Cybersecurity Strategy and Transformation


We help organisations build an effective security governance

Our Strategy Transformation services help clients understand the current cybersecurity and privacy landscape, make cybersecurity a collective priority, and develop and implement solutions across people, processes, and technologies.

We provide the foundations to design, manage and operate a cybersecurity program aligned to business strategy, and increase organisational resilience in the face of an ever changing threat landscape.

PwC Mauritius - Strategy and Transformation

Discover our areas of focus

From cyber resilience to cyber risk quantification, find our more on how we help organisations work smarter and grow securely.

Cyber resilience

Building confidence in your digital future

Maturity assessment and security roadmap development

Your Challenges:

  • Is  your business resilient to a cyber-attack?
  • Which threats should you be most concerned about?
  • Are there gaps in your cybersecurity capabilities?
  • Are you making the right investment to protect your business? 
  • Is your information security strategy aligned with your business objectives?

How can we help you?

  • Cybersecurity maturity assessment against PwC’s Cybersecurity and International frameworks.
  • Security roadmap and investment plan to secure your digital future and reach the desired maturity.
  • Develop business case and target operating model for Security Operation Centre (SoC) and Data Centre design in line with TIA-942, Energy Star, ISO and NIST leading framework.

Key benefits:

  • Enhance brand and reputation.
  • Assess program effectiveness.
  • Reduce communication and compliance burdens.
  • Demonstrate value to board and audit committee.

CISO as a service

Your Challenges:

  • Are your cybersecurity initiatives aligned with your business objectives?
  • Is cybersecurity strategically managed from the C-suite and boardroom?
  • Is a C-Level stakeholder responsible and dedicated to information security?
  • Do you measure and demonstrate to stakeholders the effectiveness of your cybersecurity efforts?
  • Does your program leverage stride in cybersecurity to boost your economic performance?

How can we help you?

  • Provide strategic role as Virtual Chief Information Security Officer (V-CISO).
  • Establish Cyber Security framework and build security culture within the organisation.
  • ConductCyber Security risk assessment and define controls aligned to leading standards -NIST, ISO 27001 series, PCI and CIS controls.
  • Define key performance and security indicators (KPI/KRI) to monitor the effectiveness of your security programme.
  • Manage ongoing security activities with defined set of processes and procedures to identify, detect, protect, respond and recover from cyber incidents.

Key benefits:

  • Virtual Chief Information Security Officer (V-CISO) to align your cyber investment on projects and be a market differentiator.
  • Assist clients to understand business objectives based on industry expertise and peer comparisons in order to strategically plan security initiatives.
  • Assist you to transpose security objectives into non-technical terms and accurately communicate risk to your board and audit committees.
  • Establish and measure Key Risk Indicators (KRIs) aligned with enterprise risk management objectives. 

Security culture and board reporting

Cyber behaviour and decision making

  • Do you want to raise your employees’ awareness of information security risks?
  • Are your employees aware of phishing emails and its impact to the organisation?
  • Do your employees know that the information they put on the Internet or Social Media could be potentially used against them or their organisation?
  • Did it occur that one of your employees accidentally caused a major security breach?
  • Do you want to train your employees so that they are able to detect phishing attacks?


  • Tailored awareness workshops(e-learnings, cyber scenario testing) and delivery of the overall awareness program to build security culture.
  • Learning from real life case-studies, to get insights on the key cyber-attacks and countermeasures that can be put in place to protect personal and corporate data.
  • Reduce risk of errors and spread awareness of cybersecurity risks and how they can be reduced.
  • Familiarise employees with the appropriate rules and procedures defined by your organisation.
  • Use behavioural approaches to diagnose shift in cyber behaviours.

ISO standard programme delivery and support

Information Security Management System (ISMS) - ISO 27001 implementation

  • How to align your internal security practice and framework against security best practices (ISO27001, ISO27002)?
  • How to establish a security framework by implementing an Information Security Management System (ISMS)?


  • Perform gap analysis on your security controls  against the international standard for Information Security Management System (ISMS) known as ISO27001:2013.
  • Implement ISMS based on the tailored recommendations from gap analysis.
  • Assist you in ISO 27001 certification and continuous improvement.
  • Safeguard your own and your customer’s valuable data and intellectual property rights.
  • Mitigate the risk of large financial penalties and comply with business, legal, contractual and regulatory obligations.
  • Support a continuous cycle of improvement throughout your organisation.
  • Differentiate your organisation in the market as ISO 27001 compliant.

Cyber risk quantification

  • What are your top cyber risks and how much exposure do they represent?
  • What is the actual financial impact to the business if these cyber risks were to occur?
  • How are financial  impacts, arising from cyber risks,  aligned to your organisation's risk appetite?
  • How effective are your investments in risk reduction (return on security investments)?
  • How are cyber risks communicated to the executives and board, so they clearly understand risk impact, ownership and governance?
  • Articulate the  business and financial impacts of cyber risks for C-suite.
  • Quantify the extent of cyber risks and threats.
  • Assist you in negotiating  insurance premiums.
  • Enhance the role of Boards and the CEO in cyber risk oversight.
  • Enables youto evolve beyond compliance to strategic risk management.
  • Quantify your risks, which will turn information into actionable insights.
  • Align your stakeholders  - Technicians, risk managers, executives and directors are on the same page about cyber risk.
  • Measure the effectiveness of existing controls, justify your  investment and remediate the risk according to your appetite.

Third party risk management

Your Challenges:

  • Are you fully aware of your third parties’ security practices, and are you comfortable with the level of information security they provide?
  • Are you currently in the process of selecting a new service provider? Do you believe that information security is a key consideration?
  • Are you facing difficulties in assessing the security maturity of your third parties?
  • Was a recent security incident imputed to one of your third parties?

How can we help?

  • A web-platform that will enable you to centrally manage security assessments of your third parties.
  • Tailored questionnaires based on leading practices and international standards to assess your third parties.
  • Support in processing questionnaires from third parties to determine their maturity level.
  • Onsite, remote, or self-assessments of your third parties as deemed appropriate.

Key benefits:

  • Accurate, fast and reliable monitoring of third-party security.
  • Increasing the efficiency and effectiveness of third-party risk management.

Regulatory compliance services

Your Challenges:

  • Are you able to demonstrate compliance with regulatory requirements (central banks guidelines, PCI DSS, SWIFT) ?
  • Are there correct governance and controls in place to maintain compliance?
  • Have you planned to attest your level of compliance against mandatory regulatory controls?

How can we help you?

  • Perform an assessment to identify and define the scope of regulatory compliance.
  • Compare what you have in place against regulatory control requirements and identify areas of compliance and non-compliance.
  • Develop corrective actions to support internal teams in remediation activities.
  • Prepare to demonstrate compliance to regulatory requirements and to maintain it on an ongoing basis.

Key benefits:

  • Increased customer trust and brand loyalty through certification demonstrating how well you consider, govern, manage and respond to cyber security incidents.
  • Avoiding the risk of a large punitive regulatory fining regime from regulators.


{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}

Contact us

Jean-Pierre Young, ACA, CIA

Jean-Pierre Young, ACA, CIA

Advisory Leader, PwC Mauritius

Tel: +230 404 5028

Vikas Sharma

Vikas Sharma

Partner, Cybersecurity & Privacy, PwC Mauritius

Tel: +230 404 5015

Follow PwC Mauritius