Skip to content Skip to footer

Loading Results

Cybersecurity Strategy and Transformation


We help organisations build an effective security governance

Our Strategy Transformation services help clients understand the current cybersecurity and privacy landscape, make cybersecurity a collective priority, and develop and implement solutions across people, processes, and technologies.

We provide the foundations to design, manage and operate a cybersecurity program aligned to business strategy, and increase organisational resilience in the face of an ever changing threat landscape.

PwC Mauritius - Strategy and Transformation

Discover our areas of focus

From cyber resilience to cyber risk quantification, find our more on how we help organisations work smarter and grow securely.

Cyber resilience

Building confidence in your digital future

Maturity assessment and security roadmap development

Your Challenges:

  • Is  your business resilient to a cyber-attack?
  • Which threats should you be most concerned about?
  • Are there gaps in your cybersecurity capabilities?
  • Are you making the right investment to protect your business? 
  • Is your information security strategy aligned with your business objectives?

How can we help you?

  • Cybersecurity maturity assessment against PwC’s Cybersecurity and International frameworks.
  • Security roadmap and investment plan to secure your digital future and reach the desired maturity.
  • Develop business case and target operating model for Security Operation Centre (SoC) and Data Centre design in line with TIA-942, Energy Star, ISO and NIST leading framework.

Key benefits:

  • Enhance brand and reputation.
  • Assess program effectiveness.
  • Reduce communication and compliance burdens.
  • Demonstrate value to board and audit committee.

CISO as a service

Your Challenges:

  • Are your cybersecurity initiatives aligned with your business objectives?
  • Is cybersecurity strategically managed from the C-suite and boardroom?
  • Is a C-Level stakeholder responsible and dedicated to information security?
  • Do you measure and demonstrate to stakeholders the effectiveness of your cybersecurity efforts?
  • Does your program leverage stride in cybersecurity to boost your economic performance?

How can we help you?

  • Provide strategic role as Virtual Chief Information Security Officer (V-CISO).
  • Establish Cyber Security framework and build security culture within the organisation.
  • ConductCyber Security risk assessment and define controls aligned to leading standards -NIST, ISO 27001 series, PCI and CIS controls.
  • Define key performance and security indicators (KPI/KRI) to monitor the effectiveness of your security programme.
  • Manage ongoing security activities with defined set of processes and procedures to identify, detect, protect, respond and recover from cyber incidents.

Key benefits:

  • Virtual Chief Information Security Officer (V-CISO) to align your cyber investment on projects and be a market differentiator.
  • Assist clients to understand business objectives based on industry expertise and peer comparisons in order to strategically plan security initiatives.
  • Assist you to transpose security objectives into non-technical terms and accurately communicate risk to your board and audit committees.
  • Establish and measure Key Risk Indicators (KRIs) aligned with enterprise risk management objectives. 

Security culture and board reporting

Cyber behaviour and decision making

  • Do you want to raise your employees’ awareness of information security risks?
  • Are your employees aware of phishing emails and its impact to the organisation?
  • Do your employees know that the information they put on the Internet or Social Media could be potentially used against them or their organisation?
  • Did it occur that one of your employees accidentally caused a major security breach?
  • Do you want to train your employees so that they are able to detect phishing attacks?


  • Tailored awareness workshops(e-learnings, cyber scenario testing) and delivery of the overall awareness program to build security culture.
  • Learning from real life case-studies, to get insights on the key cyber-attacks and countermeasures that can be put in place to protect personal and corporate data.
  • Reduce risk of errors and spread awareness of cybersecurity risks and how they can be reduced.
  • Familiarise employees with the appropriate rules and procedures defined by your organisation.
  • Use behavioural approaches to diagnose shift in cyber behaviours.

Gamification for C-Suite  – Virtual Reality and Game of Threats for cyber crisis simulation

  • How prepared are you to respond to cyber threats?
  • Do you have a strategy in place to deal with cyber incidents?
  • Are you confident that you have the appropriate security in place to defend and respond to attacks?
  • Are you willing to test your ability of making quick, high-impact decisions during real simulation of cyber-attack?
  • Interactive platform where the impact of the decisions can be seen in real-time.
  • Game play replicating real world challenges designed around the concept of a shuffled deck of “virtual cards” displayed on-screen.
  • Detailed summary of each game and reviewing both teams’ strategy, actions and missed opportunities.
  • A multi-layered approach to email security that combined automated detection with phishing awareness measures.
  • Phishing simulations which mimic real-life attack scenarios and teach C-Suite to spot phishing scams and avoid the hefty cost of a data breach.
  • Interactive platform for security awareness training combined with simulated phishing attacks to manage the continuing problem of social engineering.
  • Help understand the patterns that can make the biggest difference and provide valuable insight into emerging cyber threats.
  • A unique way to help educate and raise awareness of cybersecurity enabling organisations to experience the key decisions that need to be made during a cyber-attack.
  • Valuable knowledge of how to prepare for a cyber incident, where the threat might come from and how to respond in the face of a potentially high-profile attack.

Defining security metrics and reporting pack for board and audit committee

  • How do your information security investments help further your  institutional mission and goals?
  • Are you more secure today than you were before?
  • How effective is our cybersecurity strategy at addressing the risks your business faces ?
  • Are you able to validate your ongoing security assurance efforts?
  • Can you justify your budget requests to the board for managing risk and defending against threats?
  • Measure and monitor information security processes and controls.
  • Engage strategic planning to determine why, where and how to implement new security controls.
  • Measure the effectiveness of your security programme.
  • Help to meet business goals and manage risks.
  • Maintain efficient, uninterrupted operational processes.
  • Comply with legal, regulatory and contractual obligations.

ISO standard programme delivery and support

Information Security Management System (ISMS) - ISO 27001 implementation

  • How to align your internal security practice and framework against security best practices (ISO27001, ISO27002)?
  • How to establish a security framework by implementing an Information Security Management System (ISMS)?


  • Perform gap analysis on your security controls  against the international standard for Information Security Management System (ISMS) known as ISO27001:2013.
  • Implement ISMS based on the tailored recommendations from gap analysis.
  • Assist you in ISO 27001 certification and continuous improvement.
  • Safeguard your own and your customer’s valuable data and intellectual property rights.
  • Mitigate the risk of large financial penalties and comply with business, legal, contractual and regulatory obligations.
  • Support a continuous cycle of improvement throughout your organisation.
  • Differentiate your organisation in the market as ISO 27001 compliant.

Business Continuity Management System (BCMS) - ISO 22301 implementation

  • Are you aware of your business continuity risks and their potential impact?
  • Can you estimate your  financial  and operational impacts in case of business interruption?
  • What are the business functions you should recover first?
  • Are your critical suppliers and service providers viable?
  • Does your IT disaster recovery plan support your business recovery requirements?
  • Implement a business continuity management framework based on ISO22301.
  • Execute business impact analysis and develop the business continuity strategies considering associated costs and benefits.
  • Develop business continuity, incident response and crisis management plans.
  • Support in preparing training, simulation and continuous improvement.
  • Enhance your preparedness to respond and operate your business during a crisis
  • Understand your business priorities to keep your business going.

Cyber risk quantification

  • What are your top cyber risks and how much exposure do they represent?
  • What is the actual financial impact to the business if these cyber risks were to occur?
  • How are financial  impacts, arising from cyber risks,  aligned to your organisation's risk appetite?
  • How effective are your investments in risk reduction (return on security investments)?
  • How are cyber risks communicated to the executives and board, so they clearly understand risk impact, ownership and governance?
  • Articulate the  business and financial impacts of cyber risks for C-suite.
  • Quantify the extent of cyber risks and threats.
  • Assist you in negotiating  insurance premiums.
  • Enhance the role of Boards and the CEO in cyber risk oversight.
  • Enables youto evolve beyond compliance to strategic risk management.
  • Quantify your risks, which will turn information into actionable insights.
  • Align your stakeholders  - Technicians, risk managers, executives and directors are on the same page about cyber risk.
  • Measure the effectiveness of existing controls, justify your  investment and remediate the risk according to your appetite.

Third party risk management

Your Challenges:

  • Are you fully aware of your third parties’ security practices, and are you comfortable with the level of information security they provide?
  • Are you currently in the process of selecting a new service provider? Do you believe that information security is a key consideration?
  • Are you facing difficulties in assessing the security maturity of your third parties?
  • Was a recent security incident imputed to one of your third parties?

How can we help?

  • A web-platform that will enable you to centrally manage security assessments of your third parties.
  • Tailored questionnaires based on leading practices and international standards to assess your third parties.
  • Support in processing questionnaires from third parties to determine their maturity level.
  • Onsite, remote, or self-assessments of your third parties as deemed appropriate.

Key benefits:

  • Accurate, fast and reliable monitoring of third-party security.
  • Increasing the efficiency and effectiveness of third-party risk management.

Regulatory compliance services

Your Challenges:

  • Are you able to demonstrate compliance with regulatory requirements (central banks guidelines, PCI DSS, SWIFT) ?
  • Are there correct governance and controls in place to maintain compliance?
  • Have you planned to attest your level of compliance against mandatory regulatory controls?

How can we help you?

  • Perform an assessment to identify and define the scope of regulatory compliance.
  • Compare what you have in place against regulatory control requirements and identify areas of compliance and non-compliance.
  • Develop corrective actions to support internal teams in remediation activities.
  • Prepare to demonstrate compliance to regulatory requirements and to maintain it on an ongoing basis.

Key benefits:

  • Increased customer trust and brand loyalty through certification demonstrating how well you consider, govern, manage and respond to cyber security incidents.
  • Avoiding the risk of a large punitive regulatory fining regime from regulators.


Contact us

Jean-Pierre Young, ACA, CIA

Jean-Pierre Young, ACA, CIA

Advisory Leader, PwC Mauritius

Tel: +230 404 5028

Vikas Sharma

Vikas Sharma

Partner, Cybersecurity & Privacy, PwC Mauritius

Tel: +230 404 5015

Follow PwC Mauritius