Cyber Strategy & Transformation

Our IT Risk Team is ready to assist you!

The increased use of IT comes with an increased set of risks. Effective risk management is the key to identifying, managing and lowering your IT and, ultimately, business risks. ​

Challenges

Data loss, ransomware or a failure of critical operational technology – where to start?

Navigating the IT risk landscape often throws up various questions, such as:

  • Which rules are we required to comply with?

  • How do we implement technical and organisational measures appropriate to the risk?

  • Which framework(s) should be used as a baseline?

  • Which level of maturity is appropriate seen from a legal, business and consumer perspective?
  • What is our current security and risk management maturity?

  • Which initiatives are necessary to achieve the desired level of maturity?

  • What are our risk profile and risk tolerance?

  • What are the risks associated with the use of external technology suppliers, i.e. cloud solutions?

  • How do we address IT and OT risks in our risk management framework?

  • What are the potential consequences and benefits of cybersecurity maturity?

  • How do we identify, manage and decrease risks.

IT risk management can assist in addressing these challenges and ensure that clients can rapidly get visibility of their risks and prioritise their security efforts and spending, increasing ROI on risk mitigation and ensuring compliance against requirements, such as the GDPR, NIS Directive, PCI-DSS and CMMC.

Our approach

We have an established approach for assisting clients in understanding the risks they are currently facing and building risk management processes to adapt to future risks.

Our common approach is split across five distinct phases where we:

  1. Confirm the scope

    We understand your objectives and develop an assessment approach and corresponding scope to satisfy your needs.

  2. Plan and initiate

    We develop a plan relevant to your needs utilising industry frameworks (including ISO 27001, NIST, CMMC and CIS 20), our own best practices or your existing processes.

  3. Tailor assessment or framework

    We establish an assessment and analysis framework to be used for targeting your key requirements.

  4. Perform an assessment

    We determine the current state of your IT risk management and/or security controls. We do so through a number of different types of assessments, selecting the most appropriate one together with you.

  5. Response planning

    We summarise the results of selected assessment(s) and create a roadmap to assist you in remediating the gaps and/or risks identified.

  1. Confirm the scope
  2. Plan and initiate
  3. Tailor assessment or framework
  4. Perform an assessment
  5. Response planning

We understand your objectives and develop an assessment approach and corresponding scope to satisfy your needs.

We develop a plan relevant to your needs utilising industry frameworks (including ISO 27001, NIST, CMMC and CIS 20), our own best practices or your existing processes.

We establish an assessment and analysis framework to be used for targeting your key requirements.

We determine the current state of your IT risk management and/or security controls. We do so through a number of different types of assessments, selecting the most appropriate one together with you.

We summarise the results of selected assessment(s) and create a roadmap to assist you in remediating the gaps and/or risks identified.

After these sorts of assessment you will have a very clear idea of your risks and, with our recommendations, can start to close your security gaps whilst improving your IT risk management procedures.

Why Deloitte?

Awarded market leaders

We strive to continuously lead the market in the area of cyber risk and security services. We are awarded and acknowledged by some of the most renowned institutions within the area of cyber, e.g. Gartner, ALM Intelligence and Forrester. In 2020, we were named global leader in Security Consulting Services for the 9th year in a row by Gartner.

Leading-edge technologies

We are committed to investing in innovation and emerging technologies to ensure that we are equipped with the latest tools to solve current and future challenges for our clients. Alliances with market-leading cyber vendors and groundbreaking startups around the world offer our clients access to a wide range of cyber-risk technologies and leading-edge technology innovation.

Global intelligence delivered locally

We have the largest professional services network in the world. Diversity across our cyber teams helps us work across the globe with a local and personal lens. We have over 8,600 dedicated cyber-risk service practitioners of which 1,300 are dedicated to Europe and the Middle East alone, ready to help our clients everywhere with any challenge.

End-to-end cyber-risk services

We cover every aspect of cyber risk — from advisory and implementation of strategic transformations to managed security services, product solutions and incident management. This enables us to deliver more resilient and silo-breaking solutions, taking the whole business chain into account. This helps our clients to leverage their potential and growth even more.

Reach out

We really enjoy working with people and helping them build security and resilience in their businesses through pragmatic steps. If you would like to hear more about how to stay one step ahead of IT risks, please email one of our teams to take you through some of your options.

Jay Choi

Partner

Jason Harle

Senior Manager