Helping organisations identify, protect, detect, respond to and recover from cyber incidents.
Cyber threat is increasingly sophisticated ranging from well-funded global criminal gangs, state sponsored attacks and those seeking to breach security to publicise an organisation's vulnerability and inflict reputational damage.
At the same time, cyber risk maturity, whilst improving across the UK, remains behind the curve, exacerbating the likelihood of UK organisations being exploited. In many cases, it isn't a question of if an organisation will be breached, it is when.
The speed of technology developments present a particular challenge as organisations strive to keep up-to-date, whilst managing the evolving security risks which they must keep pace with too.
Our in depth technical cybersecurity skills and extensive business knowledge enable us to support organisations in overcoming the challenges of protecting and securing their business in a cost effective way.
Cyber maturity accelerator
Using EY's Cyber Program Accelerator framework (which is aligned to ISO27001, NIST and key security standards), we assess and organisations cyber security posture across 20 critical domains of cyber security and provide an actionable set of recommendations and a prioritised roadmap to guide the organisation to a more mature cyber security posture.
Vulnerability assessments and penetration testing
Going hand in hand with our assessment of an organisations holistic cyber posture, EY’s Vulnerability Assessment & Penetration Testing (VA&PT) service encompasses a comprehensive set of solutions that enable clients to assess their risk exposure, from both a point-in-time and continuous standpoint. EY’s security testing services are able to Identify, quantify and triage discovered vulnerabilities across a client’s networks or systems, simulate an authorised attack on an organisations network or systems, performed to test security defences. Our work also provides the foundation for a solid threat intelligence programme.
Cyber transformation and managed services
Helping clients to build and implement a robust and appropriate cyber strategy, target operating model and cyber risk management framework to ensure future plans evolve within a changing threat landscape. We also provide a managed Security Operations Centre service that redefines security operations to meet the next generation of cyber threats giving organisations a highly mature threat detection and response capability.
Identity & Access Management
Helping organisations implement a robust solution to ensure access is granted on a needs basis, limiting the ability of unauthorised users from accessing sensitive systems and information but equally as importantly maintaining the appropriateness of user access and privileged accounts on an ongoing basis to limit the risk of unauthorised access.
Data Protection and Privacy
At EY we have a dedicated privacy team who work with clients to achieve the requirements of GDPR. Working hand in hand with our in-house legal team, the privacy team ensure the processing of personal and sensitive data by both the in-house team and by third party data processors complies with UK and EU privacy regulations.
Helping organisations understand their key risks, build resilient systems and business processes and create robust mechanisms to respond to incidents. This includes retaining their ability to operate and minimise operational disruption during and after a cyber incident.