Incident Response

A single phishing email, ill-intentioned employee, or IT misconfiguration can spell disaster for organizations both large and small. Cyber incidents like these can result in significant losses for an organization due to theft of sensitive information including intellectual property and confidential data, brand and reputation damage, significant impacts to customers and partners, as well as direct financial losses and penalties. Deloitte’s elite team of cyber incident responders empower customers to minimize the impact of these incidents to business operations, safeguard sensitive information, and ensure a successful recovery in the wake of a cyber incident.

Full-blown cyber incidents call for the deployment of Deloitte’s incident response experts to defend your organization from threats that include infection by ransomware and other malware, device loss, insider threats, IT misconfiguration, data theft, and espionage. Deloitte’s worldwide presence in 870 locations across 150 countries means that time-sensitive incident response operations can be rapidly carried out. These operations follow a common, agile approach that consists of intake, identification and analysis, containment and eradication, and finally post-incident activities. Throughout this process, Deloitte’s crisis management staff works alongside technical incident responders to understand the nature of the incident, determine its impact to business operations, assist with internal and external communication, and provide guidance to executive leadership.


Phase 3: Containmen t / Eradication

IntakeThe intake phase involves the implementation of processes and measures to prepare for cyber incidents. These processes involve the definition of roles, responsibilities and communications channels, as well as ensuring that attacks can be detected and remedied through technical measures.


Identification & AnalysisThis phase includes detecting cyber incidents and determining their impact to the business. In addition, a technical review of the entire incident takes place in order to understand the context of the incident and minimize the risk of such incidents in the future. This is accomplished through forensic analysis of computing and networking devices, analysis of network traffic, malware analysis, and additional techniques.


Containment & EradicationThe third phase allows for the development of technical and procedural measures to keep the incident from spreading to other parts of the infrastructure. Using the analysis from Phase 2, the team works to eliminate the ongoing threat to the organization.


Post-Incident ActivityAfter Phase 3 is completed and the organization has returned to business as usual, the incident is fully analysed in consultation with all stakeholders. Technical and procedural strategies are recommended to more effectively defend against and respond to similar threats in the future. Additional activities can be planned to improve the cyber resilience of the organization, including awareness-raising campaigns or the implementation of technologies that can mitigate cyber risk.

Deloitte offers a wide range of incident response services, including:

  • Individual Incident Response Engagements to address a specific incident that a customer is experiencing.
  • Retainer-based Incident Response, which ensures a rapid response to incidents regardless of where in the world the incident is occurring through Deloitte’s global network of incident responders. For retainer clients, incident response experts are available 24 hours a day and 7 days a week, which means that rapid resolution to incidents is only a phone call away.
  • Breach Indicator Assessments, which allow for the proactive hunting of threats on customer networks using advanced sensor technology and leads to the mitigation of discovered threats.
  • Capability Assessments that measure a customer’s native ability to respond to cyber incidents and provide valuable, specific insight into how to improve the organization’s capabilities and overall resilience to cyber threats.
  • Training to improve the in-house proficiencies of a customer’s incident response team.

Deloitte is qualified APT service provider of the BSI

Especially in times of ongoing digital transformation of our society and thus also of business models, companies face an increased risk due to growing threats from cyberspace. In addition to the appropriate preventive measures to increase cybersecurity, a rapid response is essential to minimize impact on companies in the event of an attack. The BSI supports companies by certifying qualified service providers with a high level of specialized knowledge in the field of analyzing and defending against targeted cyber-attacks and recommending these BSI-certified cyber experts to companies seeking help. Deloitte has successfully passed the BSI certification audit and has been designated as an "APT service provider in the sense of §3 BSIG" since 01.06.2021.

Your Contact

Ralph Noll

Ralph Noll

Partner | Cyber Risk

Ralph Noll ist Partner im Bereich Cyber Risk bei Deloitte und ist verantwortlicher Ansprechpartner für alle Fragestellungen rund um den Themenbereich der Cyber Response. Ralph hat mehr als 20 Jahre Er... Mehr