Deloitte To Invest £430 Million On Cybersecurity Defences

As cyber threats continue to evolve, threatening the security of consulting firms and clients alike, Deloitte has announced plans to significantly boost its cyber security offering. Having already commenced a hiring spree in the field in Europe, the firm will now invest £430 million into its cybersecurity line, following a major breach of its defences in 2017.

As of last year, Deloitte remains the largest global provider of cybersecurity consulting. The firm raked in $2.8 billion in revenues from the service line in 2016 alone, the largest part of a billion more than its nearest competitor, fellow Big Four firm EY. 

Meanwhile, top ten competitors such as BAE Systems have actually scaled back spending on the lucrative business, meaning Deloitte’s position as the leader of the pack looked increasingly reassured.

However, 2017 was also the year that the Deloitte was hit by a major breach of security. A hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”, including significant aspects of US governmental apparatus. 

Despite Deloitte referring to the process as a “sophisticated hack” meanwhile, the Guardian newspaper revealed the breach to the public, also reported sources having stated that the account required only a single password, and did not have “two-step” verification.

While a subsequent investigation from disgraced former New York Attorney General Eric Schneiderman seems to have vanished following his exit from office amid sexual abuse allegations, Deloitte remains keen to avoid any further controversy on the matter. As a result, the Big Four firm has announced plans to pump £430 million into bolstering its own cybersecurity defences. 

As well as helping to restore the trust of clients in the firm’s security, Deloitte’s increased cyber security budget will go towards advanced monitoring capabilities, more staff for the cyber team and new technologies to improve data protection. 

The news follows the announcement of the company’s European practice in March that it planned to hire another 500 staff to work in cyber security by the end of 2018. The first marquee hire of this intake was former Executive Director of European law enforcement agency Europol, Rob Wainwright, who arrives at the firm in June with a remit to focus on cyber-crime and fraud.

Larry Quinlan, Deloitte’s global Chief Information Officer, said the firm was upping its spending in the area to combat cyber threats which are “evolving and persistent”. He further explained, “Cyber threat management is a fundamental part of doing business today and requires more than just the right technology and infrastructure. It requires the right behaviours as well.”

Quinlan then pointedly added, “No company or industry is immune from a cyber incident.”

This is something that entities of all shapes and sizes will be well aware of. Last year fellow consultancy Accenture was caught out with lax cyber defences, having left client information in a unprotected cloud server. 

Financial institutions are the most common target, perhaps unsurprisingly, with large companies including Equifax, JPMorgan, Merck and DLA Piper among those that have fallen victim to high-profile hacks of late. 
The implementation of Europe’s long heralded General Data Protection Regulation in May has also added further pressure on companies to boost their defences, with fines for breaching the rules of up to €20 million, or 4% of a company’s turnover, depending which is higher.

Similarly, to Deloitte, the UK National Health Service was also caught out by a low-level hack in 2017. The WannaCry ransomware which breached patient data was able to enter the system via a gap left by legacy software which had not been updated beyond Windows XP as a cost-cutting measure for the cash-strapped NHS. Now the NHS is set to spend £150 million on cyber security to avoid future breaches of this kind.

Consultancy UK:

You Might Also Read: 

Deloitte Hit by Cyber Attack: Clients' Private Data Exposed:

Europol Chief Moves to Deloitte:

 

« British Universities Have Many Cyber Threats
Trump / Kim Summit Attracts A Heavy Wave of Cyber Attacks »

Directory of Suppliers

Tenable Network Security

Tenable Network Security

Tenable Network Security - The Rise of the Business-Aligned Security Executive. Is your security operation aligned with the overarching goals of the business?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

WEBINAR: How to achieve security visibility at scale in the AWS Cloud

WEBINAR: How to achieve security visibility at scale in the AWS Cloud

Thursday August 27, 2020: Join SANS and AWS Marketplace to learn how you can leverage solutions to create visibility at scale and allow you to do more with your data and improve your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

CERT Estonia

CERT Estonia

CERT Estonia deals with security incidents that occur in Estonian networks, start there, or which it has been notified about by citizens or institutions either in Estonia or abroad.

Backup112

Backup112

Backup112 has been delivering professional cloud backup services since 2004.

Robert Half Technology

Robert Half Technology

Robert Half Technology offers a full spectrum of technology staffing solutions to meet contract and full-time IT recruitment needs.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

Red Alert Labs

Red Alert Labs

Red Alert Labs is an IoT security provider. We created an independent security lab with a disruptive business offer to solve the technical and commercial challenges in IoT.

Brimondo

Brimondo

At Brimondo we help you to maximize and protect your brand value by being a proactive and strategic partner within brand protection with experts within intellectual property and digital assets.

QuantumCTek

QuantumCTek

QuantumCTek is a pioneer in commercialized quantum information technology (QIT) and one of the world's biggest manufacturers of QIT-enabled ICT security products and services.