Cybersecurity and Privacy Consulting

In Cybersecurity

The cybersecurity landscape is in a constant state of change. Organizations today must increasingly rely on new and disruptive technologies to help them grow and differentiate in the evolving marketplace. At the same time, differing privacy expectations from customers and regulators might set new boundaries or demand an increased level of transparency. Organizations that lack effective measures to help manage this change, face breaking the trust of their customers, stakeholders, and the marketplace while exposing themselves to ever increasing risk.

EY offers a Security by Design approach that can infuse cybersecurity, privacy and business resilience into every part of any organization and ecosystem. The demonstrable knowledge, well designed frameworks and approaches support us to design the leading solution for our client's most complex cybersecurity and privacy challenges. We help design, implement and run solutions that are on the Cyber and Privacy leaders' agenda.

Related topics Cybersecurity

What EY can do for you

EY Cybersecurity enables trust in systems, process design and data, so organizations can

  • Take more risk,
  • Make transformational change and
  • Enable innovation with confidence.

EY teams accomplish the mission by developing solutions that can be used to bridge and balance between needs of the business and security. We achieve this by combining our deep technical skills along with the strategic business acumen to look at security holistically across the enterprise.

Read more about our specific services below!

  • Cyber strategy, risk, compliance and resilience

    These solutions help organizations to understand cyber risks they face in a constantly changing world, protect themselves from current threats, and prepare for and respond to future risks. Our team delivers a risk-based approach to manage cyber risks, helping organizations from the very beginning stages of their cybersecurity strategy through the operational delivery of their cybersecurity mission. The solutions apply consistently regardless of where they are applied (IT, IoT, OT, Cloud), provide clear measurement of risk and capture current risks to the organization and demonstrate how cyber risks will be managed going forward.

    Examples of specific services:

    • Cyber benchmarking and performance analysis, using our bespoke Cyber Program Accelerator (CPA) which is based on leading practices such as NIST and ISO 27001.
    • Cyber strategy and roadmap
    • Cyber operating model and organizational design
    • Cyber risk management
    • Security Awareness-as-a-service
    • Third party security risk management. Read more about our Third-party risk management (TPRM) consulting services here.
    • Product security assessment and program management
    • Supply chain security
    • Policies, standards, processes and guidelines
    • Establishing customer trust with attestation, for example based on Service Organization Control reporting standards. Read more about our Technology Risk services.
    • Certification and implementation of ISO 27001 and related standards, in collaboration with our global accredited center of excellence EY CertifyPoint.
    • Secure business continuity management assessment, strategy and exercises.
  • Data protection and privacy

    These solutions are designed to help organizations protect their information over the full data lifecycle – from acquisition to disposal. EY service offering helps companies and organizations stay up to date with data security and data privacy good practices, as well as compliancy with regulation, in a constantly evolving threat environment and regulatory landscape.

    Examples of specific services:

  • Identity and access management

    These solutions are designed to help organizations with their definition of access management strategy, governance, access transformation, and ongoing operations. The solutions help organizations ensure the right users validate who they are and get access to the right organization resources.

    Examples of specific services:

    • IAM Business requirement analysis and Business case development
    • Tools and technology rationalization, evaluation and selection
    • Identity and access architecture and design
    • System integration and implementation
    • Digital identity as a service, solution management
    • Read more about our IAM alliance with SailPoint.
  • Architecture, engineering and emerging technology

    These solutions are designed to help organizations protect themselves from adversaries that would seek to exploit weaknesses in the design, implementation, and operation of their technical security controls, including disruptive technologies in the marketplace, e.g., cloud computing, blockchain, internet of things (IoT), industrial control systems (ICS) devices, connected automotive, and robotic process automation (RPA).

    Examples of specific services:

    • OT Asset Management (including discovery, inventory, lifecycle management) with EY OT Asset Orchestrator solution
    • Technical control assessments
    • Product security assessments and implementation
    • Embedding Trust by Design into services and products
    • Application security architecture review and assessment
    • Secure Systems and Software Development Lifecycle (SDLC) process design and implementation
    • DevSecOps process design and implementation
    • Cloud security control design and implementation
    • OT/IoT cyber transformation programs
    • Smart factory and industry 4.0 protection
    • Security assessments and penetration tests of emerging technologies with specific threat assessment
    • IT/OT network segmentation architecture
    • Regulatory requirements (EU NIS Directive, NIST CSF)
  • Next generation security operations and response

    These solutions help organizations proactively identify and manage risk, monitor threats, and investigate the effects of real-world attacks. These rapidly integrate cybersecurity functions and technologies to adapt to demands.

    Examples of specific services:

    • Attack and penetration assessments including internal, external, wireless, applications and mobile
    • Vulnerability management (VM) governance design and remediation assistance
    • Application security assessments (including mobile, cloud)
    • Red team threat emulation assessments
    • DevSecOps operations
    • Secure SDLC (process design, risk analysis, risk mapping)
    • SOC assessment, gap analysis, roadmap
    • SIEM/IDS assessment, implementation, tuning and configuration
    • Incident response governance, playbooks, metrics, and reporting
    • Application security managed services

Why EY Cybersecurity and Privacy Consulting services?

  • We are a Trusted advisor: Building trust with our clients, co-innovating and co-creating.
  • We have a Broad scope of services and solutions that are fit for purpose.
  • We bring Global capabilities with local delivery: More than 12 000 Cyber and Technology Risk consultantscovering 150 countries, with 63 global security centers and over 20 years of experience.
  • In the Nordics, we have 160+ people working with Cybersecurity and Technology Risk across 5 cities. Our Helsinki team works in close collaboration especially with our Oslo team, where we have concentrated our technical capabilities as an Advanced Security Center. We collaborate closely with our 1200 Cybersecurity consultant colleagues across Europe.
  • We Act as a bridge between the business and security organization.

EY Cybersecurity teams support the CISO, the technologists, the innovators, the DPO, and the cybersecurity and privacy professionals in our client’s organizations as they seek to achieve maximum benefit from their cybersecurity and resilience investments and infrastructure. EY teams support the c-suite as they explore their risk landscape and appetite and consider the cybersecurity solutions for their current strategy and future state. The aim is to achieve trust and confidence across the organization and build and maintain trust with EY client’s customers and stakeholders.

Global Information Security Survey 2020

This year’s GISS reveals that two-thirds of organizations still consider cybersecurity as an afterthought.

Discover more

Contact us

Like what you see? Get in touch to find out more.