Information security, privacy and confidentiality

2018 Global Impact Report
A new mindset for action

No organization is immune to cyberthreats.

During fiscal year 2017, we detected an attack on a single Deloitte cloud-based email platform. In response to this cyber incident, Deloitte initiated its standard and comprehensive incident response process, including mobilizing a team of cybersecurity and confidentiality experts to understand the scope of the incident, the potential impact to clients and other stakeholders, and to determine the appropriate cyber-incident response. We also engaged outside specialists to assure ourselves, clients and other stakeholders that the review was thorough and objective.

Our intensive and thorough review, which is complete, determined no disruption occurred to client businesses, to Deloitte's ability to serve clients, or to consumers.

Deloitte has long followed a global security strategy focused on keeping information and systems secure, constantly watching for potential threats, and immediately responding to actual or potential incidents.

Following the incident, we have continued to focus on these core activities, while also accelerating and enhancing certain strategy elements and our overall security architecture. Additionally, we continue to make significant investments in our cybersecurity capabilities consistent with our deep commitment to protect the information of member firm clients and network stakeholders.

The key facts regarding this incident can be found here.

Information Security

The Deloitte Global Information Security team works with Deloitte professionals around the world to help implement an aggressive information security strategy designed to:

  • Create a cohesive, worldwide program with consistent, high-quality security services.
  • Extend security tools worldwide for advanced protection of highly distributed data.
  • Reduce the risk of data loss through practitioner actions.


The Deloitte Global Privacy team provides guidance to local member firm Privacy officers who each implement programs within their firms to ensure compliance with applicable laws and maintain the confidentiality, integrity and appropriate availability of information. Deloitte Global privacy policies require all firms to comply with and implement common privacy principles across the network.

Deloitte welcomes the EU General Data Protection Regulation (GDPR) and the improved consistency of privacy and security requirements this will bring across the European Union as it relates to the handling of personal data. Deloitte is committed to working with clients to support compliance with privacy requirements as part of the provision of services.


The Deloitte Global Confidentiality team works with other Deloitte confidentiality leaders around the world to advance Deloitte’s approach to protecting confidential information. Deloitte uses various strategies such as confidentiality standards and controls to help ensure globally consistent protection for confidential information. Deloitte also has developed an innovative technology solution to make data protection simpler and more efficient. Additionally, the team also develops data security communications and training designed to help all Deloitte professionals understand the critical role they play in protecting all data. 


Stephanie Higgins
Chief Privacy Officer, Deloitte Global Privacy Office

Carmen Oveissi Field
Managing Director, Global Technology Services

Kevin Woertz
Chief Confidentiality Officer, Deloitte Global

Did you find this useful?