Not just a “tech issue”
“I was attracted to this role, in part, because I share my colleagues’ holistic approach to cyber incident response,” Gelinne says. “We understand cyber breaches aren’t just a technologist’s problem. Our approach is designed to prepare and validate an organization’s overall cyber resilience from the boardroom, to the war room, to the individual employee, to the organization’s stakeholders and customers.”
Galligan, who spends much of her time educating clients’ board members and senior executives about the risks their organizations face, agrees. “Deloitte helps clients focus on what matters most from both a business and technology risk perspective, and then provides tailored and cost-effective solutions,” she says. “Beyond that, what stands out to me is the trust clients place in Deloitte. Because our professionals serve so many among the Fortune Global 500®, there isn’t much we haven’t seen. Clients value that, and respect the knowledge we have about their organizations and industries.”
That knowledge is especially evident in cyber wargaming. “Many consultants offer wargaming, but for most, it’s a tabletop discussion versus a true wargame that really tests a client’s full response capabilities,” Galligan says. Adds Gelinne: “Cybersecurity is a team sport. It takes all hands on-deck to be successful. So, when Cyber Risk Services tailors wargames for clients—which we customize to each client’s industry and build in probable scenarios, drawn from real-life experiences and client situations—we bring the whole organization to the table and aggressively test their response plans and communications channels.”
Galligan says requests for cyber wargaming continue to increase, in part, because regulators are writing stricter, new guidelines urging organizations to not only have resiliency plans in place, but also have them tested—preferably by objective, third parties like Deloitte.
“With cyber attacks in the headlines so frequently, fear of a major incident often drives investment. But, we encourage our clients to consider cyber risk as a positive component of their forward-looking initiatives,” Galligan says. “Organizations constantly create advantages through new technologies, expansion, mergers and acquisitions, new customer-engagement models, and more. Managing cyber risks is critical to the success of these moves. Threat actors can steal information, disrupt operations, corrupt data, shut down controls, and destroy clients’ systems.
“Organizations need to tighten up how they address those risks. This is a strategic concern, not just a technology concern,” she continues. “There’s a lot of self-gratification in being able to help clients transform their approaches. I spent 25 years with the FBI helping people, and I’m glad I’m still doing that with Deloitte US.”
“Deloitte”, “we”, “us”, and “our” refer to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. See additional information.