Deloitte To Invest £430 Million On Cybersecurity Defences

Uploaded on 2018-06-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Consulting

As cyber threats continue to evolve, threatening the security of consulting firms and clients alike, Deloitte has announced plans to significantly boost its cyber security offering. Having already commenced a hiring spree in the field in Europe, the firm will now invest £430 million into its cybersecurity line, following a major breach of its defences in 2017.

As of last year, Deloitte remains the largest global provider of cybersecurity consulting. The firm raked in $2.8 billion in revenues from the service line in 2016 alone, the largest part of a billion more than its nearest competitor, fellow Big Four firm EY. 

Meanwhile, top ten competitors such as BAE Systems have actually scaled back spending on the lucrative business, meaning Deloitte’s position as the leader of the pack looked increasingly reassured.

However, 2017 was also the year that the Deloitte was hit by a major breach of security. A hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”, including significant aspects of US governmental apparatus. 

Despite Deloitte referring to the process as a “sophisticated hack” meanwhile, the Guardian newspaper revealed the breach to the public, also reported sources having stated that the account required only a single password, and did not have “two-step” verification.

While a subsequent investigation from disgraced former New York Attorney General Eric Schneiderman seems to have vanished following his exit from office amid sexual abuse allegations, Deloitte remains keen to avoid any further controversy on the matter. As a result, the Big Four firm has announced plans to pump £430 million into bolstering its own cybersecurity defences. 

As well as helping to restore the trust of clients in the firm’s security, Deloitte’s increased cyber security budget will go towards advanced monitoring capabilities, more staff for the cyber team and new technologies to improve data protection. 

The news follows the announcement of the company’s European practice in March that it planned to hire another 500 staff to work in cyber security by the end of 2018. The first marquee hire of this intake was former Executive Director of European law enforcement agency Europol, Rob Wainwright, who arrives at the firm in June with a remit to focus on cyber-crime and fraud.

Larry Quinlan, Deloitte’s global Chief Information Officer, said the firm was upping its spending in the area to combat cyber threats which are “evolving and persistent”. He further explained, “Cyber threat management is a fundamental part of doing business today and requires more than just the right technology and infrastructure. It requires the right behaviours as well.”

Quinlan then pointedly added, “No company or industry is immune from a cyber incident.”

This is something that entities of all shapes and sizes will be well aware of. Last year fellow consultancy Accenture was caught out with lax cyber defences, having left client information in a unprotected cloud server. 

Financial institutions are the most common target, perhaps unsurprisingly, with large companies including Equifax, JPMorgan, Merck and DLA Piper among those that have fallen victim to high-profile hacks of late. 
The implementation of Europe’s long heralded General Data Protection Regulation in May has also added further pressure on companies to boost their defences, with fines for breaching the rules of up to €20 million, or 4% of a company’s turnover, depending which is higher.

Similarly, to Deloitte, the UK National Health Service was also caught out by a low-level hack in 2017. The WannaCry ransomware which breached patient data was able to enter the system via a gap left by legacy software which had not been updated beyond Windows XP as a cost-cutting measure for the cash-strapped NHS. Now the NHS is set to spend £150 million on cyber security to avoid future breaches of this kind.

Consultancy UK:

You Might Also Read: 

Deloitte Hit by Cyber Attack: Clients' Private Data Exposed:

Europol Chief Moves to Deloitte:

 

« British Universities Have Many Cyber Threats
Trump / Kim Summit Attracts A Heavy Wave of Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Exclusive Networks

Exclusive Networks

Exclusive Networks accelerate market entry and growth for innovative cybersecurity, networking and infrastructure technologies.

ForgeRock

ForgeRock

ForgeRock, the leader in digital identity, delivers comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world.

Konfidas

Konfidas

Konfidas provide high-level cybersecurity consulting and professional tailored solutions to meet specific cybersecurity operational needs.

CUIng.org

CUIng.org

The CUIng initiative was launched to tackle the problem of criminal exploitation of information hiding techniques.

Nexthink

Nexthink

Using our solution, hundreds of IT departments effectively balance offering a productive and enjoyable end-user experience with making the right decisions to secure and transform the digital workplace

KOS-CERT

KOS-CERT

KOS-CERT is the national Computer Incident Response Team for Kosovo.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

ECOMPLY

ECOMPLY

ECOMPLY is an all-in-one GDPR Compliance Solution. Efficient data protection management system for businesses and DPOsomply.

National CyberWatch Center - USA

National CyberWatch Center - USA

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

TechForing

TechForing

TechForing Ltd. works for business organization's cyber security and cyber crime incident managements. We help business to secure their business online.

Brighterion

Brighterion

Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.

StateRAMP

StateRAMP

StateRAMP reduces risk from unsecure cloud solutions and protects data by providing State and local governments a standardized approach for verifying and monitoring security postures.

Cigent Technology

Cigent Technology

Cigent keeps the most valuable asset in your organization safe—your data. Our advanced endpoint and managed network security solutions prevent ransomware and data theft.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

Cranium

Cranium

AI is being implemented into every business process, but nobody knows whether their AI is secure. Our mission is to deliver security and trust to the AI revolution.

SecureDApp

SecureDApp

SecureDApp is a blockchain security company that specialises in offering comprehensive security solutions to companies operating in the web3 space.