Cyber Security

Using your systems and data with confidence

Organisations operate in an increasingly interconnected world of digital opportunity. While technology can drive innovation and productivity, it also presents new risks and challenges that need to be understood to be overcome.

With our approach to Cyber Security, we give businesses the confidence to use their systems and data (information assets) to realise opportunities safely through identifying, and addressing digital risk.

Our focus is on helping you to understand digital risk in your business context and providing you the insightful advice, innovative solutions, and data based assurance to manage these risks and unlock value.

How we help

We’ll help you to embrace the speed of change and adapt to disrupt. As the largest dedicated security and privacy cyber team in New Zealand, we deliver high value outcomes through best of breed technologies and unparalleled capability and experience. We’re focused on solving the biggest cyber problems facing organisations today.

Where's my data

Consumerisation of IT and the adoption of cloud is driving uncontrolled sharing of information.

We can help you to:

  • Discover where your information is
  • Identify and address risks of information sharing and cloud
  • Develop and adopt strategies for information classification, storage, and management
  • Take advantage of the reduced costs, flexibility, and accessibility of cloud.

View more

What's my exposure

Understanding your cyber and privacy risks in your context is key to cost effective and pragmatic treatment.

We can help you to:

  • Understand if any of the myriad security threats, intelligence, and headlines should concern you
  • Understand what’s important to your business and what impacts your objectives
  • Understand real time insights into your use of sanctioned and shadow digital services
  • Develop and implement strategies and frameworks to comprehensively manage information security and privacy.

View more

Who has access?

The widely distributed nature of digital services is driving the requirements for widely distributed identity and access management.

We can help you to:

  • Understand your identity and access requirements and maturity
  • Develop strategies for managing identity and access across multiple perimeters / channels.
  • Implement effective solutions and technologies to facilitate secure access to information assets.

View more

Have I been breached and what do I do?

It’s not ‘if’ but ‘when’ a breach occurs. Detecting breaches, responding quickly and appropriately are critical.

We can help you to:

  • Identify a severity  breach using market leading technologies
  • Respond to breaches with our specialist forensic and incident response capabilities
  • Recover quickly and prevent re-occurrence with root cause analysis and strategies for remediation.

View more

How do I know?

How do I know if my cyber controls are working, if my security investments are sound and my risks are addressed?

We can help you to:

  • Obtain confidence in your internal or third party security controls
  • Understand vulnerabilities and weaknesses in your control environment
  • Develop metrics and indicators to demonstrate effectiveness of your cyber activities.

View more

Our approach

Being agile and approaching cyber with a holistic lens.

The cyber ecosystem is dynamic and complex. While you may have protection, incidents will still occur. Rapid response is key to minimising brand damage and financial loss. We treat protection, detection and response as interdependent. We work across organisations and industries to support cohesive relationships between technology risk, information security, forensics, and operational teams.


The cyber lifecycle shows our approach.

Our services

  • Risk and Opportunity Assessment
    We work with organisations to assess the likelihood of a security incident and the true consequence to the organisation should one occur. We will help you identify the information assets that really matter to you and will help you through the process of selecting appropriate security controls that maximise their protection and your digital opportunities.

  • Certification and Accreditations
    We measure the effectiveness of an organisation’s security controls and processes against an agreed standard, providing a level of assurance to the information owner that a system can be accredited for use.

  • IT Health Checks
    We perform regular health checks of an agreed set of security controls and processes to measure their ability to manage risk. We then track this effectiveness over time, allowing us to work with organisations to define and track a security-improvement programme.

  • Security Incident Management
    PwC is uniquely positioned to help you rapidly respond to, investigate and remediate security incidents. We help to identify the source, location and nature of the incident, assess the business risk and customer impact, and provide assistance to remediate vulnerabilities to minimise the impact and to prevent future occurrences. What sets us apart is our ability to combine technical skills and business strategies to protect your brand value.

  • Security Training and Awareness
    We work with organisations to create and deliver (where required) security awareness training tailored to the roles within that company or department. Our security-awareness training considers the current threat landscape and we perform real-world testing to help organisations measure the effectiveness of the education.

  • Privacy
    The management, maintenance and preservation of privacy is a fundamental component of establishing and maintaining trust. We provide support across all stages of the privacy lifecycle – from the privacy strategy, governance structure, information inventory, processes and privacy framework. Through this methodology, we can assess the privacy environment in terms of maturity and regulatory requirements, safeguards and the information protection culture to identify control gaps and benchmark results.

 

  • Virtual CSO/Security Co-source Partnership
    We can work with you to be your virtual security capability, either through a co-source partnership or access to dedicated, experienced security resources. This is a longer-term approach where we provide the best skills to help you manage you risk, allowing you to focus on your business. We work with you to understand your organisation and work as part of your internal team to provide pragmatic security advice and guidance on what will work and won’t for your organisation.

  • Strategy and Governance
    We can assist you in defining or refining a strategy based on your level of risk and how to you want it to be managed. Examples of this include implementing an uplift in security capability. We work with you to understand the level of capability needed, then co-create your strategy and work with you through to execution. Our process includes ensuring that the realisation of the strategy is sustainable by making sure the most appropriate governance is in place to support the uplift.

  • System Architecture Design and Build
    We can augment your existing team to assist the development and design of systems and networks. Ranging from project inception and planning through to detailed design and implementation, we can work with you and employ our previous experiences in security design, deployment and operational management so that any design is practical and able to be cost-effectively managed in line with your risk profile.

  • Testing etc. VA, Red Teaming
    The PwC Red Team can assist you in understanding your exposure to threat actors. We deliver specialised vulnerability assessment and penetration tests across a range of technologies – including mobile, web and embedded (IoT) devices. We can help challenge current perspectives on who might target your systems, services and information, as well guiding the process to manage and address vulnerabilities.
  • Identity and Access Management
    Emerging technologies such as cloud computing, mobile, social networks, Big Data and AI expand the way enterprises do business, and interact with stakeholders including customers, employees and business partners in the digital world. Enabling business agility while securing the critical identity data has become more challenging.
    Identity and Access Management (IAM) refers to a set of business processes and supporting technologies that enable the creation, maintenance, and use of digital identities within an organisation. The impact of IAM on user communities, application portfolios, and information resources is extensive. IAM services are enabled through governance, people, process and technology. Our Cyber team includes identity specialists with international experience in delivering the IAM capabilities from strategy through to execution and operation.

Explore further

Cyber Incident Response Game of Threats™ Forensic services Digital Data and analytics Management consulting

Find out more

Game of Threats™

Related content

Contact us

Adrian van Hest

Partner, PwC New Zealand

Tel: +64 21 479 105

Email
Follow us
About us Our Partners Our Leadership team
Contact us Our offices Media centre
Alumni
Careers

© 2017 - 2019 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.