Our stories

Building a secure digital society

Today, customers and employees understand the value of their personal data held by businesses and they rightly expect them to store it securely and use it sensitively.

Setting the scene

Today, customers and employees understand the value of their personal data held by businesses and they rightly expect them to store it securely and use it sensitively. High-profile data breaches have caused reputational damage to companies and can now attract significant regulatory fines. According to Government research, one in three businesses identified breaches last year - the true number of actual breaches may be even higher.

But in a technology-enabled world it’s not just personal data that needs protecting. Cyber threats can also disrupt the entire operations of an organisation, affecting business continuity and impacting end users. It’s easy to see why our 2019 CEO survey found that 79% of UK business chiefs cite cyber security as a top concern for their organisation’s growth prospects

79% of CEOs identified cyber security as their top threat to growth


Who we are

Our 300-person Cyber Security practice helps organisations both protect their systems and data and respond to incidents when they occur, and we are one of the few companies of our size and global reach to be a certified provider under the National Cyber Security Centre's Cyber Incident Response (CIR) scheme. That means we are deemed able to respond to sophisticated attacks on networks of national significance. Our UK practice has a significant regional footprint while also being a global centre of excellence in the PwC network, working with clients at home and abroad. 

With a clear sense of purpose ‘to build a secure digital society’ deeply ingrained in the practice, we are helping clients - public and private - to understand the risks, build and assure their cyber defences. In addition our incident and crisis response experts help defend clients from attacks in real time, regularly engaging with hostile actors to contain and recover from breaches, including by nation states and global organised crime (for example with the growing trend in disruptive ransomware attacks). Where we help one organisation defend or recover from an attack we use the insights gained to help protect others facing the same risk. 

Our work for clients

This year we created and developed an immersive virtual reality experience, letting users experience a cyber attack in real time. This allows them to play out the scenarios, analyse decisions and data to produce better plans and ultimately deliver the best possible outcomes. This is built on years of experience helping organisations deal with the crisis after a major attack has happened, for example in one case this year helping a business after a breach resulted in a complete shutdown of all of their global IT systems. Boards come to us because we have the technical expertise to deal with the attack and put systems back online, but also to help them prioritise recovery based on strategic priorities. We also assist with communicating to relevant stakeholders, including investors where there is a market disclosable event. 

But our practice does not standalone; instead, it is both supported by, and a source of expertise for the rest of our firm. For example, where a business we audit has experienced a cyber breach the responsible audit partner will ask our cyber experts to assess whether the breach has had an impact on the reliability of the statements prepared by management. Are the systems reliable? Can the audit partner have confidence in the integrity of the data? We also input to due diligence undertaken by our Deals business and are embedded in teams implementing technology transformations for our clients. 

300 cyber security experts


Growing our impact

Many of our people want to work at PwC because of the types of clients we work with and the breadth of issues we support our clients on. While this means we can attract the brightest technologists, we need to make sure that we attract and recruit a diverse pool of talent too. We are creating 70 new roles over the next two years across a dozen hub cities, including 25 in Cardiff, to scale our Ethical Hacking team, and working closely with local universities and colleges. While as a firm we still have much to do, we’re proud of what we’ve achieved to promote diversity in our Cyber Security team at all grades.

If you are interested to find out more about how PwC manages its own cyber risks, then please see the Governance and Transparency section of our digital Annual Report. 

 

creating 70+ new jobs in the next two years

We unite expertise and tech so you can outthink, outpace and outperform
See how