circular sparkling


Cybersecurity Management Framework

Deloitte's cyber strategy framework provides a proven approach to managing cyber resistance with trust, based on your specific business, threats and capabilities. Deloitte's cyber strategy framework helps organizations understand their level of cyber resilience based on their critical business assets, their threat environment and the maturity of their cyber capabilities.

Our Cyber Strategy Framework incorporates a business-driven and threat-based methodology supported by an intuitive online platform, which includes dashboards for reporting to an operational, managerial and executive audience. The Cyber Strategy Framework is our global approach to conducting cyber strategy assessments and is used by leading organizations across numerous industries.

A unique framework for managing your Cyber Strategy

Deloitte recognizes that no organization has unlimited resources to dedicate to cybersecurity. Therefore, it is important that organizations invest in those cybersecurity capabilities that will contribute most to their overall cyber resilience. The Cyber Strategy Framework is the result of more than four years of research and investment in Cyber Strategy by Deloitte and incorporates a proven methodology to determine the current and target maturity of an organization’s cyber capabilities and design a roadmap to improve the overall cyber resilience of the organization to internal and external threats.

Our framework also includes content packs, which enable maturity assessments to be conducted against a range of industry standards, including the ISO/IEC 27001, the NIST Cybersecurity Framework and the Deloitte Cyber Capability model. The Deloitte Cyber Capability Model recognizes that while being Secure is important, organizations must also be Vigilant and Resilient against cyber threats, and have a comprehensive Cyber Strategy to ensure continued business value.

A comprehensive approach to managing cyber resilience with confidence

Deloitte’s Cyber Strategy Framework incorporates a proven methodology based around three core components: Business, Threats and Capabilities. To define the right cyber strategy for an organization we typically follow a five-phase approach to asses the current and the targeted maturity level of cyber capabilities. We define an actionable roadmap which organizations can immediately act upon and which aim to improve their cyber resilience