Responding to cyber security incidents requires more than just best in class forensics, which is why partnering with a provider who can support you across a breadth of capabilities and understand the regulatory and organisational complexities is increasingly important.
As an assured National Cyber Security Centre (NCSC) Cyber Incident Response (CIR) Level 1 provider, we have been supporting organisations across all sectors including those in highly regulated industries with incident response and digital forensics services since 1998.
Our tried and tested methodology helps you rapidly respond to complex incidents and implement a recovery strategy. We bring a breadth of capability, including our global threat intelligence practice, crisis management and communications expertise, board and executive support, along with a well established methodology for data breach reviews and claims support.
Our incident response retainers provide global, on-demand, 24/7/365 access to a specialist incident response team in the event of a cyber security incident.
Our approach to retainers emphasises ongoing collaboration and contact throughout the year. We believe that incident response and intelligence teams who maintain an ongoing connection, and who are familiar with each other, will also be able to collaborate more effectively and promptly in an incident.
Initial and ongoing workshops to understand your business, IT infrastructure, existing incident response policies and procedures, and enable an effective response.
Our retainer includes a four hour SLA and can becustomised further givingyou confidence that youhave access to experts if anincident occurs.
Our retainer is modularand fully customisable, allowing you to select the benefits that you need most.
Real-time virtual communication enabled by Slack or Teams with the PwC incident response team, to make sure we are an extension of your team, and not just another service provider.
Access to our monthly threat intelligence summary reporting, and a range of other PwC intelligence resources such as our quick response tipper programme.
Unused retainer hours can be used on preparedness and other cyber security services, to maximise your return on investment.
Rapid access to a range of additional cyber security services (including threat intelligence and threat detection) to inform wider security strategy.
Emailing PwC’s monitored inbox incident.response@pwc.com
Calling PwC’s 24/7 hotline +44 808 196 2169
Posting a message in your dedicated Slack or Teams channel
In an environment of growing cyber security threats, it is essential that organisations have well-documented, understood, and exercised plans and playbooks to ensure you are ready to respond when a cyber security incident or crisis occurs and to quickly recover.
As a strategic partner, we are able to support you across all pillars of your cyber defence programmes.
We can assist in the creation, customisation, or updating of incident response plans and playbooks. And our deep expertise and experience enables us to support you with the provision of anything from highly technical step-by-step guidance to higher-level strategic decision-making support, such as managing the response to ransomware attacks.
There is a clearly defined response framework and supporting governance, clear ownership, pre-agreed decision-making authority and escalation pathways; all enabling rapid response when needed.
The response and recovery capability spans both business and technical concerns, drawing on broad cross-organisational capabilities; ensuring you have the right people engaged from the outset.
People, processes and tools are rehearsed and ready to respond when a cyber attack occurs; building a strong ‘muscle memory’ that can be quickly triggered.
Business-as-usual operations are quickly restored and lessons learned are identified and addressed to help prevent recurrence; enhancing overall operational resilience.
Our post incident review capability involves a thorough examination and analysis of a cyber security incident that has occurred within an organisation. The overall purpose is to provide recommendations across people, processes and technology to help implement lessons learned from the incident, and reduce the likelihood and impact of future attacks.
In May 2021, the Irish Health Service Executive (HSE) suffered a well publicised ransomware attack. PwC was commissioned by the Board of the HSE to conduct an independent post incident review. Our comprehensive review of the incident highlighted many strategic and tactical recommendations for HSE. It also provided key learnings applicable to all organisations.
Read the full report Conti cyber attack on the HSE - Independent post incident review.
