PwC, the ‘elephant standing in plain sight’, for cyber incident response, according to leading independent analyst firm Aite-Novarica

February 09, 2022

According to the Aite-Novarica report entitled ‘Incident Response and Retainer Services, Responding to the Scene of the Crime’, “PwC may not be the first company that comes to mind when asked to name Incident Response and Retainer (IRR) firms, as this vendor is a best-kept secret. It is a proverbial elephant hiding in plain sight”.  The report continues saying “[PwC] is one of the few firms that can put boots on the ground globally and handle the world’s largest and most complex cyberattacks. Aite-Novarica Group found its breach readiness assessment (IR3) tool and crisis simulation solutions perfect for ensuring the level of IRR services would be commensurate with an organization’s needs.”

The general IRR market comprises products, consulting services, certification courses, and education extending to segments as diverse as crisis response, product tampering, industrial accidents, and specialized environments such as supervisory and data acquisition systems, according to the report.   The report further describes the consulting services, such as those offered by PwC, as those that “ specialize in full life cycle incident response, with many extending their IRR to digital forensics using essentially the same resources. Providers [like PwC] in this category often offer penetration testing, threat hunting, red-teaming, etc”

In the report, Aite-Novarica Group recommends taking a serious look at PwC’s IRR tiers and readiness services, and suggests a “key evaluation consideration is its portfolio of incident readiness services, [should consist of its] framework and policies assessment; development of playbooks, forensics, and incident response readiness assessments; first responder training; threat profiling and modeling; and IR engineering.” The report finally notes that executives should “avoid the temptation to dismiss this large consulting firm as too expensive; its price structure is quite similar to any other high-end IRR service providers.”

“We value this research and appreciate the recognition by Aite-Novarica. Intrusions are happening every hour, so no business or technology executive can ever promise that their organization will not be breached”, notes Sean Joyce,Global Cybersecurity & Privacy Leader, US Cyber, Risk & Regulatory Leader, PwC US. “ But customers, employees, investors, regulators, and business partners must expect that these leaders take the necessary steps with incident readiness and response capabilities noted in this report to protect business assets from threat actors, their intentions, and the fallout of cyber attacks.”


Team meeting

Contact us

Rob Donnelly

Global Analyst & Advisor Relations Leader, New York, PwC United States

+1 (917) 471 3355


Follow us