of staff within the organisation.
Detection: The detection function helps in developing and implementing appropriate activities to detect cybersecurity incidents in order to achieve early detection and therefore fast reaction. Examples of ways to detect may be detection of anomalies and events and continuous monitoring of security.
Response: The response function develops and implements appropriate activities in order to take appropriate actions in an identified cybersecurity incident.
Recovery: The recovery function develops and implements appropriate activities to maintain resilience plans and restore any service affected by a cybersecurity incident.
Advantages of cyber resilience
Cyberspace is a rapidly changing environment resulting from the interaction of many factors, including people, software and online services. As a result, security needs are constantly changing and the need for a flexible and adaptable approach to operational risks can bring great benefits to businesses, which could be summarized as follows:
Improving the "security posture": Improving the "security posture" will help businesses focus on threats that are important and will drastically reduce the number of security incidents in information systems. Preventing or drastically reducing risks and avoiding potential violations play an important role in the overall operation of a business and are not just about the technology it leverages.
Regulatory Compliance: The adoption of a cybersecurity framework and the improvement of the resilience of businesses to cyber threats will help businesses achieve a "mature" information environment that complies with the legal provisions relating to the protection of the data they manage. This results in avoiding damages that may result from fines or lawsuits.
Trust and Reputation: The direct impact of technology and the increasing dependence of business operations on cyberspace makes potential customers of businesses wary of the trust of their data. A potential breach could reduce customer confidence and significantly damage the reputation of businesses. Businesses, which create a safe operating environment can develop important relationships of trust with their customers.
Subscribe here to receive our newsletters