Cyber Security


Cyber Security

Your best weapon in the cyber war

Deloitte can take care of your cyber threat, so you can take care of growing your business. Our expert cyber risk team will deliver solutions that secure your organisation, helping you remain vigilant and resilient into the future.

How we can help

Our team of highly experienced specialists is the largest group of security and forensics professionals in Ireland. We can use our extensive experience to assist your business in addressing security concerns or challenges, aligned to international best practice and providing real world solutions to common business challenges and risks.

Our security and resilience services include the following:

  • Cyber security
  • Staffing a Cyber Security Programme
  • Managing Security of innovative technologies, IoT, Cloud, mobility
  • Preparing Cyber Programme to meet demands of increased regulation
  • How to prepare and handle a Cyber attack
  • Assessing possible cyber vulnerabilities that may arise due to a merger or acquisition

As well as:

  • Information privacy and protection
  • Identity and access management
  • Digital forensics and eDiscovery
  • Resilience and preparedness
  • Focused services

Get in touch

Colm McDonnell
Partner, Risk Advisory
+353 1 417 2348

Jacky Fox
Director, Risk Advsiory
+353 1 417 2208

Cyber security

While the term cyber security has been around for a while, the volume of attacks and the nature of the cyber threat have evolved. The impact on organisations can be significant, or in some cases catastrophic. System downtime leads to loss in profits, reputational damage, disgruntled customers and ultimately a competitive disadvantage or a loss of opportunities. Data loss and breaches not only damage brands but also lead to regulatory fines and compensation pay outs for affected customers. Cyber has moved beyond the IT department to become a Board-level issue.

Deloitte’s Cyber Preparedness capability enables businesses to test cyber crisis management procedures in controlled but realistic scenarios rather than relying on hypothetical plans. A delay in effectively responding to a cyber-incident can add significant cost to organisations through data and assets lost or compromised and reputational damage.

Deloitte’s Cyber Aware capability provides member firm clients with tailored services that range from external cyber threat intelligence and vulnerability assessments to outsourced managed security services.

Deloitte’s Cyber Response services have been designed to provide member firm clients with access to the skills, experience and expertise that are needed during times of crisis.

Deloitte can offer your organisation the support of our Cyber specialists, making staff aware of threats and provide member firm clients with access to the skills, experience and expertise that are needed during times of crisis. Deloitte can help in the development and implementation of a safe Cyber Security by providing a range of services, including the following:

  • Cyber security and cloud computing advisory
  • Digital forensics
  • Penetration testing services
  • Vulnerability and web application assessments

Staffing a Cyber Security Programme

One of the key obstacles for organisations is finding and retaining skilled staff to operate their security programme. There is a shortage of skills in the market and the cost to attract suitable candidates is prohibitive.

Deloitte Managed Security Services provide organisations with customised support from staff augmentation to outsourced models. Leveraging our Global Security Operations Centres with our “follow the sun” 24x7 capability we provide clients with the oversight needed to operate their systems securely in an “always on and connected world.”

  • Managed Security Services
  • Managed Threat Intelligence
  • Managed DLP
  • Managed DDOS

Managing Security of innovative technologies, IoT, Cloud, mobility

Availing of strategic initiatives based on technology such as Cloud computing comes with it the challenge of an increased surface for attackers to prey. Having the appropriate risk management knowledge and controls in place is fundamental to secure adoption of technology innovation.

Deloitte supports the adoption of innovative technology in an informed and secure manner. Combining our information-centric risk approach with our advanced threat intelligence, we can best advise strategies for our clients. Our Advisory practices in collaboration with our Consulting capability provides our clients with a 360 degree support in transforming their business securely.

  • Cloud Security Assessments and Transformation
  • Identity & Access Management
  • Vulnerability Management 

Preparing Cyber Programme to meet demands of increased regulation

Regulatory demands on organisations are increasing. The driving force behind this is new legislation such as General Data Protection Regulation (GDPR) or the Network and Information Systems (NIS) Directive. Also, governing bodies, such as the Central Bank of Ireland have increased their oversight of regulated entities.

Deloitte has developed a holistic approach to solving our client’s challenges by bringing together our Regulatory, Privacy and Cyber Practices in a multifaceted team. This allows us to bring end to end services to our clients, maximising efficiencies, cost reduction and insight. This approach is invaluable given the complexities the new regulatory requirements present. 

  • GDPR Readiness Assessment
  • Policy and procedure development
  • Data inventory and mapping development
  • Training and awareness
  • Cyber Regulatory Compliance

How to prepare and handle a Cyber attack

Becoming a victim of a cyber-attack has become a matter of "when" rather than "what if". Organisations are struggling to prepare and plan for these events, due to the complexity and skill involved to respond. Having a coordinated business and technical response can dramatically lessen the impact of an attack, protecting the organisation from reputational and financial damage, due to loss of customers, fines and legal fees.

Our dedicated Crisis Management professionals cover the length and breadth of Incident management. Preparing the "board room" as well the technical staff, we create a cohesive response team that is trained and capable in responding to cyber-attacks. Our capabilities include the support of organisation through staff augmentation and outsourcing models where local skills are not available.

  • Incident Response Planning and Development
  • Cyber-attack simulations
  • Managed Incident Response
  • eForensics and eDiscovery

Information privacy and protection

Information is pervasive in our daily lives, with the adequate protection and management of data presenting a growing challenge for organisations. Conforming to the associated requirements ensures there are no unforeseen interruptions to your operations. Customer and employee concerns over personal information and sensitive data can lead to reputational risk. Breaches in data protection legislation can inhibit organizational change and adversely affect technology integration.

Deloitte’s Information Privacy and Protection service(s) helps organizations to identify and manage risks and opportunities associated with information management and data protection. We can help our engagements respond strategically and tactically to data asset management issues associated with globalization, diverse and conflicting legal and regulatory requirements, rapidly changing technology, and extended enterprises.
Deloitte’s experience can help our member firm clients understand the key factors for reducing exposure to critical risks and potential damage to brand, including help in the following areas:

  • Privacy and data protection strategy
  • Building an organization-wide inventory and classification map of personal data
  • Policies and procedures
  • Training and awareness
  • Cross-border data transfers
  • Data retention
  • Compliance with law enforcement requests
  • Building privacy controls into IT projects
  • Managing varied international compliance requirements
  • Audit and monitoring programs for on-going data protection compliance

Identity and access management

Identity and Access Management is a highly complex business issue that goes far beyond the IT department. It encompasses the entire organization, including business units, individual locations, systems, access points, business partners and customers. Complicating matters further, is the growing number of mobile employees, joint ventures and other business activities that expose IT systems to potential threats.

Deloitte’s Identity & Access Management (IAM) framework addresses all aspects of the identity and access management lifecycle. It is a holistic, business-focused approach that incorporates Deloitte’s experience related to processes, control, technology and security, with in-depth vendor software knowledge, to deliver a comprehensive and sustainable identity management solution.

Digital forensics and e-Discovery

The need for digital forensic investigations and e-Discovery is becoming more prevalent for organisations that are required to investigate activities, events or incidents as part of internal reviews or legal proceedings. Deloitte Ireland operates a state of the art forensic and eDiscovery laboratory to assist with small standalone, through to large complex investigations spanning various geographic locations. Our scale allows us to capture, review, process and store information from our secure purpose built forensic lab (based in Ireland), eliminating the headaches and need for unnecessary movement of sensitive data. 

Our experienced and certified professional personnel combine years of in-depth international experience across various industry and client sectors, coupled with knowledge of leading edge technologies and forensic toolsets. We provide an end to end service, from early case assessment through to evidence collection, analysis, production, reporting, litigation support, and expert witness services.

Deloitte understand the urgency, requirements and challenges associated with technical investigations. Our established, qualified, credible and proven track record uniquely positions us to respond within hours to immediate and urgent requirements. Deloitte are uniquely positioned to provide a forensic capability and incident response partnership with your organisation across the areas of digital forensics and e-Discovery.

Resilience and preparedness

Resiliency is a critical component of successful business management. Experience shows that typically more than 50 percent of businesses without an effective resiliency plan will ultimately fail following a major disruption. The need to ensure continuity of service has never been greater due to more organizations operating 24/7 and an increasing dependence on technology to conduct business. Increasing stakeholder and regulatory expectations demand an approach that ensures equal consideration is given to managing the immediate and longer term outcomes from incidents affecting people, processes, systems or events external to the organization.

Deloitte’s experience combined with the use of a robust operational resiliency framework methodology help our member firm clients create organizational resiliency, a state in which issues are identified and prevented before they arise, and prepare the client to manage the unexpected.

Our approach to resilience and preparedness:

  • Identify critical business processes
  • Analyse impact of disruption
  • Define operational and financial impacts of an outage
  • Agree on the maximum allowable outage for each process
  • Determine the resources needed to recover essential processes - Continuity Strategy Definition
  • Identify alternatives for meeting maximum allowable outages
  • Consider costs and benefits of the alternatives
  • Decide upon the most appropriate recovery strategy
  • Formalize backup resource agreements - Contingency Plan Implementation
  • Document business process recovery procedures
  • Document resource/infrastructure recovery procedures
  • Document contingency plan management procedures
  • Establish plan maintenance and testing processes

Focused services

Deloitte recognises that in today’s complex business environment, no organisation is the same and that each organisation must be able to adapt to address the different risks that they face. Organisations must implement and maintain proactive security governance and compliance programs to survive in today’s competitive market and achieve a fundamentally more secure state. Deloitte’s professionals help organisations address the unique challenges faced by each organisation, work with them and tailor a solution to their needs.

Deloitte provide focused services to provide clients with bespoke and real life solutions to issues faced, including:

Cyber security and M&A

The merger and acquisition cycle can be a particularly vulnerable time for an organisation. A cyber risk assessment should be completed early in the process to ascertain data security levels, threat posture - if merging systems/technologies or acquiring IP, and to document cyber attack procedures. Deloitte provides a range of services to support our clients, including the following:

  • Privacy and data protection strategy
  • eForensics and eDiscovery
  • Training and awareness
  • Incident Response Planning and Development
  • GDPR Readiness Assessment

Get in touch

Colm McDonnell

Colm McDonnell

Partner - Cyber Risk

Colm leads our Risk Advisory practice in Ireland specialising in security risk, regulatory and control assurance and consulting assignments. The Risk Advisory practice provides a large range of assura... More

Jacky Fox

Jacky Fox

Director - Cyber Risk

Jacky leads Deloitte’s Cyber Security and IT Forensic service lines in Ireland. She manages the Dublin based Security and Forensic lab which is home to the Deloitte Incident Response phone line. Jacky... More

Kelvin Garrahan

Kelvin Garrahan

Senior Manager – Cyber Risk

Kelvin has two decades of Industry and Consulting experience in Information Security. Kelvin joined Deloitte from a multinational online retailer and cloud computing provider where he was responsible ... More