icon-close

Protecting banks from cyber crime

Online and mobile banking are technological conveniences that many of us take advantage of every day. The fact that we use this technology so frequently shows just how much trust we put in the security of these systems and their ability to protect our sensitive data online. But for banks, protecting themselves and our data from cyber attacks is an endless pursuit.

We have been working with some of the world’s largest banks to help them stay one step ahead of hackers. Using a technique known as ‘penetration testing’, our teams replicate the methods and tactics of skilled hackers to try and find holes and vulnerabilities in our clients’ systems. Additionally, we’ve been working with our clients to help them lock down and better protect their applications so when hackers come, they have their work cut out. It’s this end-to-end process that makes our work so important, not just highlighting vulnerabilities but ensuring the right remedies are in place so that organisations are enabled to protect themselves and their customers.

Our support for the financial services industry has allowed us to improve the security of hundreds of applications to date, benefiting not only the industry itself but also its business and retail clients, who often take security for granted.

icon-close

Understanding and implementing GDPR

​The proliferation of data sharing between organisations and individuals has reached unprecedented levels. In fact, data volumes are exploding, with more data created in the past two years than in the entire previous history of the human race. The benefits and insights that this expansion of data can offer are well documented, if not yet fully utilised, but this opportunity comes with increasing risks to the safety of our own personal data.

In response to this, the European Parliament and Council have introduced the new "General Data Protection Regulation" (GDPR) to strengthen and unify data protection across the European Union. This regulation, which became effective in May 2018, will provide better protection for all of us as individuals, but for the companies handling our data these new and stricter regulatory requirements mean substantial change to the way they operate. Not only do these businesses now face the threat of increased fines and growing reputational risks, they must also tackle legal uncertainties, organisational complexities and operational challenges as they grapple with this new regulation.

Since 2016, we have been working with a leading global financial services client to offer pragmatic advice and implementation support as they confront the challenge of this new regulation. Working to establish clear governance structures and strong executive backing, we have helped our client achieve cost effective solutions that meet the regulatory requirements.

Our ability to offer practical solutions to complex technical, legal and organisational questions is enabling our client to navigate a difficult regulatory landscape, transform their organisation and keep their customers’ data safe.

The challenge

Business leaders can no longer ignore cyber threats. Cyber crime is profitable – very profitable. Latest industry estimates peg the global cost of cyber crime at CHF 600 Billion or 0.8% of world GDP. With barriers of entry for cyber crime being low, and the risks of being caught and prosecuted small, it isn't a question of whether an attack will happen, but when.

A well-developed ecosystem provides support to criminals via tools such as 'crime as a service', help-desks, or anonymous marketplaces to monetise stolen assets. The attackers themselves are sophisticated and frequently have resources and budgets that eclipse many corporate security departments.

These drivers of cyber crime come upon IT systems that are inherently difficult to protect: Credulous users who click on links and attachments; high staff fluctuation; changing operating models; heterogeneous and complex IT landscapes; legacy technology; continuous innovation via cloud, mobile, Internet-of-Things, or digital transformations all add to the complexity of protecting today’s IT systems. Due to these headwinds, even conceptually simple tasks such as patching become complex and leave us in a situation where the majority of cyber attacks exploit known vulnerabilities.

Now consider that CISOs, CIOs, CFOs and even CEOs are being held accountable for cyber security and have had to leave their posts after major cyber incidents. The inevitable conclusion is that too much is at stake, both personally and economically and that executives – irrespective of their specialization in HR, Finance, Technology, Legal, or Business – have to understand cyber risk, how it affects their jobs, and what their role is in defending against it.

While there is no “silver bullet” for security, our experience shows that a structured and holistic approach to managing cyber risk delivers the best protection within the time, budget, and organizational constraints that our clients face. In concrete terms, this means focusing on strategy as well as being secure, vigilant and resilient.

The current state of cyber security

Our approach

Strategy

We help organisations prepare and develop cyber defence programmes in line with their strategic objectives, risk exposure and risk appetite.

Secure

We establish security controls around an organisation's most sensitive assets in order to prevent attacks and enable business growth.

Vigilant

We develop intelligence systems to proactively detect threats and incidents so as to enable an effective response.

Resilient

We combine proven incident management processes and technologies so organisations can respond effectively to cyber disruptions.





Benefits

Minimise financial losses, which range from millions for average incidents, to hundreds of millions for large incidents, and total business failure for catastrophic cyber incidents


Protect brand, reputation, and market trust


Comply with regulatory requirements


Reap the upside of digital innovation while managing the downside of increasing cyber exposure


Safeguard personal careers against allegations and accusations in the event of cyber incidents


Why Deloitte?

  • Expertise

    Our professionals hold recognized industry certifications, such as CISSP, CISM, ISO27001, COBIT, ITIL, CDPP, and CEH. Moreover, their achievements earned them important awards including 1st prize for six years in a row in the Global CyberLympics.

  • Scale

    Gartner, the world's leading information technology research and advisory company, ranked Deloitte #1 globally in Security Consulting Services, based on revenue. Source: Gartner, Market Share Analysis: Security Consulting, Worldwide, 2016, Jacqueline Heng, May 2017.

  • Innovation

    Our strategic security alliances with organisations such as Symantec, IBM, Sailpoint, Okta, Cyberark as well as the Startup ecosystems in Israel and the US allow us to bring the latest innovations to our clients.

Cyber Security evolved

Case studies

Protecting banks from cyber crime

We're helping one of the world's biggest banks test how secure their data really is.

Read more icon-chevron-arrow

Understanding and implementing GDPR

We're helping a leading financial services company to keep their customers data safe.

Read more icon-chevron-arrow

The team

Klaus Julisch

Klaus Julisch

Lead Partner, Cyber Risk Services

Email Klaus icon-chevron-arrow

+41 58 279 6231

Florian Widmer

Florian Widmer

Partner, Vigilance & Resilience Service Lead

Email Florian icon-chevron-arrow

+41 58 279 6910

Olivier Bandle

Olivier Bandle

Director, Strategy & Security Service Lead

Email Olivier icon-chevron-arrow

+41 58 279 6085

Cristian Dumitrescu

Cristian Dumitrescu

Director, Cyber Risk Services, Basel region

Email Cristian icon-chevron-arrow

+41 58 279 9027

Related topics