Cyber Security

We measure the effectiveness of an organisation’s security controls and processes against an agreed standard, providing a level of assurance to the information owner that a system can be accredited for use.

We perform regular health checks of an agreed set of security controls and processes to measure their ability to manage risk. We then track this effectiveness over time, allowing us to work with organisations to define and track a security-improvement programme.

PwC is uniquely positioned to help you rapidly respond to, investigate and remediate security incidents. We help to identify the source, location and nature of the incident, assess the business risk and customer impact, and provide assistance to remediate vulnerabilities to minimise the impact and to prevent future occurrences. What sets us apart is our ability to combine technical skills and business strategies to protect your brand value.

We work with organisations to create and deliver (where required) security awareness training tailored to the roles within that company or department. Our security-awareness training considers the current threat landscape and we perform real-world testing to help organisations measure the effectiveness of the education.

The management, maintenance and preservation of privacy is a fundamental component of establishing and maintaining trust. We provide support across all stages of the privacy lifecycle – from the privacy strategy, governance structure, information inventory, processes and privacy framework. Through this methodology, we can assess the privacy environment in terms of maturity and regulatory requirements, safeguards and the information protection culture to identify control gaps and benchmark results.

We can work with you to be your virtual security capability, either through a co-source partnership or access to dedicated, experienced security resources. This is a longer-term approach where we provide the best skills to help you manage you risk, allowing you to focus on your business. We work with you to understand your organisation and work as part of your internal team to provide pragmatic security advice and guidance on what will work and won’t for your organisation.

We can assist you in defining or refining a strategy based on your level of risk and how to you want it to be managed. Examples of this include implementing an uplift in security capability. We work with you to understand the level of capability needed, then co-create your strategy and work with you through to execution. Our process includes ensuring that the realisation of the strategy is sustainable by making sure the most appropriate governance is in place to support the uplift.

We can augment your existing team to assist the development and design of systems and networks. Ranging from project inception and planning through to detailed design and implementation, we can work with you and employ our previous experiences in security design, deployment and operational management so that any design is practical and able to be cost-effectively managed in line with your risk profile.

The PwC Red Team can assist you in understanding your exposure to threat actors. We deliver specialised vulnerability assessment and penetration tests across a range of technologies – including mobile, web and embedded (IoT) devices. We can help challenge current perspectives on who might target your systems, services and information, as well guiding the process to manage and address vulnerabilities.

Emerging technologies such as cloud computing, mobile, social networks, Big Data and AI expand the way enterprises do business, and interact with stakeholders including customers, employees and business partners in the digital world. Enabling business agility while securing the critical identity data has become more challenging.
Identity and Access Management (IAM) refers to a set of business processes and supporting technologies that enable the creation, maintenance, and use of digital identities within an organisation. The impact of IAM on user communities, application portfolios, and information resources is extensive. IAM services are enabled through governance, people, process and technology. Our Cyber team includes identity specialists with international experience in delivering the IAM capabilities from strategy through to execution and operation.