Deloitte To Invest £430 Million On Cybersecurity Defences

As cyber threats continue to evolve, threatening the security of consulting firms and clients alike, Deloitte has announced plans to significantly boost its cyber security offering. Having already commenced a hiring spree in the field in Europe, the firm will now invest £430 million into its cybersecurity line, following a major breach of its defences in 2017.

As of last year, Deloitte remains the largest global provider of cybersecurity consulting. The firm raked in $2.8 billion in revenues from the service line in 2016 alone, the largest part of a billion more than its nearest competitor, fellow Big Four firm EY. 

Meanwhile, top ten competitors such as BAE Systems have actually scaled back spending on the lucrative business, meaning Deloitte’s position as the leader of the pack looked increasingly reassured.

However, 2017 was also the year that the Deloitte was hit by a major breach of security. A hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”, including significant aspects of US governmental apparatus. 

Despite Deloitte referring to the process as a “sophisticated hack” meanwhile, the Guardian newspaper revealed the breach to the public, also reported sources having stated that the account required only a single password, and did not have “two-step” verification.

While a subsequent investigation from disgraced former New York Attorney General Eric Schneiderman seems to have vanished following his exit from office amid sexual abuse allegations, Deloitte remains keen to avoid any further controversy on the matter. As a result, the Big Four firm has announced plans to pump £430 million into bolstering its own cybersecurity defences. 

As well as helping to restore the trust of clients in the firm’s security, Deloitte’s increased cyber security budget will go towards advanced monitoring capabilities, more staff for the cyber team and new technologies to improve data protection. 

The news follows the announcement of the company’s European practice in March that it planned to hire another 500 staff to work in cyber security by the end of 2018. The first marquee hire of this intake was former Executive Director of European law enforcement agency Europol, Rob Wainwright, who arrives at the firm in June with a remit to focus on cyber-crime and fraud.

Larry Quinlan, Deloitte’s global Chief Information Officer, said the firm was upping its spending in the area to combat cyber threats which are “evolving and persistent”. He further explained, “Cyber threat management is a fundamental part of doing business today and requires more than just the right technology and infrastructure. It requires the right behaviours as well.”

Quinlan then pointedly added, “No company or industry is immune from a cyber incident.”

This is something that entities of all shapes and sizes will be well aware of. Last year fellow consultancy Accenture was caught out with lax cyber defences, having left client information in a unprotected cloud server. 

Financial institutions are the most common target, perhaps unsurprisingly, with large companies including Equifax, JPMorgan, Merck and DLA Piper among those that have fallen victim to high-profile hacks of late. 
The implementation of Europe’s long heralded General Data Protection Regulation in May has also added further pressure on companies to boost their defences, with fines for breaching the rules of up to €20 million, or 4% of a company’s turnover, depending which is higher.

Similarly, to Deloitte, the UK National Health Service was also caught out by a low-level hack in 2017. The WannaCry ransomware which breached patient data was able to enter the system via a gap left by legacy software which had not been updated beyond Windows XP as a cost-cutting measure for the cash-strapped NHS. Now the NHS is set to spend £150 million on cyber security to avoid future breaches of this kind.

Consultancy UK:

You Might Also Read: 

Deloitte Hit by Cyber Attack: Clients' Private Data Exposed:

Europol Chief Moves to Deloitte:

 

« British Universities Have Many Cyber Threats
Trump / Kim Summit Attracts A Heavy Wave of Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

Security Brigade

Security Brigade

Security Brigade is an information security firm specializing in Penetration Testing, Vulnerability Assessment, Web-application Security and Source Code Security Audit.

Milton Security Group

Milton Security Group

Milton Security develops products to provide security, visibility and control over your network to keep it Operational and Secure.

CLUSIF

CLUSIF

Clusif is the reference association for digital security in France. Its mission is to promote the exchange of ideas and feedback through working groups, conferences and publications.

Asoftnet

Asoftnet

Asoftnet are specialists in IT security, IT forensics, IT service, websites, applications and mobile solutions.

Vintegris

Vintegris

Vintegris are a Certification Authority and manufacturer of innovative systems and applications for the full cycle of digital identity.

Commonwealth Cybercrime Initiative (CCI)

Commonwealth Cybercrime Initiative (CCI)

The CCI unites 35 international organisations contributing to multidisciplinary programmes in Commonwealth countries. These organisations form the CCI Consortium.

Sierra Ventures

Sierra Ventures

Sierra Ventures is an early-stage venture firm investing globally with a focus on Next Generation Enterprise and Emerging Technologies.

Stamus Networks

Stamus Networks

Stamus Networks offers Scirius Security Platform solutions that marry real-time network traffic data with enhanced Suricata intrusion detection (IDS) and an advanced analytics engine.

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance provides an array of cybersecurity services including cybersecurity policy management, risk assessments and regulatory compliance consulting.

SubRosa Cyber Solutions

SubRosa Cyber Solutions

SubRosa Cyber Solutions solves its clients’ most tenacious information security, risk and compliance challenges through a multitude of information technology services and expertise.

Baxter Clewis Consulting

Baxter Clewis Consulting

Baxter Clewis are cyber security and compliance experts. We provide Security Consulting, IT Assurance, and Technical Security services.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Cufflink

Cufflink

Cufflink makes your business more secure, compliant and trusted. We limit the likelihood and impact of a data breach by controlling exactly what can and can't be done with personal data.

Dawgen Global

Dawgen Global

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region providing a range of services including Risk Management and Information Systems Assurance.

BCyber

BCyber

BCyber is a Swiss Cyber Security company that provides security products, training, and managed services to protect diverse IT and OT environments against cyber, physical, and cyber-physical threats.