Cyber Strategy

Cyber everywhere. Succeed Anywhere.

The ability to innovate, to use new technologies, and to grow securely requires an end-to-end cyber risk strategy driven by an organization’s executive leadership. Deloitte's Cyber Strategy services balance the requirements to be secure, vigilant, and resilient with strategic objectives and the risk appetite of the organization. We help develop an actionable roadmap and governance model to support security priorities in an era where cyber is everywhere.

We help organizations align with current standards and assist them in implementing cyber security policies that match their desired end state.

  • Cyber Strategy Framework (CSF) Enables organizations to identify and understand their key business risks and cyberthreat exposures. Defines cyber strategies, actionable cyber roadmaps and reference architectures in line with the findings of a maturity assessment.
  • Cyber Target Operating Model Constructs an appropriate target state for cybersecurity roles, responsibilities, related processes and governance functions. These take into account the organization’s existing structure, team capabilities, resource availability and third-party ecosystem.

We help organizations develop practical solutions to achieve better visibility over key components of their cyber risk program, leveraging leading vendor GRC platforms or custom-built solutions.

  • Cyber Risk Management Defines framework and methodologies to operationalize assessment of cyber risks to understand their magnitude and make informed decisions that align the organization’s risk appetite with the risks it faces. Evaluates coverage of existing insurance policies. Determines areas where residual cyber risk could be transferred to an insurer. Leverages leading GRC solutions to unify and automate cyber risk management activities across the organization, including risk governance, risk reporting and metrics.
  • Cyber Policies Management Defines the cyber security policy management framework/process to manage the entire lifecycle for scoping, designing, authoring, reviewing and publishing cyber policies. Develops cyber policies that define controls required to address cyber risks.
  • Third-Party Risk Management Customizes services at each step of the third-party cyber-risk management lifecycle. Providing end-to-end oversight of the third-party risk management program.
  • Cyber Compliance Management Assesses and prepares compliance with international cybersecurity standards (e.g., ISO/IEC 27001), as well as EU, national and/or sector specific cybersecurity regulations.
  • NIS Directive Compliance Assesses and prepares organizations, such as National Competent Authorities (NCAs), Single Point of Contacts (SPOCs), CSIRTs, Operators of Essential Services (OES), and Digital Service Providers (DSPs), for compliance with requirements enhancing the security of network and information systems. Helps organizations develop cyber risk capabilities that address security requirements and incident notifications.

We help business leaders gain a better understanding of the cyber risk landscape, including how it may impact their particular organization, and establish cyber risk management priorities.

  • Cyber Security and Privacy Technical training Cyber Security and Privacy Technical training for Cyber Security and Privacy professionals (IT, Cyber Security, Privacy departments).
  • Cyber Security and Privacy Awareness training Cyber Security and Privacy Awareness training for all employees.
  • Social Engineering - "Human Firewall' Testing Through technical simulation exercises (such as Phishing, Tailgating Exercises, USB Drop, Password Complexity Test) we test the human element of the organization.


Andrei Ionescu

Andrei Ionescu

Partner-in-Charge Risk Advisory

Partner leading the Management Consulting and Risk Advisory services in the Romania & Moldova practice. Andrei has more than 20 years of experience in risk management, cyber risk, internal audit, frau... More