The better the question. The better the answer. The better the world works. У вас есть вопрос? У нас есть ответ. Решая сложные задачи бизнеса, мы улучшаем мир. У вас є запитання? У нас є відповідь. Вирішуючи складні завдання бізнесу, ми змінюємо світ на краще. Meilleure la question, meilleure la réponse. Pour un monde meilleur. 問題越好。答案越好。商業世界越美好。 问题越好。答案越好。商业世界越美好。

If you were under cyber attack, would you ever know?


As many organizations have learned, sometimes the hard way, cyber attacks are no longer a matter of if, but when.

For EY Advisory a better working world means solving big, complex industry issues and capitalizing on opportunities to help deliver outcomes that grow, optimize and protect our clients' businesses.

Our global mindset and collaborative culture across our diverse team of consultants and industry professionals inspire us to ask better questions about the cybersecurity challenges you face. We then team with you to co-create more innovative answers – to activate a foundation that protects the business as it is today, adapt that foundation as the organization and threats change, and anticipate attacks that may be coming.

Together, we help you deliver better outcomes and long-lasting results, from strategy to execution.

Read more


Will fixing a security breach lead to future-state cybersecurity?

We helped a large medical center recover from a security breach by analyzing the cause and recommending administrative and technical changes to mitigate the impact. We then designed a multiyear cybersecurity operating model with robust processes and tools to help future-proof its security operation center (SOC).

Contact us

Should you protect your infrastructure, or protect your “crown jewels”?

We helped a global life sciences company rationalize its information security operating model and governance structure into one global 24/7 cybersecurity management program, with prioritized defense for its critical intellectual property (IP), protecting against cyber attacks.

Contact us

Can identifying current gaps in cybersecurity produce opportunities for long-term improvement?

We helped a global automotive company evaluate its existing security posture and risk exposure, and identify areas for improvement. We then created a multiyear road map to align its cybersecurity program to current threats and emerging technologies, its risk tolerance and its future business objectives.

Contact us

When is ''good'' simply not good enough?

We helped a global equipment manufacturer build on its substantial security measures. We developed a transformation road map to upgrade its operating model, incident responses and IP protection; this helped the company better prioritize and implement initiatives to detect, respond to and defend against cyber crime.

Contact us

Can you protect your business by better protecting your customers' information?

We helped a large cable and telecom service provider improve protection for its customers' credit card information through Payment Card Industry (PCI) security assessment and transformation, changing the company's attitude to the role of tools, processes and people in managing and reducing risk in the process.

Contact us

Can becoming more compliant give you more security confidence?

We helped an airline that relied on online sales improve its payment processing system, knowing that a cyber breach could be catastrophic. We devised a Payment Card Industry (PCI) Data Security Standard (DSS) remediation program to reduce business risk and improve focus on delivering PCI compliance.

Contact us

Can your competitors' leading practices lead you to success too?

We helped a multinational pharmaceutical company create its future cybersecurity strategy, based on that of its competitors and peers. After a maturity assessment, we identified areas for improvement, and developed a transformational road map for organizational process, people and technological change.

Contact us

  • Why we exist

    At EY, our purpose is to build a better working world for our clients, our people and our communities. We strive to help create a legacy of improved business performance, confidence and trust.

  • How we do it

    We team globally to co-create more innovative answers with our clients. The unique and ongoing collaboration between EY consultants and our clients results in better working businesses.

    We work long-term with diverse organizations including businesses, governments, military forces and charities to increase confidence, and maintain vigilance to thwart the efforts of cybercriminals – whatever form they take. And we choose exactly the right people and bring the best and newest thinking to your issue.

  • What we do

    We solve big, complex issues and capitalize on opportunities to help deliver better working outcomes that grow, optimize and protect our clients' businesses now and in the future.

    Cybersecurity is not just a technology issue. It's much broader than that: it's a fundamental business issue. We embed ourselves deeply in your organization, get to know you and your threats inside out, and help you see that the threats are often much broader, and the solutions needed are much deeper, than you may have realized.

    We help you activate, adapt and anticipate to improve your cybersecurity on a global basis. By equipping you with knowledge and resources you can move up a trajectory of greater capability and protection.

    We help you work out what you need to do by carrying out a cyber program assessment, helping you identify your most important or critical assets – whether that's IP or automated machinery. That points the way to activate the cybersecurity measures you need first and foremost – building a solid foundation of defense against cyber attacks.

    We help you develop an organization-wide strategy based on your cybersecurity risks, vulnerabilities and needs. With a unified approach and set of measures, we help make sure that everyone within the organization is aware of cybersecurity and their role in protecting against it.

    In the long term, you need to develop tactics to detect and deter potential cyber attacks, and rehearse what happens in a likely attack or accident scenarios. To do this we help you build a robust risk assessment methodology and an experienced incident response mechanism – all to take your organization to a point where it's informed and prepared.

    By implementing our cyber threat intelligence capabilities, we help you see the big, detailed picture of your vulnerabilities, understanding the full attack surface: from skilled and persistent hackers to the potential of accidental breaches caused by innocent mistakes internally; from employees' own mobile devices to the potential areas of exposure in technology you're implementing.

    We also support you in your moves to create a cyber ecosystem that protects not only your organization, but also those that you're linked to and implicitly trust – such as supply chain partners.

How we can help

At EY, we have an integrated perspective on all aspects of organizational risk, and cybersecurity is a key area of focus where EY is an acknowledged leader in the current landscape of mobile technology, social media and cloud computing.

Cyber Program Management

EY's Cyber Program Management (CPM) framework is built upon a meaningful analysis of how information security fits into your overall risk management structure.

How we can help.

Organizations are facing not only escalating risk, but also the near-certainty that they will suffer an information security breach.

A sharp focus on business structure, culture and risks will enable an organization to better safeguard the data essential to its survival and success. For many companies, this requires a fundamental transformation in how information security is understood within the business.

Creating a security program around intelligence on threats and also business risks will support resilience in a constantly shifting landscape of risk; however, few companies today have the appropriate skills and resources in-house to effectively secure their information assets and at the same time optimize business performance.

Organizations in all sectors can benefit from an objective assessment of their information security programs and structures. EY's Cyber Program Management (CPM) framework is built upon a meaningful analysis of how information security shapes and fits into an organization's overall risk management structure.

A CPM assessment assists with:

  • Understanding your organization’s risk exposure
  • Assessing the maturity of your current cybersecurity program and identifying areas for improvement
  • Building a prioritized roadmap for project investments and organizational change initiatives
  • Collecting information to create benchmarks against other organizations
  • Validating that your security investments have improved your security posture

For more details, download the full report.

Security Operations Centers

EY's Managed SOC service redefines security operations to meet the next generation of cyber threats. We give you a highly mature threat detection and response capability.

Vital to foundational cybersecurity are the processes and technology that support the Information Security function. These are most effective when they are centralized, structured and coordinated - which is why a Security Operations Center (SOC) is a valuable starting point.

A well-functioning SOC can form the heart of effective cyber threat detection, helping to secure and enable the business about attackers. It can enable Information Security functions to respond faster, work more collaboratively, and share knowledge more effectively.

However, with the exponential growth of the digital world, and as the threats continue to rapidly evolve in both sophistication and scale, the need to protect organizations' intellectual property, operations, brand and shareholder value, in addition to their customers' data, is ever more critical.

We are now seeing the emergence of the third generation of SOCs; converging specialist skill sets from disciplines related to cybersecurity, threat intelligence, data science and cyber analytics into advanced SOC ecosystems, where the whole is greater than the sum of its parts.

For more details about what is critical to the success of an SOC, download the full report.

Cyber Threat Management

It is important to understand and prioritize cyber threat intelligence (CTI) processes. We help integrate them into your organization's security operations to add value.

In today’s cybersecurity landscape, it is not possible to prevent all attacks or breaches.

In a corporate context, a cyber attack can not only damage your brand and reputation, it can also result in loss of competitive advantage, create legal/regulatory non-compliance and cause steep financial damage.

Sixty-seven percent of respondents to our 2014 Global Information Security Survey see threats rising in their information security risk environment. It is time to reassess how your organization could be compromised and the impact this could have on its survival.

Cyber threat intelligence (CTI) is an advanced process that enables the organization to gather valuable insights based on the analysis of contextual and situational risks and can be tailored to the organization’s specific threat landscape, its industry and markets.

This intelligence can make a significant difference to the organization’s ability to anticipate breaches before they occur, and its ability to respond quickly, decisively and effectively to confirmed breaches — proactively maneuvering defense mechanisms into place, prior to and during the attack.

By integrating CTI into various aspects of security operations, it can be used to map out the threat landscape and put historical data into context. As a CTI program matures, predictive capabilities are uncovered, allowing management to make decisions that are based on historical precedent rather than intuition.

For more details about CTI and how it can help to ensure business continuity and, ultimately, the success of your organization, download the full report.

Identity & Access Management

IAM is a foundational element of any information security program and one of the security areas that users interact with the most.

Identity and access management (IAM) is the discipline for managing access to enterprise resources.

In the past, IAM focused on establishing capabilities to support access management and access-related compliance needs. The solutions often focused on provisioning technology and were poorly adopted.

They also resulted in high costs and realized limited value — organizations often struggled to meet compliance demands during this period, and the solutions were deployed to manage very few applications and systems.

Centralized, standardized, automated identity management services designed to reduce risk, cost, improve operational efficiency continued to be elusive. Many organizations now understand, or meet, their compliance requirements.

While compliance is still a key driver in IAM initiatives, IAM is evolving into a risk-based program with capabilities focused on entitlement management and enforcement of logical access controls.

IAM life cycle phases

The management of identity and access permissions can be viewed as multiple stages.

The IAM life cycle diagram illustrates the stages that users proceed through when joining a business workforce and obtaining access to the tools and assets necessary to do their job. The IAM life cycle also includes stages to ensure that employees maintain appropriate access as they move within the organization with access being revoked or changed when they separate or change roles.

Key IAM capabilities

During the development of an IAM transformation plan, you should confirm that the following recommended capabilities are included:

  • Job role or application access matrices using rule mining tools
  • Automated workflow-based access request and approval processes, using job role or application access matrices and segregation of duties checking
  • Entitlement warehouse solution
  • Access proxy solutions, central authentication (application, host and database layers)
  • Risk-based authentication solutions
  • Identity analytics and behavioral analysis services to integrate with DLP and security information and event management
  • Data and access management process governance program, which includes HR, application owners, information security and IAM stakeholders
  • Federation solutions
  • Emerging solutions that combine logical and physical security
  • Design solution with future scalability requirements in mind

Data Protection and Privacy

Our Data Protection and Privacy services enable organizations to deploy processes and tools that can help to detect and prevent data breaches resulting from internal user activity.

Data Loss Prevention risk assessments provide specific, real examples of data loss within the client's environment, including sensitive data leaving the organization and sensitive data stored in unprotected network shares/data repositories.

Privacy Transformation Services assist an organization to enable a seamless flow of personal information, adhering to global regulations impacting the business. The range of services will address privacy challenges such as: identity theft, brand and reputation damage, litigation, regulatory action and global compliance, direct financial loss, loss of market value and loss of consumer and business partner confidence.

Example offerings:

  • Data loss prevention assessment
  • Data protection program assessment
  • Privacy assessment and transformation

Business Resilience

With our approach businesses consider their resilience across four key areas recognized as being vital to protecting and enhancing any organization.

Business resilience services comprise business continuity management (BCM) and disaster recovery approaches that provide organizations with an ongoing risk-based, proactive approach for the maintaining a continuation of critical business functions, (and the recovery of people, processes and technology) from business disruptions, in an optimized manner.

Example offerings:

  • Business resilience program assessment
  • Business impact analysis
  • Business continuity plan, disaster recovery plan and crisis management plan development

Who we are

We are a team of consultants and industry professionals with a global mindset and a collaborative culture.

The skills and resources needed to address cybersecurity are extremely scarce within clients’ organizations, so we train, develop and deploy those resources in your organization, to embed that deep experience so you can protect yourselves in the long term.

We work hard to understand our clients’ issues and are driven to ask better questions in the pursuit of making their businesses work better.

Questions like:

  • How do you need support with ideas or resources to design a future-state cybersecurity operating model?
  • How can we help you protect your IP?
  • What new internet-connected technologies will emerge and pose a threat to your organization?
  • How is it that one of your competitors has beaten you to market with a new product that you secretly had in development?
  • How do you roll out smart metering in developing countries and keep it secure?

Contact us

Latest thinking