The ALM Vanguard - Deloitte

Buyer Ratings Guide

The ALM Vanguard: Cybersecurity Consulting 2019

October 2019

Source: ALM Vanguard: Cybersecurity Consulting (c) 2019; used by licensing permisssions


Laura BeckerAnalyst, Management Consulting ResearchT +1 212-457-9179 [email protected]

Author

For more information, visit the ALM Intelligence website at www.alm.com/intelligence/industries-we-serve/consulting-industry/

© 2019 ALM Media Properties, LLC 2

Buyer Ratings Guide

Contents

Overview 3

ALM Vanguard of Cybersecurity Consulting Providers 6

Competitive Landscape 7

Provider Capability Rankings 9

Rating Level Summaries 10

Leader Assessments 11

Provider Capability Ratings 12

Best in Class Providers 13

Provider Briefs 14

Definitions 16

Methodology 19

About ALM Intelligence 20



Buyer Ratings Guide

OverviewCapability Drivers

Cybersecurity consulting capabilities and go-to-market strategies are evolving at a rapid pace. In fact, the speed of change over

the last year is simply incredible with many major consulting firms re-branding their approach to meet the changing market

dynamics. There has been a recognition across the board that there is no way to prevent a cyber attack and that the only

hope is to minimize cyber risks. In addition, as organizations employ emerging technologies that increase connectivity both

internally and with their external customers, the need for confidence in data protection is at the front of their minds. If end-user

customer data is breached, an organization’s brand reputation is affected greatly. Therefore, both building cyber resilience (cyber

risk management) and designing for digital trust (protection of data) are at the core of thinking and necessary capabilities for

consulting firms, who seek to provide their clients with deep capabilities in these areas. Cyber is now viewed as a business enabler,

moving from complying with various regulations (i.e., GDPR, California Consumer Privacy Act, China Cybersecurity Law, NY DFS

among others) to the current complexity driven by the digital economy. Trust in identity, products and services continue to gain

importance for all organizations with new risks being generated by the increased value of data and disruptive technologies with

unknown security and privacy impacts. Cybersecurity must become part of the integrated fabric of every client organization,

embedded in all business strategies from consumers, supply chains, third party partners, brand management, M&A and more.

Trust in identity and in products and services will continue to gain in importance for executing safe and reliable business as

new producers, consumers, and new enterprise stewards of data and commerce experience emerge. New risks are being

generated by the increased value of data, and new and disruptive technologies are being tested with unknown security and

privacy ramifications. Cybersecurity must fully evolve away from its legacy technology and operations function to become

part of the fabric of integrated, enterprise risk management and create strategic risk and value-add business outcomes. The

fabric of cybersecurity and privacy must be embedded in all business strategies – from supply chain and partner strategies,

to digital marketing and brand management, acquisitions and divestitures and legal affairs.

Many of the leading consulting firms have reorganized their approaches to rely more on process and less on tools. Technology

is by all accounts only about 20% of the cybersecurity game. People, process and technology (having talent, agility, and the

right solutions) and cultural change, training and digital upskilling are essential ingredients for security success. Leading

providers have developed approaches that are intended to reach stakeholders from the Board/C-suite, the CISO and CMO,

CDO, CRO, CIO and other business function leaders who all need to participate to create a cyber resilient organization.

Innovative approaches now include co-development with clients to create the right approach for the clients’ business needs

and those that will add the most value-added outcomes.

Additionally, leading providers are creating partner ecosystems on the technology side to bring in the best tools necessary

without using their own time and resources to reinvent the wheel. The consulting firms can apply API layers on top of existing

tools to customize for their clients. There is an efficiency in the ecosystem concept that was not there before. The leading

consulting firms also see that the market for cybersecurity providers is highly fragmented, including the Big Four, Managed

Security Service Providers (MSSPs), Technology Global Service Providers, boutique firms and other new entrants with some

going downstream with service offerings and others going upstream; some providers focus on business strategy embedding

cybersecurity to enhance outcomes, while others focus on security strategy to create value-added business outcomes.



Buyer Ratings Guide

There is a bubble of technology tool providers at the moment due to explosive growth in this space. There may be a vendor

consolidation and tool rationalization in the near future that will affect the market. The larger firms are already making

significant acquisitions and alliances.

The evolution of the consulting firms’ approach is being driven by external market forces, and the leading providers are

shaping their service delivery models to account for these major market impacts to effectively guide clients. The leading

consulting firms continue to develop innovative methodologies, frameworks, approaches, products and services given the

capability drivers affecting client demand.

Ability to refresh service offerings frequently with a sprint approach. Leading consulting firms realize that consulting is

changing because of disruptions from digital technology. Reactivity and point solutions are no longer the answer. Consulting

providers must go in with a proactive approach to instill cyber resilience and digital trust across the enterprise and throughout its

culture. Many consulting firms, just over the last year, have changed their service profiles. Traditionally, consulting offerings might

be viable for 10 years. That is no longer the case, with leading providers refreshing their service portfolios every 18-24 months

to differentiate themselves from the competition. In addition, agility and speed to market are essential, as is the shortened time

frame for project completion. What might have been a two-to-three year engagement must now be completed in 18 months.

Some leading consulting firms are going to market with almost pre-packaged IP and technology solutions through ecosystem

partners that can be customized to the client’s specific needs in order to create change quickly and efficiently.

In addition, to the service portfolio, many leading providers have also revised their pricing models focusing more on

subscriptions, retainers, outcome-based, as-a-service and other options in addition to the more traditional fixed fee and time

and materials models.

Ability to understand and shape the role of the modern CISO. The modern CISO must view cyber as a business enabler and

step out of the technology function role as a standalone entity. With technology embedded throughout the enterprise, CISOs

must have extensive technical knowledge, risk management knowledge, governance knowledge and communicate training

and awareness across the organization, including the C-suite and Board, all the way down to the lowest level employee and

customers (endpoint security). In many cases, the CMO, CIO, CFO or CDO is involved in the cybersecurity work as well and

the CISO needs to co-exist with all business leaders and drive the process. Consulting firms are finding that larger clients

have CISOs in place (many with these skills), but other organizations are finding it difficult to find the right talent for this

role. Consulting firms are offering a virtual CISO (vCISO) or data protection officer for staff augmentation purposes as well as

working on training and upskilling for the role internally as necessary.

Ability to provide cybersecurity upskilling to address skill gaps and talent shortages. Leading consulting firms are well

aware of skill shortages that are both driving client demand for services and leading them to develop in-house talent to

ensure a sufficient talent pipeline for client projects. There are several ways that leading providers are doing this. One is to

enter into academic partnerships with leading universities to build the next generation of diverse cybersecurity skills and

talent. The other method is to create diversity and inclusion programs to garner new talent. PwC, for instance, is a founder




Buyer Ratings Guide

of the CEO Action for Diversity and Inclusion. KPMG has a Women of Risk community and many leading firms are hiring top

level talent from government agencies.

Ability to assist clients with OT/ICS exposure – the next “big thing.” Many leading consulting providers see OT (operational

technology) and ICS (Industrial Control Systems) as the next big attack surface for potential cybersecurity threats while

maintaining focus on the Internet of Things. Because of increasing global connectivity, cybersecurity attacks on industrial

systems are a major threat and would cause significant organizational losses and production downtime, as well as the fact

that system downtime might affect larger communities. Leading providers are focused on developing security capabilities in

this area. For example, Accenture developed a 3D value chain, adding interoperability to create a replica of the client’s value

chain with OT and ICS to see how to embed security and build resilience and digital trust. In addition, the firm has opened a

Cyber Range in Houston specifically geared to OT/ICS testing.

Ability to provide value-added managed security services and as-a-service next generation solutions with emerging technologies. Managed security services and as-a-service offerings are a significant component of leading firms’ offerings as

many organizations are looking to consulting firms to fill this role with their existing depth and expertise. Managed Detection

Response (MDR), in particular, is seen as a high growth area in which many consulting firms are investing. MDR is the next

generation of advanced managed security service, providing threat intelligence, threat hunting, security monitoring, incident

analysis, and incident response. These often employ emerging technologies such as AI, machine learning and analytics to

automate, investigate and contain threats and orchestrate responses with dedicated security analysts monitoring for threats.

Rather than simply sending alerts to IT at an organization as has traditionally been the case, MDR can act on the threat itself.

These services can be customized to the specific organization to provide support services in the areas of IT, OT and ICS.

Accenture, Booz Allen Hamilton, Crowe, EY, IBM, Mandiant, R9B, and Secureworks are particularly focused on this, and EY’s

September acquisition of Elevated Prompt Solutions Inc. is an example of the firm’s attempt to expand this offering for next

generation Managed Detection and Response (MDR) services.




Buyer Ratings Guide

ALM Vanguard of Cybersecurity Consulting Providers

LEADERS

CHALLENGERS

Low

Hig

hLo

w

CONTENDER S

Dep

th o

f Con

sulti

ng C

apab

ilitie

s

Breadth of Consulting Capabilities

DeloittePwC

EY

Secureworks

Accenture

McKinsey & Company

Capgemini

KPMG

West Monroe Partners

BCG

OptivHerjavec Group

CGI

R9B (root9B)

Crowe LLP IBM

Booz Allen Hamilton

Cognizant

FTI Consulting

Mandiant, a FireEye company

CrossCountry Consulting

Bain & Company

Protiviti

HighSource: ALM Intelligence

Source: ALM Intelligence

The ALM Vanguard of Cybersecurity Consulting Providers assesses firms in terms of their relative ability to create impact for

their clients. For this, the ALM Vanguard displays the relative position of the providers featured in this report, deemed capable

in Cybersecurity consulting, based on an evaluation of their overall capabilities according to a consistent set of criteria.

Capability depth denotes a provider’s capacity to get results for clients, while capability breadth indicates its ability to deploy

that capacity across multiple client scenarios.

Consulting is distinctive from other industries because of the variety of client contexts that providers encounter in terms of

ambitions, needs, and abilities that alter what it takes to create impact. As providers seek to deploy their capacity to create

client impact (depth) across industry sectors, geographic regions, and interfaces with adjacent functional and technical

capabilities (breadth), they increase the complexity of their engagement models. The downward slope of the lines that

separate the tiers of the market captures the trade-off between low-complexity engagement models (designed to maximize

the capacity to create impact for a narrow set of client applications) and high-complexity engagement models (made to

maximize deployability and create impact for a wide variety of client applications).



Buyer Ratings Guide

Competitive Landscape

The rapidly changing market dynamics create pressure for consulting providers to continuously up their game. Consulting

firms are constantly refreshing their branding and service portfolios to stay ahead of the curve with new service capabilities,

managed services and as-a-service models. Emerging technologies (including advanced analytics, AI, machine learning,

RPA and automation) all play a big role in the advancement and depth of capabilities. In addition to rebranding, consulting

providers must deliver results faster than ever. The sprint approach means cutting down project time and measuring results

in a meaningful way.

The market for delivering cybersecurity consulting capabilities is highly fragmented among the Big Four, traditional strategy-

first firms, global technology/security firms, cyber risk management focused firms, MSSPs, and thousands of technology

vendors. The explosion of technology vendors will ultimately lead to a consolidation, which is already being seen in many

acquisitions, joint ventures and partnerships.

In addition, there is a significant difference in approach from many of these firms as some lead with a business strategy first

mentality and embedding cybersecurity to create better business outcomes while others lead with a cyber first mentality –

creating cyber risk management strategies that align with existing business strategies for enhanced outcomes. But both

approaches attempt to accomplish the same ultimate goal in cybersecurity, which is focusing on cyber resilience and digital

trust for clients.

LeadersThe striking thing about the leaders is that almost every single one has refreshed their service portfolio over the last year. All

of these leading firms are focused on how to create value-added business outcomes for their clients and have measurement

systems/KPIs in place to provide the ROI and messaging to their client. Each firm works to embed security across the enterprise,

whether its starting point is with the Board and C-suite or with the CISO – all important stakeholders across business functions

are involved in the process. Additionally, all of these providers have deep relationships with technology vendors to bring in

needed depth as necessary. Some lead with a business strategy first approach, such as McKinsey & Company, while others are

coming from more of a security, cyber risk vantage point such as Accenture Security and Booz Allen Hamilton. The two leading

firms Deloitte and PwC particularly shine because they provide end-to-end holistic approaches. Deloitte’s Imagine, Deliver

and Run paradigm and evolving storefront of capabilities is very much in tune with the next generation of market needs.

Deloitte is working to co-develop, innovative solutions for clients and providing an Enterprise Value Delivery methodology to

ensure that agile and secdevops streamlines projects for rapid delivery and solid outcomes.

PwC’s One Firm, BXT (business, experience, technology) approach ensures strong client relationships and a holistic, integrated

delivery model across lines of service with the goal of addressing an organization’s strategic risk aligned with business

strategy. Cybersecurity is one of six firm-wide platforms. In 2019, investments were made in Labs and Experience centers and

onshore and offshore delivery center, acquiring talent in emerging technologies (AI, machine learning, analytics), co-source

and managed services and expansion of all service offerings.



Buyer Ratings Guide

Competitive Landscape

A new leader entrant is Kroll, a division of Duff & Phelps. Kroll brings a cyber risk management approach to clients around five

pillars of a “defensible security strategy.” The focus is on governance, policies, procedures, infrastructure, standards, people

and training. The firm provides actionable security insights with the belief that technology only accounts for 20% of the issue.

Traditionally more of a “response shop,” Kroll now goes to market with significantly more proactive offerings, and clients on

the buy-side find the firm to excel at both technical work as well as internal communications with management.

ChallengersMany of the firms in the Challenger differ only slightly from the Leaders, perhaps in their lack of an end-to-end approach, their

size and geographic reach or their focus on specific areas (such as managed services and incident response). Clearly, firms

like Herjavec, Optiv, IBM, Secureworks and Coalfire have deep expertise on the technology side and can skillfully respond

to events and investigate and detect incidents and threat intelligence. On the other end of the spectrum, BCG has built

strong assessment capabilities, thought leadership, and workshops to create awareness at the highest levels in the firm of the

importance of cybersecurity. BCG’s Platinion subsidiary does architecture design and works with CAST for lower level technical

work. FTI is putting together a deep bench of cybersecurity experts (many from the government), and is also focusing on ICS

in the near term as an emerging area. CrossCountry Consulting is a smaller firm with a mostly US focus, but what its relatively

small team delivers is impressive. Clients confirm that CrossCountry will go out of its way to make things work, create very

strong client relationships , and many hire CrossCountry over many of the larger, better known firms.

ContendersThe contender category firms all provide solid cybersecurity capabilities but currently do not share the same depth or

breadth in capabilities as their counterparts. In addition, these firms do not seem to be making the same level of investment

in their cybersecurity capabilities and may not be refreshing their offerings as frequently. Mandiant is seen by many as mostly

an incident response firm and R9B is focused on threat hunting. West Monroe Partners, focused on mid-sized firms and

headquartered in Chicago, does a great deal of work for private equity (due diligence pre and post) with a focused accelerator

for this purpose, Cybersecurity Advisory for Private Equity (CAPE).



Buyer Ratings Guide

Provider Capability Rankings

The figures below indicate the change in consulting providers’ ranks in terms of their overall capability depth, breadth, and

client impact. (See the Definitions section of this report for a detailed breakdown of underlying capabilities.) Ranking position

number one denotes the top-ranked provider.

Depth Breadth Client Impact

2018 2019 2018 2019 2018 20191 PwC PwC 1 Deloitte Deloitte 1 PwC Deloitte

Leaders

2 Deloitte Deloitte 2 PwC PwC 2 Deloitte PwC

3Booz Allen

Hamilton (Tied 3)

KPMG 3 EY EY 3 EY KPMG

Optiv (Tied 3) Accenture 4 KPMG KPMG 4 Booz Allen Hamilton Accenture

5 EY Booz Allen Hamilton 5 Crowe Accenture 5 KPMG EY

6 McKinsey & Company EY (Tied 6) 6 IBM CGI 6 McKinsey &

CompanyMcKinsey & Company

7 KPMG McKinsey & Company (Tied 6) 7 Booz Allen

Hamilton IBM 7 Optiv Booz Allen Hamilton

8 BCG (Tied 8) CrossCountry Consulting* 8 McKinsey &

CompanyMcKinsey & Company 8 Capgemini

Kroll, a division of Duff & Phelps*

Mandiant, a FireEye

Company (Tied 8)Kroll, a division of Duff & Phelps* 9 Capgemini Crowe 9 BCG CrossCountry

Consulting*

Challengers

10 Capgemini Herjavec Group (Tied 10) 10 Accenture Cognizant 10 Crowe BCG

11 Crowe (Tied 11) Optiv (Tied 10) 11 Cognizant Capgemini 11Mandiant,

a FireEye Company

Optiv

Protiviti (Tied11) BCG 12 BCG Kroll, a division

of Duff & Phelps* 12 Protiviti IBM

13 CGI Coalfire* 13 Bain & Company

Booz Allen Hamilton 13 CGI Crowe

14 West Monroe Partners Crowe (Tied 14) 14 CGI BCG 14 West Monroe

Partners Coalfire*

15 IBM IBM (Tied 14) 15 Protiviti Bain & Company 15 IBM Herjavec Group

16 Bain & Company FTI Consulting 16 West Monroe

Partners Optiv 16 Bain & Company FTI Consulting

17 FTI Consulting SecureWorks 17 FTI Consulting SecureWorks 17 FTI Consulting Capgemini18 Accenture Capgemini 18 SecureWorks Protiviti 18 Accenture SecureWorks

Contender

19 SecureWorksMandiant, a FireEye Company

19 Optiv Coalfire* 19 SecureWorksMandiant, a FireEye Company

20 Herjavec Group Bain & Company 20

Mandiant, a FireEye

CompanyFTI Consulting 20 Herjavec Group Bain &

Company

21 Cognizant Protiviti 21 Herjavec Group West Monroe Partners 21 Cognizant Protiviti

22 R9B West Monroe Partners 22 R9B Herjavec Group 22 R9B CGI

23 CGI 23 Mandiant, a FireEye Company 23 West Monroe

Partners

24 Cognizant 24 CrossCountry Consulting* 24 Cognizant

25 R9B 25 R9B 25 R9B*Not previously covered Source: ALM Intelligence



Buyer Ratings Guide

Rating Level Summaries

ALM Intelligence rates providers according to a three-level scale based on their relative breadth and depth of overall

capabilities. Each rating level corresponds to an area in the ALM Vanguard graphic bounded by a downward sloping line

designed to equate engagement models of different degrees of complexity.

Rating Level Providers Description

Leaders

Accenture Booz Allen Hamilton The leaders are at the top of the market in terms of their capabilities to create client impact through their depth of expertise and ability to deploy it across a range of engagement models. They are unique in their ability to independently execute a broad array of projects across the full spectrum of client contexts. They range from providers in the top quintile in terms of depth of capability for low-complexity engagement models to those that combine above average depth of capability with the ability to deploy it across high-complexity engagement models.

Deloitte EY

KPMG Kroll, a division of Duff & Phelps

McKinsey & Company PwC

Challengers

BCG Capgemini The challengers can execute end-to-end projects in low complexity engagement models or a substantial portion of project components in high-complexity engagement models. They range from those with above-average depth of capability for low-complexity engagement models to those that combine depth of capability between the bottom third and top half of the distribution, with the ability to deploy it in high complexity engagement models.

Coalfire CrossCountry Consulting

Crowe FTI Consulting

Herjavec Group IBM

Optiv Secureworks

Contenders

Bain & Company CGI The contenders can execute a substantial portion of projects in low-complexity engagement models or a single phase or project instance in high-complexity engagement models. They range from those with average depth of capability for low-complexity engagement models to those that combine depth of capability in the bottom third of the distribution with the ability to deploy it in high-complexity engagement models.

Cognizant Mandiant, a FireEye Company

Protiviti R9B (root9B)





Buyer Ratings Guide

Leader Assessments

The ALM Vanguard of Cybersecurity Consulting Providers comprises the following Leaders.

Leaders Strengths

Deloitte

Deloitte’s Global Cyber Risk Services new go-to-market approach is that of Imagine, Deliver, Run. The focus is on simplifying the approach to cybersecurity by creating secure businesses, processes and controls, viewing cyber as the business enabler (Imagine) and enhancing and embedding needed technology through a strong ecosystem of partners. Deloitte’s storefront evolves as the market gets broader and deeper. The firm brings not just the cyber team to projects but other parts of the firm including industry expertise, risk side evaluation (M&A), human capital (culture/change management/workforce of the future) and more to create an integrated client experience. Current cyber capability focuses include Threat Intelligence 2.0, IoT (Cybersphere), Cloud, and Digital Identity. Cybersphere is Deloitte’s new destination in Washington, DC and Madrid utilized to explore a clients’ cyber challenges and to create, test and secure the future’s IoT innovations while working collaboratively to co-create the best business outcomes for clients.

Deloitte’s Enterprise Value Delivery (EVD) method, underpinned by agile and DevSecOps streamlines projects and includes templates, sample deliverables and accelerators.




Buyer Ratings Guide

The table below provides detailed capability ratings for Cybersecurity consulting providers. (See the Definitions section of this report for explanations of the capabilities.)

Provider Capability Ratings

Legend: Very Strong Strong Moderate Weak None

Provider Capabilities: Cybersecurity Consulting Discovery Design Delivery

Needs Assessment

External Market Insight

Internal Client Insight Strategy Operating

SystemManagement

SystemProject

ManagementClient

Capability Development

Enabling Tools

Accenture

Bain & Company

Booz Allen Hamilton

BCG

Capgemini

CGI

Coalfire

Cognizant

CrossCountry Consulting

Crowe

Deloitte

EY

FTI Consulting

Herjavec Group

IBM

KPMG

Kroll, a division of Duff & Phelps

Mandiant, a FireEye Company

McKinsey & Company

Optiv

Protiviti

PwC

R9B (root9B)

SecureWorks





Buyer Ratings Guide

Best in Class Providers

Providers identified as best in class evidence deep capabilities in specific areas of Cybersecurity consulting and stand out from

their peers for their highly effective and often innovative consulting approaches and service delivery.

Capability Areas Provider Strengths

Operating System Deloitte

Deloitte’s new Imagine, Deliver and Run methodology provides the firm with a path to deploy client assets and processes once the strategy (Imagine) phase is completed. The Deliver phase is an iterative process that involves shaping the business model, branding and platforms to market-ready concepts. These are then tested for fit, agility and validity. During the Run phase, the implementation of agile operations begins at scale to create the business outcomes intended by the strategy (Imagine phase) with continuous learning and seeking areas of improvement at its core. Deloitte’s new Cybersphere provides a collaborative space to work on these initiatives with the client through all phases to ensure that the right assets and processes are deployed to implement the strategy.




Buyer Ratings Guide

Provider Briefs

Leaders DeloitteApproach Deloitte’s Global Cyber Risk Services are adapting to changing market dynamics with an approach that has moved from compliance to risk and now

to adapt to the complexity of the market with cyber embedded across all business functions, processes and controls. Deloitte’s new methodology is that of Imagine, Deliver, Run. The focus is on simplifying the approach to cybersecurity by creating secure businesses, processes and controls (Strategy, Secure, Resilient, Vigilant), viewing cyber as the business enabler (Imagine) and enhancing and embedding needed technology through a strong ecosystem of partners.

Deloitte’s storefront evolves as the market gets broader and deeper. The firm brings not just the cyber team to projects but other parts of the firm including industry expertise, risk side evaluation (M&A), human capital (culture) and more to create an integrated enterprise. Current cyber capability focuses include Threat Intelligence 2.0, IoT (Cybersphere), Cloud, and Digital Identity. Cybersphere is Deloitte’s new destination in Washington, DC, and Madrid, which is utilized to explore a clients’ cyber challenges and to create, test and secure the future’s IoT innovations as well as for working collaboratively to create the best business outcomes.

With Imagine, Deliver and Run, Deloitte’s approach begins with Imagine (the art of the possible), creating a customized approach for each client to create competitive advantage by leveraging new business models, forming new ecosystems and implementing new platforms to more effectively connect the organization with customers. These initiatives can be worked on collaboratively at Cybersphere. During the Deliver phase, Deloitte uses an agile, iterative, and responsive approach to concept refinement, prototyping and planning. The Cybersphere’s IoT studio can be used to develop and test new client innovations and security. During the Run phase, implementation is executed with the business transformation taking shape, being scaled and providing continuous learning for the organization. In the Cybersphere, the Run phase encompasses the Watch Floor, where threat monitoring and intelligence provide managed services to help clients detect and respond to industry specific threats in real time.

Delolitte’s Enterprise Value Delivery (EVD) method, underpinned by agile and secdevops is used to streamline projects and includes templates, sample deliverables and accelerators. The EVD method phases used for project management includes Prepare, Explore, Realize – Build Sprint Cycle; Realize – Test; Deploy; Run.

Deloitte engages each client with strategic and practical approaches that aim to include executive development, executive education, a lead client service provider, and the firm’s client excellence practice. Immersion experiences, subject matter experts and thought leadership (e.g., working with the World Economic Forum to define frameworks and industry standards) all drive the collaborative process. For instance, the firm’s 2019 Future of Cyber survey showed notable gaps in organizations’ abilities to meet cybersecurity demands and dissonance between what organizations aspire to versus their current cyber posture.

The firm’s long-term goals in cyber include focusing on its most strategic clients, innovation and offerings, expanding its market and geographic reach with continued investment, and expanding and diversifying its talent by staying ahead of the market. Pricing models are flexible with traditional models as well as subscriptions, retainers and value-based pricing based on outcomes as options.

Practice Structure

Deloitte provides cybersecurity consulting services through its Cyber Risk Services group, which is part of the Global Risk Advisory portfolio. Deloitte’s deep external ecosystems include strategic global alliances with IBM, Splunk, Forgerock, Okta, Symantec, SailPoint and CyberArk as well as other partnerships aligned to capabilities such as shield/vulnerability management platforms, cloud security platforms, digital identity platforms, and Fusion platforms. For example, Deloitte’s Fusion Managed Services will now partner with Splunk’s Phantom security platform to enhance its cyber defenses to more quickly detect and respond to threats. Technology platform ecosystems with SAP, Google (Google Cloud Partner of the Year in 2018), Oracle, AWS, Workday, Azure and Salesforce. This is in addition to innovation ecosystems in Silicon Valley, DC and Tel Aviv.

Deloitte also has more than 31 Cyber Intelligence Centers (CICs) globally and new Cyberspheres in DC and Madrid.Source: ALM Intelligence



Buyer Ratings Guide

Provider Briefs

Leaders Deloitte, Cont.Service Delivery Model

Deloitte has invested in and enhanced its capability and delivery model in several key areas, including Threat Intelligence 2.0, IoT, Cloud security and Digital Identity, all aligned to the Imagine, Deliver and Run methodology. Threat intelligence services offered include monitoring, collection and analysis of events, including cyber strategy and risk management, threat management, (monitoring, hunting, vulnerability management), cyber response (incident response and crisis management. The Imagine phase might include a package such as a threat intelligence feed, on-demand threat research or targeted external monitoring. The Deliver phase might encompass a package and training and content take-down, while Run could include a package intelligence capability build and training. Deloitte’s proprietary malware platform, CodexGigas, often is one of the first to identify external threats.

IoT at Cybersphere is where the IoT Studio tests security of connected devices that organizations’ manufacture and use on their networks. This is in addition to IoT managed services (application, platform, connectivity). Leading device security practices are also implemented at Cybersphere, which also serves as a secure location to test, analyze and pilot proprietary technology. Deloitte’s Turnkey IoT services serve as accelerators to deliver solutions in a sprint delivery model.

Cloud security and adoption to enable business objectives include agile cyber defense and cover the full lifecycle from business planning, risk management, design, regulatory requirements, operations, applications, services and infrastructure. During the Imagine phase, cloud strategy, risk assessment and readiness is looked at through potential business model disruption, business case, cloud sustainability and planning, and cloud native process and organization strategy. The Deliver phase might include application security and controls, SaaS implementation (ERP planning, CRM, human capital transformation), custom implementation with secdevops and cloud migration, a cyber risk transformation with custom transition, migration services, application modernization and managed services, and cloud enabled solutions such as Deloitte’s analytics platform, cloud solutions and Deloitte cloud. During Run, the client can employ Deloitte’s Cloud Managed Services (managed risk services).

Digital Identity now requires a reevaluation of traditional services, given changing market dynamics and the need to protect data everywhere. Deloitte provides a new turnkey identity solution providing clients’ with a cloud-first, user experience-oriented, agile, solution. The solution provides regulatory compliance with risk-based insights, industry specific use cases, analytics and reporting, scalable operating model and protectable SLAs.

In addition to these newer innovations, Deloitte provides significant other offerings and platforms including its traditional Cyber Strategy Framework (CSF), used to assess an organization’s maturity, controls, threats and capabilities. Content packs also enable the firm to conduct assessments against specific standards and provide a customizable dashboard. There are many “as-a-service” offerings, including GRC, and the firm has seen uptake in cyber resiliency with clients taking on simulations, playbooks and war gaming.

Deloitte’s Fusion Managed Services for managed threat detection and response bring industry-specific experience, human intelligence and emerging technologies to bear while the firm’s Managed Data Protection program helps clients to monitor, manage and mature their most valued data assets.

Deloitte’s Enterprise Value Delivery (EVD) underpins all delivery with the aim to deliver valuation solutions with speed, quality and consistency with significant project management monitoring.

In the next two to three years, Deloitte sees the next generation SOC 3.0 with AI capabilities built in and more predictive modelling and analytics. AI services are currently based in Canada and are being replicated globally.



Ente

rpris

e St

rate

gy

Corporate

Finance

Operating Model StrategyCustomer

Research &

Development

Supp

ly C

hain

Operations

Rewards

Management

Talent &

Workforce

Risk

Digital &Technology

BackO�ce

CorporateO�ce

FrontO�ce

MiddleO�ce

DefinitionsWhat is Cybersecurity Consulting?

Cybersecurity Consulting is part of Enterprise strategy

consulting forms parts of the management consulting

services directed at clients’ corporate office activities. Its

objective is to help companies set the policy guardrails

that direct the investments and activities of their

organizations.

Enterprise strategy consulting includes four services.

■ Business strategy and planning: establishes

companies’ fundamental value proposition in terms

of where to play and how to win.

■ Portfolio and capital strategy: addresses the

allocation and steering of company resources to

deliver its value proposition.

■ Strategic risk: identifies and manages risks that

could prevent the fulfillment of a company’s value

proposition.

■ Cybersecurity: identifies and manages the portion

of strategic risks associated with digitization, including

threats to information assets, infrastructure, and

applications.


Buyer Ratings Guide



Buyer Ratings Guide

DefinitionsConsulting Provider Capabilities

Capability Areas Capabilities Descriptions

Discovery

Needs Assessment

How does the consultant establish goals and objectives for the project and determine which stakeholders need to be involved from the client organization, consultant, and third parties?

External Market Insight

How do consultants’ knowledge and experience inform diagnostics through benchmarking and trend analysis?

Internal Client Insight

How does the consultant obtain internal client insights through data analysis and interviewing and workshops and incorporate them in diagnostics?

Design

Strategy How does the solution align with the client’s market, customer and product, and functional strategies?

Operating System

How are client information, physical, and people assets and processes configured to generate the value add intended by the strategy?

Management System

How are client resources mobilized, managed, measured, and motivated through governance, incentives, organizational structures, and performance management to execute the strategy?

Delivery

Project Management

How are activities sequenced and resources allocated, aligned, and coordinated to execute and sustain the solution?

Client Capability Development

How are client technical skills developed and mindsets and behaviors adapted to execute and sustain the solution?

Enabling Tools What consultant tools are used for diagnostic and design activities that support the client in executing, sustaining, and refreshing the solution?


Provider Capability Rankings Descriptions Depth: a measurement of a consulting provider’s strength based on its capabilities, including such factors as resources,

proprietary methodologies, and intellectual properties

Breadth: a consulting provider’s ability to deploy its capabilities in multiple client scenarios across industry sectors, geographic

regions, and interfaces with adjacent functional and technical capabilities

Client impact: a consulting provider’s capacity to get results for clients based on the combination of its capability depth and

breadth adjusted by the degree of engagement model complexity incurred by its breadth across industry sectors, geographic

regions, and interfaces with adjacent functional and technical capabilities


MethodologyOverview

ALM Intelligence has been researching the management, financial, and IT consulting industry for over 40 years, studying

the global consulting marketplace at multiple levels. The resulting market analyses help buyers of consulting services to

effectively target best in class providers, and help consulting providers to identify and evaluate business opportunities.

The proprietary research methodology comprises four components:

■ Extensive interviews with consulting practice leaders, financial analysts, consulting clients, and clientside industry experts

■ Data and background material from the proprietary library of research on the consulting industry and individual firms

■ Quantitative data collection from primary and secondary sources

■ Key economic data relevant to the sector(s) being analyzed

The research output for a project is derived predominantly from primary research.

Data is obtained through a centralized effort, with teams of analysts collecting, assessing, fact-checking, and refreshing

baseline information on leading consultancies and consulting markets. This information populates an extensive knowledge

base of consulting providers, widely regarded as among the most comprehensive in the world.

Working collaboratively, analysts narrow their research to the most discrete and pertinent intersection of consulting service/

industry/geography.

The experience and knowledge of the analyst team are critical to the success of these research endeavors. Directors and

associate directors average over a decade of consulting and/or analyst experience, with an emphasis on professional services.

Junior analysts typically bring an average of five years of consulting and/or analyst experience.

The group’s long-term relationships with consulting clients and industry leaders are based on trust and respect. ALM

Intelligence’s fundamental goal is to deliver objective assessments and insightful viewpoints on the management, financial,

and IT consulting market.


Buyer Ratings Guide


MethodologyHow We Evaluate Consulting Providers

ALM Intelligence’s goal is to deliver objective assessments

to help buyers of consulting services effectively identify and

maximize the benefits of working with best in class providers.

ALM Intelligence evaluates consulting providers with respect

to a particular consulting area in terms of the following

baseline criteria. The general criteria below are refined and

customized over the course of the research effort based on

input from clients and providers:

■ Consulting approach: What are providers’ points of

view on the root causes of client challenges? How do

those points of view inform choices about how best to

resolve them? How do providers view the intersection of

these needs and solutions with other consulting or non-

consulting offerings or cross-cutting themes?

■ Consulting organization: How do providers organize

and deploy their capabilities? What sort of consultants

and other human resources do they possess, and how do

they obtain and use them? What sorts of partnerships, collaborations, and alliances with external parties do they use to

bolster their capabilities?

■ Consulting service delivery model: How do providers deliver their services? Do they employ any particular processes or

methodologies, preconfigured tools, or other unique elements of service delivery? Do they follow any particular sequence

or direction in their service delivery? How do they measure outcomes?

■ Client pain points and needs assessments: What factors most influence successful engagements in the opinion

of clients? What capabilities do providers need to bring to their engagements to be compelling? What sources of

differentiation matter most to consulting buyers?

■ Future development: What investments are providers making or planning to make to enhance their future capabilities?

In addition to briefings with consulting buyers and providers, ALM Intelligence uses a mosaic approach to derive its findings.

This incorporates primary research conducted with industry practitioners, academics, and other experts and secondary

research on providers’ public information and other third-party sources of data and analysis.

Depth Breadth

AdjacenciesDelivery

Design

Discovery Geographies

Industries

Resources

Service Delivery

Strategy

OperatingModel



Buyer Ratings Guide



Buyer Ratings Guide

About ALM Intelligence

ALM Intelligence provides accurate and reliable market sizing and forecasts on consulting services worldwide, needs-analysis

and vendor profiling for buyers of consulting services, timely and insightful intelligence on the top consulting firms in their

respective markets, and operational benchmarks that measure consulting performance. ALM Intelligence’s research spans

multiple service areas, client vertical industries, and geographies. Our analysts provide expert commentary at consulting

industry events worldwide, and offer custom research for Management Consulting and IT Services firms. More information

about ALM Intelligence is available at www.alm.com/intelligence/industries-we-serve/consulting-industry/.

ALM, an information and intelligence company, provides customers with critical news, data, analysis, marketing solutions and

events to successfully manage the business of business. For further information and to purchase ALM Intelligence research,

contact [email protected], 855-808-4550.



Usage Inquiry GuidelinesThis ALM Intelligence Product has been made available to Authorized Users pursuant to your organization’s agreement to the ALM Media Customer Agreement or other applicable Licensing Agreement.

Unless authorized by ALM Media, Customer may not use the Product except as permitted by U.S. copyright law and the applicable Licensing Agreement.

For details and ALM Intelligence's full Usage Inquiry Guidelines, please contact your Client Service Leader or e-mail [email protected].

External Usage Permission External Usage Permissions can be obtained...

- by contacting ALM Intelligence for each usage episode (refer to Usage Inquiry Guidelines herein)

- by acquisition and purchase of a “Limited External Usage License,” which providesfor usage of Research contents in the marketplace

ALM Media Properties, LLC Contact: James Doyle – Strategic Account Manager – ALM Intelligence – ALM Media Properties, LLC [email protected]

150 East 42nd StreetMezzanine Level New York, NY 10017 USATel: +1.212.457.9171

EY Contact: Alexia O’Sullivan, Global Analyst Relations Director | Brand, Marketing & Communications - London, UK - Tel: +44 (0) 20 7980 0533 or e-mail: [email protected]

Buyer Ratings GuideEY - AUTHORIZED USERS ONLY

Deloitte Contact: Tracy Reagan, Associate Director, Global Analyst Relations Deloitte Touche Tohmatsu Limited – Boston Tel: 617-437-3927 or email: [email protected]


Buyer Ratings Guide

Documents

The ALM Vanguard - Deloitte