Case studies

CBEST: Putting cyber defences to the test

We’ve helped some of the largest banks and insurers in the world assess their cyber risks and improve their attack and detection capabilities

It's what we do that makes the difference

Cyber-attacks are increasing in frequency and severity, forcing organisations across all sectors to test their defences and increase resilience in order to prevent costly data breaches and regulatory sanctions. The CBEST framework, launched by the Bank of England in 2014, is now the primary method for UK financial services organisations to voluntarily test their defences using advanced threat intelligence and realistic attack simulations.

Deloitte was involved with the Bank of England in developing CBEST, and is one of a select few organisations that are accredited to conduct the simulation services. In the past year, our cyber risk teams have conducted CBEST simulations with some of the largest banks and insurers in the world, to help them assess their cyber risks and improve their attack detection and response capabilities.

Deloitte is exporting this approach to other sectors, such as media and utilities, and the results are encouraging. We are seeing measurable improvement in the operational effectiveness of clients’ cyber defences, across people, process and technology. Clients are now better able to prioritise investment across their areas of greatest cyber risk, and can measure return on investment more accurately. Regulators - particularly in the financial sector - are benefiting from being able to assess the resilience of organisations that are systemically important to the UK’s critical national infrastructure.

As CBEST demonstrates its success in the UK, interest in the framework is coming from other countries including the US, Netherlands, China, Singapore, and Hong Kong, where cyber resilience is also a growing priority.

Did you find this useful?