Cyber Strategy, Transformation and Assessments


Cyber Strategy, Transformation and Assessments

In today’s complex business environment and with cyberattacks occurring with greater frequency and severity, you, as board members and executives are increasingly becoming aware that technology-based initiatives open doors to cyber risks. The need to act is known but what to do, the scale to do it, and in what order, then becomes key to continue to enable secure, available and trusted operations.

That is why you must implement and maintain proactive security governance, strong management practices and compliance programs to survive in today’s competitive market and to achieve operational excellence aligned with your strategy, vision and risk appetite.

How Deloitte can help?

Our services help organisations establish their strategic direction and structures, and develop effective cyber-risk reporting. They support the creation of executive-led cyber risk programmes. They account for the client’s risk appetite, helping organisations identify and understand their key business risks and cyber threat exposures. They also enable clients to measure their cyber maturity and address their requirements to be secure, vigilant and resilient.

Deloitte uses its unique Cyber Strategy Framework to accomplish this. It captures an organisation’s unique characteristics as well as its current and target state of capability maturity. It also contains a library of good practice attributes for the organisation to work towards as part of its cyber strategy.

In support of this strategy, we help organisations to define the target cyber operating model that is necessary to achieve and maintain the target state. We also help to mobilise, manage and deliver cyber-security transformation programmes that drive increased maturity and reduce overall levels of cyber risk.

Deloitte proposition overview

  • Cyber Maturity Assessments – Enables organizations to identify and understand their key business risks and cyber threat exposures. This supports the measurement of their cyber maturity, either using industry-standard frameworks or Deloitte’s proprietary Cyber Strategy Framework, where we will assess a specific set of capabilities tailored to your organization, by considering its context and environment (threat exposure, risk appetite, regulatory landscape, structure of the organization, etc.).
  • Cyber Security Strategy, Roadmap and Architecture – Defines cyber strategies, actionable cyber roadmaps and reference architectures in line with the findings of a maturity assessment. Recommendations are based on a defined target state that is determined by organisations threat exposure, risk appetite and environment (including regulatory landscape).
  • Cyber Target Operating Model – Constructs an appropriate target state for cyber security roles, responsibilities, related processes and governance functions. These take into account organizations existing structure, team capabilities, resource availability and third-party eco-system.
  • Cyber Transformation – Mobilises, manages and delivers a structured and prioritised programme of work to help organisations transform to improved cyber governance, security, vigilance and resilience.


Defining a clear cyber strategy gives direction and oversight to an organizations management and board over cyber risk, and the priorities and budgets needed to bring this risk within their appetite. The output provides a holistic view of cyber that enables better-informed business and strategy decisions, and more confidence in the real level of organization risk, and the key activities needed to manage and remediate those risks.

Our approach & methodology

Deloitte’s own cyber capability model ensures a robust governance structure and continued business value while being secure, vigilant and resilient.

Cyber Strategy Framework (CSF)

The Deloitte CSF is a business-driven, threat-based approach to conducting cyber assessments based on an organization’s specific business, threats and capabilities. CSF incorporates a proven methodology to assess an organization’s cyber resilience; a leading catalogue of good practice standards for cyber, which enable us to conduct assessments against specific standards; and advanced reporting capabilities (e.g. dashboards that can be customized for an executive, managerial and operational audience.)


Laurent Berliner

Laurent Berliner

Partner | EMEA FSI Risk Advisory Leader

Laurent Berliner is our Risk Advisory Leader for Luxembourg and for the Financial Services Industry for the EMEA region. Laurent is also a member of Deloitte Global Financial Services Industry Risk Ad... More

Stéphane Hurtaud

Stéphane Hurtaud

Partner | Information & Technology Risk

Stéphane is a partner within our Risk Advisory practice. He has over 21 years of experience in the IT risk, Information Security and IT audit fields, with a strong focus on the financial services indu... More

Maxime Verac

Maxime Verac

Senior Manager | Information & Technology Risk

Maxime Verac is a Senior Manager within Deloitte’s Information & Technology Risk services in Luxembourg. He has 10 years of experience in Information Security. During the last 10 years, as a consultan... More