Skip to main content

Crisis & Resilience: Crisis Management

Modern society is exposed to a wide range of threats, such as cyberattacks, geopolitical tensions, and natural disasters, that can interrupt operations, harm reputations, and impact financial stability. The critical factor is being prepared and knowing how to respond effectively. By embedding resilience into everyday processes, companies can better withstand operational pressures, regulatory demands, and technological challenges.

Our Crisis & Resilience services help identify and manage risks, prevent crises, and establish effective response and recovery plans. 

Contact us
Download PDF

Crisis Management Challenges

Companies today operate in a complex and rapidly changing environment, facing various challenges.

Threats are becoming increasingly diverse, including sophisticated cyberattacks, operational failures, and external factors such as geopolitical instability, climate events, or pandemics that can disrupt supply chains and significantly impact business continuity.

Data is a critical asset and a potential vulnerability if not adequately protected. Managing the data lifecycle, classification, access control, and its secure sharing within and outside an organization is a major challenge. Issues also include data sovereignty (especially in the cloud) and the effective use of available data.

Moving to the cloud increases flexibility but also adds complexity to security management, particularly when using multiple providers. Common issues include lack of visibility into the cloud environment, configuration errors, or unclear distribution of responsibilities between providers and clients. Weaknesses in governance and monitoring can lead to vulnerabilities, data leaks, or regulatory non-compliance.

A well-defined, regularly updated crisis management plan outlining roles, responsibilities, and specific procedures during emergencies is essential. Its absence or incompleteness can result in delayed responses and poor decision-making, worsening potential crisis impact and extending recovery time.

The importance of a proactive approach to building resilience is often underestimated. Companies can only hardly handle or recover from crises without an integrated resilience strategy and clear plans to protect market value, brand, customer trust, and critical assets.

Partnerships with external suppliers pose significant risks. Unified criteria for vendor assessment, tools for performance monitoring, and clearly defined contractual obligations and security guarantees are key for effective third-party risk management, especially in cases of high dependencies.

The growing volume and complexity of regulations (e.g., DORA, NIS2, EU AI Act, EU Data Act) require a systematic approach to tracking changes, implementing measures, and ensuring compliance. Underestimating the importance of impact assessments and poor coordination between legal, ICT, and operational teams during implementation pose a critical pitfall.

How Deloitte Can Help

Our team of experts in cybersecurity, regulatory compliance, legal, and risk management, as well as in security measure implementation, supports a range of activities to enhance crisis preparedness and management, including

  • Identifying and assessing risks relevant to your business sector
  • Ensuring compliance via a comprehensive gap analysis against relevant regulatory requirements, including DORA, NIS2 / Cybersecurity Act, CER / Critical Infrastructure Act, EU AI Act, EU Data Act, Cyber Resilience Act (CRA), and others
  • Designing and implementing proactive business continuity plans
  • Developing and testing response and recovery plans, including scenario planning
  • Strengthening ICT infrastructure and boosting technological resilience, providing expert support and advice
  • Enhancing physical security measures
  • Assisting in gathering critical data

Our Crisis & Resilience services cover the full lifecycle of a crisis, helping clients identify, assess, and prevent crises, prepare for them, respond effectively, and recover quickly.

Our Other Related Services

NIS2 directive and the new Cybersecurity Act

The amendment to the Czech Cyber Security Act, implementing the NIS2 directive, brings several changes, including new and tightened obligations and an expanded range of obliged subjects, to whom the new legal text will apply. Although the transposition of the directive in the Czech Republic is only at the beginning of the legislative process, the law is expected to come into force by the end of 2024, and it is therefore time to start preparing for it.
Service

DORA a NIS2 – two legislative instruments of the EU

The European Union is continuously strengthening its regulations to increase digital resilience in the financial sector – the DORA regulation and the NIS2 directive are part of the constantly developing regulatory framework.
Service

Critical Entities Resilience Directive

The Critical Entities Resilience (CER) Directive 2022/2557, forming a set of EU guidelines and recommendations aimed at reducing vulnerabilities and enhancing the resilience of critical entities against various threats, came into effect in 2024. 
Service

DORA regulation and Deloitte DORA Maturity Assessment Tool

DORA is an initiative of the EU on digital operational and cyber resilience relevant mainly to the financial services sector. We will guide you through a complete assessment of your DORA maturity, using our specialized tool.
Service

Contact us

Jakub Höll

Jakub Höll

Director
+420 734 353 815
Jakub Ptáčník

Jakub Ptáčník

Manager
+420 732 444 069