“Our conversations with clients centre around the belief that a breach will happen, it’s just a case of when and where. Therefore, it’s about how quickly a business detects and responds to those threats.”
Ultimately, organisations that fail to devote the resources necessary for adequate cyber security will find it very difficult to manage the risks they face.
Yet as Kraus acknowledged, technology investment is failing to match the increased levels of risk emerging across the Australian market.
“There’s still a little head in the sand mentality on occasions in terms of understanding the frequency and severity of what can happen,” Kraus said. “The only approach we can take is to continue to educate our clients on this constant change impacting the market.
“If you think about where EY is playing and the transformation around technology, cyber has to be crucial to any strategy going forward.
“More importantly, because no architecture is fool proof, do businesses have the right monitoring in place? Do businesses know when an attack happened? Do businesses know how to respond?”
Central to solving such problems is PathScan, an EY offering delivered as a managed service for customers.
From a technology perspective, the solution is a network anomaly-detection tool that searches for deviations from normal patterns of communication that might be indicative of an intrusion.
Up until mid-2015, PathScan was exclusively used in the government sector, but is now available to private companies.
“We’ve rolled out this capability within financial services, which helps alert us when there is a trend that is different to the norm,” Kraus said.
Central to the security strategy of EY has been increased mergers and acquisition (M&A) activity in the local market, evident through the buyout of Open Windows in June 2017.
Headquartered in Melbourne, Open Windows is a leading identity and access management (IAM) provider, designed to strengthen the firm’s cyber security advisory capabilities.
“We have key criteria when acquiring businesses, which focuses on whether the deal will help us grow in the areas that are our core skills,” Kraus said. “Within the data analytics and digital spaces, we will absolutely continue to examine M&A opportunities.
“We use data to solve business problems and provide a data driven approach to customers. Nothing is off the table but the key centres around how an acquisition would extend our core capabilities in the areas we are strong at.”
Upon closing the Open Windows acquisition, EY acquired more than 45 professionals with expertise across IAM, creating full service capabilities in the process.
“With every acquisition, there is a different timeframe for integration,” Kraus confirmed. “Open Windows has a significant client base already so will continue to deliver to existing clients.
“But at the same time, we are bringing them into the client base of EY and merging those skill-sets into our own offerings. Every business is paced on the deal rationale and Open Windows has an exciting book of business already, which means it’s a constant balancing act.
“We don’t want to interrupt what they already have going on but we also need to start thinking about how we combine capabilities to add extra value to our clients.”
In housing a responsibility to develop the data, digital and cyber strategies of EY, Kraus is forever reverting to the three key pillars of future growth for the professional services firm - invest, build or partner.
“Technology is now more prevalent in every job that we undertake for our clients,” acknowledged Kraus, who also oversees the company’s advisory and professional services capabilities.
“Whether it’s a customer experience journey, or back office finance functions, every part of the business has a technology overlay. It’s a fast-paced part of our business and our aim is to infuse technology and digital to create a more sustainable platform going forward.”
For example, Kraus said EY is not looking to become a software developer, creating a need to strike strategic partnerships both locally and globally.
“We have plenty of options on the table which allows us to provide clients with choice,” Kraus explained. “We have relationships with all key players in the market which means we can offer a broad array of solutions, rather than just pushing the product that we build and own.
“We have the ability to be flexible but if a client already knows the solution that they want, that’s probably not a space for us to play in.”
In the context of technology, EY wants a seat at the table, advising from the outset rather than merely following end-user orders.
“We want to be part of helping clients on that journey and starting way back with the problem they are trying to solve,” Kraus added. “Technology might be the answer but if the client has already made up their mind and just requires an implementation, that’s not a core competency of our business.
“Moving with the times is key because there’s no such thing as business transformation without technology. But we’re not in the game of inventing technology for technology sake.”
Citing SAP as an example, Kraus said EY holds deep expertise internally yet still partners with a software provider, representing a significant mind shift of a titan of the industry.
“That’s a real change in business strategy,” she said. “There used to be a philosophy that you had to solve all problems and issues within the four walls of the firm.
“But the reality is that in the world today, partnering is key to ensure you can provide the best capabilities to the client.”
And for EY, this also extends to the firm’s global footprint, with local projects in Australia and New Zealand (A/NZ) carried out by internal specialists based in Malaysia.
“It’s about finding who’s got the best talent and while we are absolutely invested in our in-house talent, we recognise the importance of partnering on specific projects to provide the right solution for clients,” Kraus added.