Press releases

Deloitte recognized as a global leader in cybersecurity consulting by ALM

News Release

Explore Content

NEW YORK, NY, USA, 10 January 2019—ALM Intelligence has ranked Deloitte as a global leader in the report, entitled Cybersecurity Consulting 2018. On cybersecurity consulting, Laura Becker, analyst, management consulting research at ALM, highlights, “Deloitte stands out in its ability to provide clients with a full suite of cybersecurity risk offerings integrating strategy, governance and other core capabilities to execute the strategy.”

“In a continuously evolving environment, the need to stay ahead of cyber threats and opportunities is critical,” says Nick Galletto, Deloitte Global Cyber Risk Services leader. “We believe this report affirms Deloitte’s capabilities in this area, citing our ‘strong insights and innovation,’ as well as our ‘strong network of global Cybersecurity Intelligence Centers.’ We’re pleased that our position as a leading provider of cyber risk services is recognized both by analysts and clients.”

The report lays out the opportunities and challenges for cybersecurity consulting providers focusing on market trends, client spending trends and forecasts, and the provider landscape, and includes profiles of select key organizations.

According to ALM, cybersecurity consulting services is defined as those that “identify and manage the portion of strategic risks associated with digitization, including threats to information assets, infrastructure, and applications.”

Additional report findings:

  • “The [network]’s Cyber Strategy Framework (CSF) is one example of Deloitte’s management system delivery. It is a business-driven, threat-based approach to conducting cybersecurity assessments based on an organization’s specific business, threats and capabilities. CSF provides a platform with a range of dashboards that can be customized for executives, managers and operations leaders that allow the organization to assess cyber resilience; with content packs that enable the organization to conduct assessments against specific standards.”
  • “Deloitte’s significant breadth of capabilities within the cybersecurity consulting space across industries and geographies allows the [network] to bring strong insights and innovation to recent trends in the space, leading to advisory gleaned from best practices, deep benchmarking data and a strong network of global Cybersecurity Intelligence Centers.”
  • “Deloitte increasingly sees a shift in demand for capabilities that accommodate digital transformation and increasing connectivity. Deloitte is adept at shifting client mindsets from controls and compliance to operationalizing processes, and aligning cybersecurity with business risks and strategies.”
  • “Deloitte leads with a business-driven performance approach, enabled through cyber risk, including regulatory, operational and strategic risk. The [network]’s approach over the last few years was focused on preventing, detecting and reacting to attacks and breaches through cybersecurity, cyber-vigilance and cyber-resilience. Increasingly now and in the future, Deloitte sees a shift in demand for capabilities to accommodate digital transformation and the increasing connectivity of products (IoT, OT, etc.) which will create more demand for client services such as cyber managed services, cloud-based cyber solutions and connected device security. This shift will involve changing client’s mindsets from controls to operationalizing processes and viewing cybersecurity aligned with business as an enabler in the market. The [network] employs best practices across industries, deep benchmarking data, its network of Cybersecurity Intelligence Centers (CICs), and innovative solutions to protect reputational and brand risk.”
  • “Deloitte provides cybersecurity consulting services through its Cyber Risk Services group, which is part of the global Risk Advisory portfolio. Cyber Security Risk is one of five interconnected key risk areas in addition to Strategy and Reputation Risk, Regulatory Risk, Financial Risk, and Operational Risk. Components of Cyber Risk include Cyber Strategy, Cyber Security, Cyber Vigilant and Cyber Resilience. The [network]’s approach towards successfully managing cyber risk by aligning risk to business outcomes in combination to becoming “Secure. Vigilant. Resilient” enables clients to protect critical assets against threats, anticipate threats through intelligence, recover with minimal damage, and drive operational improvement when an event occurs. To achieve this, Deloitte offers full lifecycle client services from cyber security risk strategy, implementation and managed services.”
  • “Deloitte’s Cyber Risk Services portfolio integrates strategy and governance with core capabilities to secure the organization from a business-driven perspective. The portfolio includes cyber strategy (transformation, assessments, risk, compliance, training); secure (infrastructure protection, vulnerability management, IAM, privacy); vigilant (advanced threat preparation, cyber risk analytics, SOCs, threat intelligence and analysis; and resilient (incident response, wargaming).”
  • “Deloitte’s service delivery often begins with its Cyber Strategy Framework (CSF), used to assess an organization’s maturity, controls, threats and capabilities to help an organization continue to evolve. Content packs also enable the [network] to conduct assessments against specific standards and the client can use a customizable dashboard.”
  • “Deloitte’s global network of Cyber Intelligence Centers (CICs) play a key role in gathering and disseminating critical threat intelligence to understand the business impact of underlying trends and threats. Deloitte [collaborates] with other threat intelligence players to share information and de-dupe threats to contextualize a client’s risk. CICs provide managed services, compromise assessments, and threat accelerators to enable the [network] to target advanced threats. There are two types of CICs: larger ones and smaller ones that focus on intelligence. There are delivery centers in Canada, the US, Spain and across Asia Pacific. There is also a National Innovation Center to connect the regional centers.”
  • “In addition to the CSF described above, Deloitte’s other global service innovations include Crisis Management services (consulting, managed services and interactive labs); Cyber Insurance services, and a Privacy by Design framework. Other areas of innovation include analytics, blockchain, robotics, AI modelling, and balancing automation and the human element, or business chemistry as the [network] calls it. Managed services have seen significant growth and Deloitte operates with many customizable options for clients, from building and turning over services to a hybrid or co-sourcing model in order to fulfill outsourcing. The [network] aligns managed services around regional areas to understand each region’s threats and distinct regulatory landscape. Deloitte will provide on-the-job and formal certification in tools and processes for any of these configurations, and provides playbooks on routines for the client workforce.”

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities. DTTL (also referred to as “Deloitte Global”) and each of its member firms are legally separate and independent entities. DTTL does not provide services to clients. Please see to learn more.

Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our network of member firms in more than 150 countries and territories serves four out of five Fortune Global 500® companies. Learn how Deloitte’s more than 286,000 people make an impact that matters at


Vicktery Zimmerman
Global Communications
Deloitte Global
Tel: +1 312 486 1569

Did you find this useful?