Cyber Risk Management and Compliance


Cyber Risk Management and Compliance

Understanding the current status of an organization’s security posture requires constant evaluation of evolving risks, security standards and cyber regulations. Today’s complex and distributed IT landscape and third-party involvement means organizations must take a structured approach to understanding the road ahead.

How Deloitte can help?

Deloitte’s diverse experience in managing cyber risk and compliance can help organizations to (i) define tailored cyber-risk management frameworks, (ii) support risk transfer via cyber insurance, (iii) set and implement cyber-control frameworks and (iv) ensure compliance with cybersecurity regulations.

Deloitte proposition overview

  • Cyber Risk Management - Defines framework and methodologies to assess cyber risks in order for the organization to understand their magnitude and make informed decisions that align the organization’s risk appetite with the risks it faces
  • Security Control Framework - Defines tailored security-control frameworks based on the use of best practices as guiding principles. Developing policies, procedures and standards.
  • Security and Regulatory Compliance - Assists and prepares compliance with EU, national and/or sectoral cybersecurity regulations.
  • Third-Party Risk Management - Customizes services at each step of the third-party cyber-risk management lifecycle. Providing end-to-end oversight of the third-party risk management program.
  • Cyber Insurance - Evaluates coverage of existing insurance policies. Determines areas where residual cyber risk could be transferred to an insurer.
  • Cyber Risk Dashboarding - Designs and implements risk dashboard constituents, including Key Risk Indicators (KRIs) and dashboards to facilitate effective monitoring of cyber risk from the Boardroom to the network.


Gives assurance about the alignment of cyber risk management with risk appetite of the organisation but also with applicable cyber regulations. Ensures that a risk-based approach is taken to reach optimal use of security resources/ budget.

Our approach & methodology

Deloitte has developed a set of mature proprietary methodologies and tools, complemented by vendor alliances. Our consultants have developed a deep knowledge and experience with security control frameworks and regulations as well as a strong experience in integrating cyber risk into the broader enterprise risk management framework.


Stéphane Hurtaud

Stéphane Hurtaud

Partner | Cyber Security Leader

Stéphane is a partner within our Risk Advisory practice. He has over 21 years of experience in the IT risk, Information Security and IT audit fields, with a strong focus on the financial services indu... More

Maxime Verac

Maxime Verac

Director | Information & Technology Risk

Maxime Verac is a Director within Deloitte’s Information & Technology Risk services in Luxembourg. He has 14 years of experience in Information Security. During the last 14 years, as a consultant, he ... More