Cyber Risk Framework

Providing a disruptive cyber risk analysis methodology

In a world increasingly driven by digital technologies and information, cyber threats are becoming more and more an everyday strategic imperative. Dynamic, pragmatic and proactive, Deloitte’s Cyber Risk Framework (CRF) is a disruptive framework combining an improved methodology, a web application, and cyber security experts to understand business risks and their related cyber threats.

Identify your risks and make the right security decisions

Our clients believe in us

“How can I be sure that my cyber security measures are relevant against cyber threats?”


“What are the cyber threats that can induce business risks?”

– Business Unit Our clients believe in us

The benefits

Focus on the right priorities Focus on the right priorities

Spend money only on the cyber capabilities that you really need. The CRF helps you find the configuration that best fits your objectives and your budget.

Improve risk governance Improve risk governance

Check and evaluate all your risks from one place.

Consolidate risk management and tools Consolidate risk management and tools

The whole methodology is packaged in the CRF dynamic web application.

Enhance value from cyber security investments Enhance value from cyber security investments

Ensure that security is not just a cost center but is also a source of opportunities.

Save time and effot when performing risk analysis Save time and effort when performing risk analysis

Most of the methodology is assisted by the CRF tool. Don't waste time trying to consider everything - the CRF is fast and totally impartial.

The methodology



Interviews with business units to collect business risks and impacts


Identify information systems that support the business processes


Identify which cyber threats can induce a business risk (e.g. a cyber criminal steals client data)



Model the sequence of attacks that cyber criminals will imple-ment (attack scenarios)


Identify the cyber security measures that block or reduce the impact of each attack in the scenario (knowledge database)



Evaluate the current level of maturity of each identified cyber security measure; identify cyber security measures to imple-ment or improve and formalize the risk treatment plan

The methodology

Let us help you to stay proactive!