EY beefs up Asian cybersecurity consulting capabilities with Xynapse deal

24 September 2018 Consultancy.asia 4 min. read

EY has bolstered its cybersecurity capabilities in Southeast Asia with the acquisition of Xynapse, a Malaysia-based specialist identity and access management services firm. The bolt-on sees around 40 professionals join EY’s Advisory practice in Malaysia, China and Hong Kong.

“We have been impressed with the people, solutions and clients of Xynapse. Xynapse has an excellent reputation among clients and vendors for identity and access management services, and its people possess skillsets to deliver capabilities across a range of software vendors’ products. Their unique skills, dynamic leadership and strong team fit well with the EY culture,” said Chow Sang Hoe, EY’s Advisory leader for the Southeast Asian region. 

The move comes at a time when organisations in Asia and globally are facing heightened threats from cyber criminals. According to estimates from cybersecurity software giant McAfee, damages by digital criminality amounted to a staggering $400 billion last year, felt by all segments of business and society – corporates, family businesses, mid-sized enterprises and small businesses, as well as governments and non-profits. To fend off the threat, organisations are increasingly turning to consultants to help them beef up their cybersecurity frontiers, with EY in the eyes of analysts at Gartner the globe’s second largest cybersecurity consultant in terms of revenue. 

The firm’s Cybersecurity practice in Southeast Asia, which is part of EY Advisory, has over 10,000 consultants in the region, and has set the goal to become the “number one in cybersecurity consulting services in Asia-Pacific by 2020,” said Iain Burnet, EY Asia-Pacific Advisory Leader. He described the purchase of Xynapse as a key step in that journey; “The acquisition of Xynapse will enhance our capabilities in cybersecurity and digital transformation and contribute towards accelerating our growth trajectory in the field.”EY beefs up Asian cybersecurity consulting capabilities with Xynapse dealXynapse brings two types of services to EY. The first revolves around cybersecurity advisory and implementation support. The Kuala Lumpur headquartered company was founded in 2001 and has since helped dozens of organisations with identity and access management such as security and single sign-on, user authentication, privacy, but also social commerce and systems implementations. The second service is an offering that traditionally sits outside consulting, that of managed services. From its delivery centre, Xynapse manages the cybersecurity activities of a number of clients ‘as a service’. 

“With the addition of Xynapse’s identity and access management capabilities and executional abilities to the EY suite of cybersecurity advisory services, we can better help EY clients with trusted advice and the capability to navigate the cybersecurity risks in their respective industries,” commented Richard Watson, EY Asia-Pacific Cybersecurity Leader.

As part of the integration, Xynapse has taken on the EY brand with all of its employees transferring to the Big Four firm. Joseph Chan, CEO of Xynapse, has joined EY as a Partner and now leads EY’s Identity Delivery Hub for Southeast Asia.

The acquisition of the Malaysian IT services company comes roughly a year after EY Asia Pacific boosted its cybersecurity wing with the acquisition of Open Windows Australia in Australia. The firm’s top rivals – Deloitte, KPMG and PwC – have however not rested on their laurels. Each of the Big Four firms has deployed large-scale ‘buy-and-build’ strategies for strengthening their cybersecurity consulting practices amid booming demand. PwC has for instance acquired Everett and Praxism, Deloitte bought Vigilant, Urgentis Digital Crisis Solutions, MN Security and The Brief Group, while KPMG absorbed the likes of P3, Qubera Solutions, Egyde, Qubera Solutions (partially) and Cyberinc.