Skip to main content

Securing cyber success with flexible operations

The Road to Reshaping Business is a series of articles exploring industry trends, strategic imperatives and practical steps for enterprise leaders who are looking to embed continuous advantage into their operations. In this first article, we dive into the quickly evolving, mission-critical landscape of cybersecurity operations.

Rapid technology development and data-driven products and services have generated exciting new revenue opportunities, insights and enhanced customer experiences in recent years. But these have also opened the door to new and increasingly sophisticated cybersecurity threats. Deloitte Global’s 2023 Future of Cyber Survey found that 91% of organisations are reporting at least one cyber incident or breach, compared to 88% in the 2021 survey. New threats are also evolving at a quicker pace than ever before and cyber talent is becoming increasingly difficult to find and retain to help organisations prepare for, detect and respond to incidents.

Despite the challenges, leading enterprises across industries are seeking more flexible and adaptable cyber capabilities to move beyond mitigating traditional risk and into driving growth. In this article we’ll explore three key industry use cases that are often overlooked, demonstrating how flexible and innovation-orientated cybersecurity can be crucial to long-term business performance.

Few cyber business cases ask for more flexibility and adaptability than mergers and acquisitions (M&A). Absorbing a new product, team or entire company can bring huge implications for cybersecurity. It can involve significant change, which often occurs at a very fast pace with limited resources for true “change management.” From new employee connected devices and data permissions, to new system and technology integrations, M&A requires a dynamic cyber operation to navigate the complexities efficiently with minimal sacrifice on risk exposure and end-user experience.

A key challenge for M&A cybersecurity is agility. Between the beginning of an acquisition and the moment of successful integration, the business can be vulnerable. In some cases, bad actors may even target organisations they know are in the midst of an acquisition to exploit cyber vulnerabilities. But organisations often have limited capabilities to handle those new vulnerabilities and the pressure to move quickly with integration sometimes outweighs cybersecurity priorities.

With a comprehensive and agile suite of cyber capabilities and strategic experience in both IT and change management, the right next-generation managed service provider, also referred to as an "Operate" service provider, can empower enterprises to navigate M&A with both the speed and security they need to thrive. These providers can often stand up policies and protocols that are designed to secure the transition and integration phase much faster and more efficiently than a typical internal cyber and IT team with limited staff and resources. They can quickly mobilise security operations in the as-is tech environment of an acquisition, establishing business-enabling and threat-mitigating capabilities immediately, while running security operations from Day 1 and executing and running overall tech transformation and integration projects in parallel.

There is a lot of industry commentary on the Internet of Things (IoT)—with more devices than ever connecting to the Internet—and its impact on cybersecurity vulnerabilities.

One of the common mistakes that businesses make is treating Internet of Things (IoT) cybersecurity as an extension of their enterprise IT. The reality is that world-class IoT security often needs its own unique cyber management, monitoring and safeguards to be effective and retain customer trust. Many companies simply don’t have the teams or technology to handle the nuanced and complex vulnerabilities of IoT cybersecurity, leaving them more exposed to risk than they may realise. They may miss opportunities for early detection and response if their teams and technologies aren’t trained on the specialised telemetry produced by these devices or on threats specific to how these devices are deployed and used. In the event of a breach, are their existing tools and protocols sufficient to resolve the situation?

In IoT cybersecurity, using Operate service providers can help close that resource and skills gap so that enterprises can safely leverage the value of their IoT without taking on additional exposure from ill-fitting cyber standards. Through access to flexible pools of in-demand and hard-to-find cyber resources with deep IoT experience and the latest market-leading technology, Cyber Operate providers can offer the agility needed to stand up, monitor, iterate, run and optimise IoT and enterprise IT cybersecurity on an ongoing basis.

Many organisations are struggling to keep up with the shifting landscape of cyber regulations and are increasingly relying on third parties to help reduce exposure and risk. Deloitte’s 2022 Global Outsourcing Survey found that 81% of executives turn to third-party vendors to provide, in full or in part, their cybersecurity capabilities. Businesses are often relying on multiple technology and service vendors—creating a complex web of processes and technologies to manage and keep up to date. Many are now looking to a single Operate service provider to help consolidate, orchestrate and assist in overseeing the ongoing management of their mission-critical cybersecurity operations.

One of Deloitte US’s Cyber Operate service clients is an international bank who originally engaged us to resolve a complex challenge with securing business applications, with both regulatory and cybersecurity implications. As is well known, financial services is one of the most highly-regulated industries. These companies also have extremely diverse technology ecosystems—with thousands of applications that often consist of both highly customised code and off-the-shelf enterprise software. Some of these applications may be on-premise and many are likely in the cloud. For this client, a combination of factors made for complex challenges in both compliance and cybersecurity.

Our cybersecurity team assessed the client’s business and compliance challenges with implementing efficient security controls throughout the software development lifecycle (SDLC). They then implemented a DevSecOps (Development, Security and Operations) cybersecurity control factory, leveraging platform and methodology to identify, prioritise and manage security vulnerabilities within their critical applications at speed and scale— a function Deloitte continues to operate today. Together with the fully-managed Operate solution, the client has achieved a 100% reduction in compliance violations and over 80% reduction in security-related release delays for 3000+ business applications.

As with this example—when operating in a world of ever-changing and increasingly complex regulations—using an Operate service provider can help businesses stay up to date and prioritise growth opportunities in two ways. The first is by staying on top of regulatory changes with both global and local experienced professionals who are specialists in the industry and regions in which businesses operate. Second, is by having operational capabilities built on up to date, comprehensive, market-leading technologies that enable organisations to achieve compliance and security outcomes while adaptively evolving with the ever-changing technology landscape.

Finding a flexible path forward

In all three examples—M&A, IoT and evolving regulations—we see those enterprises who have the flexibility to adapt to rapid change being in the best position to turn cybersecurity from simple risk prevention into a catalyst for growth. We know that agility is often easier said than done. Outsourcing specific capabilities and mission critical areas of business to a third-party can be a daunting prospect. However, a top tip would be to look at providers with robust and holistic Operate service credentials and in-depth domain and industry-specific expertise. These should help to empower enterprises to secure future success at scale.

For more insights into the evolving global cybersecurity landscape, you can explore Deloitte Global’s 2023 Future of Cyber Survey. To learn more about Deloitte’s Cyber Operate capabilities and read real stories from leading organisations, visit: Managed Extended Detection & Response (MXDR) by Deloitte and Digital Identity by Deloitte.

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey