Protecting banks from cyber crime

Online and mobile banking are technological conveniences that many of us take advantage of every day. The fact that we use this technology so frequently shows just how much trust we put in the security of these systems and their ability to protect our sensitive data online. But for banks, protecting themselves and our data from cyber attacks is an endless pursuit.

We have been working with some of the world’s largest banks to help them stay one step ahead of hackers. Using a technique known as ‘penetration testing’, our teams replicate the methods and tactics of skilled hackers to try and find holes and vulnerabilities in our clients’ systems. Additionally, we’ve been working with our clients to help them lock down and better protect their applications so when hackers come, they have their work cut out. It’s this end-to-end process that makes our work so important, not just highlighting vulnerabilities but ensuring the right remedies are in place so that organisations are enabled to protect themselves and their customers.

Our support for the financial services industry has allowed us to improve the security of hundreds of applications to date, benefiting not only the industry itself but also its business and retail clients, who often take security for granted.


Understanding and implementing GDPR

​The proliferation of data sharing between organisations and individuals has reached unprecedented levels. In fact, data volumes are exploding, with more data created in the past two years than in the entire previous history of the human race. The benefits and insights that this expansion of data can offer are well documented, if not yet fully utilised, but this opportunity comes with increasing risks to the safety of our own personal data.

In response to this, the European Parliament and Council have introduced the new "General Data Protection Regulation" (GDPR) to strengthen and unify data protection across the European Union. This regulation, which became effective in May 2018, will provide better protection for all of us as individuals, but for the companies handling our data these new and stricter regulatory requirements mean substantial change to the way they operate. Not only do these businesses now face the threat of increased fines and growing reputational risks, they must also tackle legal uncertainties, organisational complexities and operational challenges as they grapple with this new regulation.

Since 2016, we have been working with a leading global financial services client to offer pragmatic advice and implementation support as they confront the challenge of this new regulation. Working to establish clear governance structures and strong executive backing, we have helped our client achieve cost effective solutions that meet the regulatory requirements.

Our ability to offer practical solutions to complex technical, legal and organisational questions is enabling our client to navigate a difficult regulatory landscape, transform their organisation and keep their customers’ data safe.

The challenge

Business leaders can no longer ignore cyber threats. Cyber crime is profitable – very profitable. The resulting cost to the global economy is an estimated $1-1.5 Trillion and perpetrators generally evade prosecution and avoid penalties. As such, the very foundation of modern society increasingly depends on our ability to protect digital assets. With the risks of being caught and prosecuted small, it isn't a question of whether an attack will happen, but when.

A well-developed ecosystem provides support to criminals via tools such as 'crime as a service', help-desks, or anonymous marketplaces to monetise stolen assets. The attackers themselves are sophisticated and frequently have resources and budgets that eclipse many corporate security departments.

These drivers of cyber crime come upon IT systems that are inherently difficult to protect: Credulous users who click on links and attachments; high staff fluctuation; changing operating models; heterogeneous and complex IT landscapes; legacy technology; continuous innovation via cloud, mobile, Internet-of-Things, or digital transformations all add to the complexity of protecting today’s IT systems. Due to these headwinds, even conceptually simple tasks such as patching become complex and leave us in a situation where the majority of cyber attacks exploit known vulnerabilities.

Now consider that CISOs, CIOs, CFOs and even CEOs are being held accountable for cyber security and have had to leave their posts after major cyber incidents. The inevitable conclusion is that too much is at stake, both personally and economically and that executives – irrespective of their specialization in HR, Finance, Technology, Legal, or Business – have to understand cyber risk, how it affects their jobs, and what their role is in defending against it.

While there is no “silver bullet” for security, our experience shows that a structured and holistic approach to managing cyber risk delivers the best protection within the time, budget, and organizational constraints that our clients face. In concrete terms, this means focusing on strategy as well as being secure, vigilant and resilient.

The current state of cyber security

Our approach


We help organisations prepare and develop cyber defence programmes in line with their strategic objectives, risk exposure and risk appetite.


We establish security controls around an organisation's most sensitive assets in order to prevent attacks and enable business growth.


We develop intelligence systems to proactively detect threats and incidents so as to enable an effective response.


We combine proven incident management processes and technologies so organisations can respond effectively to cyber disruptions.


Minimise financial losses, which range from millions for average incidents, to hundreds of millions for large incidents, and total business failure for catastrophic cyber incidents

Protect brand, reputation, and market trust

Comply with regulatory requirements

Reap the upside of digital innovation while managing the downside of increasing cyber exposure

Safeguard personal careers against allegations and accusations in the event of cyber incidents

Why Deloitte?

  • Expertise

    Our professionals hold recognized industry certifications, such as CISSP, CISM, ISO27001, COBIT, ITIL, CDPP, and CEH. Moreover, their achievements earned them important awards including 1st prize for six years in a row in the Global CyberLympics.

  • Scale

    Gartner, the world's leading information technology research and advisory company, ranked Deloitte #1 globally in Security Consulting Services, based on revenue. Source: Gartner, Market Share Analysis: Security Consulting, Worldwide, 2016, Jacqueline Heng, May 2017.

  • Innovation

    Our strategic security alliances with organisations such as Symantec, IBM, Sailpoint, Okta, Cyberark as well as the Startup ecosystems in Israel and the US allow us to bring the latest innovations to our clients.

Development though our cyber mobility scheme

Case studies

Protecting banks from cyber crime

We're helping one of the world's biggest banks test how secure their data really is.

Read more icon-chevron-arrow

Understanding and implementing GDPR

We're helping a leading financial services company to keep their customers data safe.

Read more icon-chevron-arrow

The team

Klaus Julisch

Klaus Julisch

Lead Partner, Cyber Risk Services

Email Klaus icon-chevron-arrow

+41 58 279 6231

Florian Widmer

Florian Widmer

Partner, Vigilance & Resilience Service Lead

Email Florian icon-chevron-arrow

+41 58 279 6910

Reto Haeni

Reto Haeni

Partner, EMEA Cloud Security Lead

Email Reto icon-chevron-arrow

+41 58 279 7202

Olivier Bandle

Olivier Bandle

Director, Strategy & Security Service Lead

Email Olivier icon-chevron-arrow

+41 58 279 6085

Cristian Dumitrescu

Cristian Dumitrescu

Director, Cyber Risk Services, Basel region

Email Cristian icon-chevron-arrow

+41 58 279 9027

Related topics