EY expands cybersecurity capabilities with Mycroft deal

21 July 2015 Consultancy.uk

Accounting and consulting giant EY has acquired Mycroft, a New York-based provider of cloud-based identity-as-a-service (IDaaS) and identity and access management (IAM) services. The deal expands EY’s global cybersecurity offering, with a focus on the US market.

With the rapid development of digital channels and a new generation of communication devices, and their interconnectedness, the number of web-connected devices globally is growing exponentially. While the apparent benefits of online and the Internet of Things are wide ranging, a number of risks exist, including the danger of cybersecurity. According to data from Capgemini, the number of cyber-attacks increased by 120% last year, burdening the average large organisation with an estimated cost of cyber-crime of $7.6 million per year. 

EY expands cybersecurity capabilities with Mycroft deal

Against the backdrop of the growing risks and impact, organisations are anxiously deploying new technologies and structures to safeguard their digital frontier, and when doing so, frequently rely on the expertise of external advisory firms and services of IT providers. For consulting firms, the booming market represents a lucrative field, and in response, both large and small firms, are anticipating the rush by actively bolstering their portfolios.

For EY, one of the Big Four accounting and consulting giants, cybersecurity has been earmarked as one of the strategic pillars of its growth strategy. The ambitions are massive – by 2020 EY aims at increasing its global cybersecurity workforce six-fold – and are based on strong organic growth (coupled with large investments in expertise and centers of excellence*), an investment fund for startups and technology players and mergers & acquisitions.

In the latest move to boost its cyber offering, EY has acquired Mycroft, a US-based provider specialised in cloud-based identity-as-a-service (IDaaS) and identity and access management (IAM) services. “IAM is crucial to clients’ growth of cloud technology,” says Bob Sydow, EY Americas Cybersecurity Leader. “Globally, we are committed to helping our clients solve their biggest, most complex cybersecurity issues and this deal is a reflection of that.”

Bob Sydow - EY

According to EY’s latest Global Information Security Survey, nearly two-thirds of organisations do not have well-defined and automated IAM programs, while only 5% of companies have a threat intelligence team with dedicated analysts and external advisors that evaluate information for credibility, relevance and exposure against threat actors. “The combination enables EY to immediately go to market with a cloud-based IDaaS and IAM managed services offering – two areas poised for consistent growth,” states Sydow.

Jon Freeman, CEO and founder of Mycroft, adds: “Now more than ever, customers are seeking advisors on technical implementation within a secure environment. We’re looking forward to joining EY and introducing our premium offerings to a much richer and diverse clientele.”

In April Consultancy.uk featured a new cyber-security approach developed by EY’s experts, while in January a best practice cyber-risk management scheme was highlighted, developed by the WEF in conjunction with Deloitte.

* In the US for example EY reserved  $20 million alone for the firm’s recently-launched Managed Security Operations Centre (SOC), a global initiative designed to  provide 24/7 tools and support to secure businesses worldwide.