Strategy and transformation
Many organisations are pursuing recent and emerging technologies to develop new products, services, or ways of doing business. Think cloud migration, Robotic Process Automation (RPA), Artificial Intelligence (AI), Blockchain and the Internet of Things (IoT). However, companies don’t always consider the emerging cybersecurity threats that could impact these systems after they’re implemented.
We can help you assess, manage, plan, and transform your IT and cybersecurity architecture. Our C&P specialists will define and help run your cybersecurity programme, like for the Directive on security of Network and Information Systems (the NIS Directive), and services.
We work with you to evaluate your environment and understand key risks, transform your cybersecurity capabilities to enable your business, sustain and simplify compliance, and build trust with stakeholders. We generally use publicly available frameworks such as the ISO 27000 standards (mainly ISO 27001 and 27002), the CSC top 20, NIST or similar.
We’re also specialists in working on your human firewall. We offer a range of security awareness solutions, from training to phishing exercises and social engineering, to full-fledged security culture programmes.
Privacy and consumer protection
At PwC, we help organisations build trust with consumers, regulators, and other stakeholders in their use of personal information. We can help you evaluate how privacy impacts your business and institute a thorough rule book informed by insights from our global privacy framework. Our C&P specialists will help you craft privacy strategies to confidently support your growth and advance your business model. We can help you turn GDPR compliance into a competitive advantage.
We believe in consumer protection and privacy by design. Our highly experienced team uses proprietary technology and has the diversity, perspective and knowledge required to help our clients stay ahead of change. We also support our clients in case of a data breach or complaint and, through PwC Legal, offer legal support.
Visit our dedicated privacy page for more info.
Implementation and operations
PwC works with you to architect, design and implement cybersecurity solutions - like Identity & Access Management (IAM), Privileged Access Management (PAM), Data Loss Prevention (DLP), Security Incident and Event Management (SIEM) and other Security Operations Centre (SOC) services that elevate your security posture and deliver on your strategic cybersecurity goals. For this purpose, we maintain alliances with key vendors like Claroty, CyberArk, DXC.technology, ForgeRock, Micro Focus, Microsoft, Palo Alto, SailPoint and Tanium.
While many of the core disciplines delivered by our team remain unchanged, the technologies used to support them and the paradigms by which they’re delivered are rapidly evolving along with your business realities. Our teams focus on continuously adapting our strategy to align with these challenges.
Co-sourced cyber services
Our co-sourced cyber services provide competitive, ‘white glove’-managed security services across several key offerings. These high-value services are what helps set PwC apart. Providing long term expertise, our cybersecurity managed services can bring an experienced team ready to meet the specific technical and business needs of your organisation.
Our managed services can help with the management and continual enhancement of critical security components.
Incident, threat, crisis and continuity management
We help you understand dynamic cyber challenges, adapt and respond to risks inherent to your business ecosystem and prioritise and protect the most valuable assets fundamental to your organisation strategy.
Our PwC C&P specialists can help your organisation prepare for a cybersecurity incident by providing response policies, procedures and playbooks, performing tabletop exercises and using proprietary tools – like our PwC Hacking Experience and Game of Threats - to help build, evaluate, and test your technical incident response capabilities. We also have IT forensic capabilities to support clients in case of a breach or compromise, or to support our colleagues from Forensic Services during an investigation.
Our services range from classic disaster recovery planning and business continuity management, to crisis management and help with implementing integrated management systems (ISO 22301, ISO 27001 and others). We support you in achieving true organisational resilience.
We also have a strong penetration testing team that can handle not only IT and consumer technology, but also Operational Technology (OT), Industrial Control Systems (ICS) and hardware, offering a broad range of different types of assessments at the infrastructure, middleware and application layers. We also do Red Team Exercises, in the context of TIBER (Threat Intelligence-based Ethical Red Teaming), for example. Furthermore, we have experts in secure development and software assurance, and offer DevSecOps solutions and implementation support.