Deloitte to invest £430 million in bolstering cyber security defences

05 June 2018

As cyber threats continue to evolve, threatening the security of consulting firms and clients alike, Deloitte has announced plans to significantly boost its cyber security offering. Having already commenced a hiring spree in the field in Europe, the firm will now invest £430 million into its cyber security line, following a major breach of its defences in 2017.

As of last year, Deloitte remains the largest global provider of cyber security consulting. The firm raked in $2.8 billion in revenues from the service line in 2016 alone, the largest part of a billion more than its nearest competitor, fellow Big Four firm EY. Meanwhile, top ten competitors such as BAE Systems have actually scaled back spending on the lucrative business – meaning Deloitte’s position as the leader of the pack looked increasingly reassured.

However, 2017 was also the year that the Deloitte was hit by a major breach of security. A hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas” – including significant aspects of US governmental apparatus. Despite Deloitte referring to the process as a “sophisticated hack” meanwhile, the Guardian, which first revealed the breach to the public, also reported sources having stated that the account required only a single password, and did not have “two-step“ verification.

Deloitte to invest £430 million in bolstering cyber security defences

While a subsequent investigation from disgraced former New York Attorney General Eric Schneiderman seems to have vanished following his exit from office amid sexual abuse allegations, Deloitte remains keen to avoid any further controversy on the matter. As a result, the Big Four firm has announced plans to pump £430 million into bolstering its own cyber security defences.

As well as helping to restore the trust of clients in the firm’s security, Deloitte’s increased cyber security budget will go towards advanced monitoring capabilities, more staff for the cyber team and new technologies to improve data protection. The news follows the announcement of the company’s European practice in March that it planned to hire another 500 staff to work in cyber security by the end of 2018. The first marquee hire of this intake was former Executive Director of European law enforcement agency Europol, Rob Wainwright, who arrives at the firm in June with a remit to focus on cyber crime and fraud.

Larry Quinlan, Deloitte’s global Chief Information Officer, said the firm was upping its spending in the area to combat cyber threats which are “evolving and persistent”. He further explained, “Cyber threat management is a fundamental part of doing business today and requires more than just the right technology and infrastructure. It requires the right behaviours as well.”

Quinlan then pointedly added, “No company or industry is immune from a cyber incident.”

This is something that entities of all shapes and sizes will be well aware of. Last year fellow consultancy Accenture was caught out with lax cyber defences, having left client information in a unprotected cloud server. Financial institutions are the most common target, perhaps unsurprisingly, with large companies including Equifax, JPMorgan, Merck and DLA Piper among those that have fallen victim to high-profile hacks of late. The implementation of Europe’s long heralded General Data Protection Regulation in May has also added further pressure on companies to boost their defences, with fines for breaching the rules of up to €20 million, or 4% of a company’s turnover, depending which is higher.

Similarly to Deloitte, the UK National Health Service was also caught out by a low-level hack in 2017. The WannaCry ransomware which breached patient data was able to enter the system via a gap left by legacy software which had not been updated beyond Windows XP as a cost-cutting measure for the cash-strapped NHS. Now the NHS is set to spend £150 million on cyber security to avoid future breaches of this kind.


More news on


First Consulting helps BDO to build new RPA capability with UiPath

22 March 2019

Global accounting and consulting firm BDO is working on its own digital transformation, as it looks to pioneer the use of Robotic Process Automation in its work. Business consultancy First Consulting is helping BDO with designing the RPA journey and building its internal RPA capability.

Robotic Process Automation describes a process that utilises software programmed to autonomously carry out basic tasks across applications, reducing the burden of repetitive, simple tasks on employees.  Able to be developed and deployed in a matter of weeks, RPA is highly cost-effective and can typically demonstrate returns on investment within a few months. It has been known to dramatically improve the speed and accuracy of processing, resulting in a quicker and higher quality of service to customers.

Last year, BDO explored the value of Robotic Process Automation, concluding the technology has the capacity to bolster the firm’s service offerings as well as internal operations. On the back of this analysis, the professional services firm incorporated RPA into its ICT strategy for the coming years. This has already seen the first robot delivered at BDO, which has since been taken into use by the business.

First Consulting helps BDO to build new RPA capability with UiPath

First Consulting is advising BDO on all aspects of deploying and scaling up the technology across the organisation – from capability building, governance structure and processes to architecture and IT infrastructure. The joint team of BDO and First Consulting have, meanwhile, also taken the first steps to set up an internal RPA capability.

BDO faces a key year for its operations, particularly in the UK where it has recently become the fifth largest provider of audit and advisory services in the country. As the firm looks to further grow its junior auditing market lead over the Big Four, the effective deployment of innovations such as RPA could prove key in the coming period.

With RPA on board, BDO’s ICT department aims at increasing the satisfaction of employees by removing a range of often boring (repetitive, administrative) tasks. By automating such tasks, productivity can also be increased at the professional services firm, as its staff will be freed up to spend more time performing value-adding activities. On top of this, RPA can execute tasks and processes with a lower margin of error compared to humans, enhancing BDO’s internal operations.

Working with RPA vendor UiPath, during the project at BDO, First Consulting has sought to apply its best practice RPA growth model methodology. The approach differentiates between three different growth phases, starting with RPA, structuring RPA, and scaling RPA.

Project results are delivered through an agile approach. According to the engagement partners, the following results were achieved in a period of six weeks:

  • Developed a first robot process that directly creates value for the business and contributes to the 360 degree customer view by migrating information from two systems to another system;
  • Advice and implementation plan on the technical design in relation to RPA, ICT guidelines, a security questionnaire and a basic infrastructure;
  • A roadmap for setting up an internal RPA capability, including the following components: processes & governance, change management and capability building & training;
  • Plan for setting up benefits tracking / monitoring as well as reusability of robot process components.

So far, First Consulting and BDO have enjoyed a pleasant and productive cooperation, achieving “tangible results” along the way. According to First Consulting’s team engaged by the project, the close match between the firms’ norms and values proved a key success factor. In the coming period, First Consulting and BDO are investigating opportunities to develop a digital capability in other areas of BDO’s business.

Roel van Overdam, Head of RPA at First Consulting, said of the collaboration, “Our pragmatic, no-nonsense approach has clearly paid off.”

Related: First Consulting: Is RPA implementation going in the right direction?