Skip to main content

Planning for change

US financial leader improves cybersecurity and regulatory compliance with a technology and strategy transformation

The starting point

Cyberattackers know where the money is. They relentlessly target financial institutions through increasingly sophisticated tactics—hoping to infiltrate systems, leverage Data to their advantage, create chaos and profit. Whether the end game is collecting a ransom, compromising bank accounts or causing business disruption, there is no denying their potential to cause lasting harm.

Regulators worldwide continue to take note, vigorously establishing and enforcing rules as they seek to ensure that banks and other financial institutions remain sound and secure. For one large US financial company, the growing pressure from regulators led their leaders to take a hard look at their organisation’s existing and future cyber Capabilities and ultimately begin charting a new path—one that would provide greater visibility into Data, boost security and improve compliance.

The combination of siloed business, risk and technology functions and interconnected systems created challenges as the company began defining its ambition and pondering a way forward. And while company leaders wanted to improve their incident readiness with a cyber recovery vault, they quickly realised they needed to do more than install the new technology. They needed a business-centric approach to cyber that synchronised a much broader set of Capabilities that ultimately drove their cyber transformation.

Factors in focus

 


  • Growing regulatory pressure and scrutiny around cybersecurity
  • Stakeholder concerns over organisation’s cyber readiness
  • Need for broader transformation focused on business needs

The way forward

The company had already taken an important step toward greater resilience. It had selected a vendor to provide a cyber recovery vault. Such a vault can protect essential business Services by storing essential backups and business Data in a segregated, secured and immutable form, preserving Data almost as if it were cryogenically frozen. Through this innovative design, malware that makes its way into the vault never has a chance to deliver its payload, thus preserving the environment. By turning to a vault in the wake of a cyberattack, a company can extract, cleanse and recertify any exposed Data and applications before putting them back onto its network.

For the financial institution, the vault needed to do more. Company leaders wanted to get maximum value from the vault. They wanted to ensure that it would support evolving regulatory and Reporting needs and that it would enable future business endeavours. Leaders wanted more than a technological Solutions, they wanted a business-focused Solutions and they enlisted Deloitte’s help to begin crafting that Solutions.

Collaborating with Deloitte, the organisation took a step back to define a more extensive cyber resilience program as part of a broader cyber transformation. Deloitte provided technical oversight for the vault’s requirements, design and architecture. Deloitte also worked closely with the financial institution to develop an operating model and Governance to integrate vault operations with existing IT and cyber operations.

 

Next, the two organisations began crafting an enterprise-wide cyber incident response plan—one designed to help the organisation quickly investigate and defend against a destructive cyberattack scenario. To make sure company leaders were aligned on challenges, opportunities and outcomes under the programme, Deloitte conducted multiple resilience labs focused on exploring the possibilities, aligning on the priorities, identifying the critical business Services and ultimately selecting the appropriate strategies.

As the pieces of the broader transformation came together, Deloitte worked with the company to test processes for recovering Data from the vault. And the work did not end there. The two organisations established a multi-year integrated programme plan that aligned the financial institution, the technology providers, the regulatory bodies and Deloitte on the path ahead.

Through this broader cyber transformation, the organisation reduced their cyber risk, business risk and regulatory risk, increased visibility into the essential Services, processes, applications, infrastructure and Data and improved its confidence in its ability to recover from destructive cyberattacks.

The achievements

Let's talk cyber

Deloitte Cyber

How will your organisation respond to and recover from its next potential cyber incident? And how will your organisation transform its cyber Capabilities to help safeguard your business and stakeholders and build trust from end to end?

Deloitte’s Cyber Incident Readiness, Response and Recovery (CIR3)

Discover how Deloitte’s Cyber Incident Readiness, Response and Recovery (CIR3) Services can help your organisation face the future with greater strength and resilience. Contact us to get the conversation started.

Did you find this useful?

Thanks for your feedback