Andrew Morrison

Andrew is a principal in Deloitte & Touche LLP’s Cyber Risk Services practice and specializes in assisting clients with the risk associated with cyber threats. Andrew currently serves as the US leader for Deloitte’s Cyber Risk Resilience practice. In this capacity, he is responsible for Deloitte’s Cyber Incident Response, Cyber Wargaming, and Cyber Resilience services. His focus is on the development and delivery of cross-industry services helping clients improve their preparedness for cyberattacks, and accelerating enterprise business recovery in the wake of cyber incidents. Andrew has 20 years of experience in information security and privacy. Andrew primarily serves clients in the financial services industry and serves as Deloitte’s lead client service partner for a number of strategic banking and securities clients. Andrew is a frequent speaker on cyber risk topics for boards, conferences and the media and maintains the Certified Information Systems Security Professional and Certified Information Security Manager certifications.