Site Search Site Search
Home Services Consulting Risk Consulting Cybersecurity consulting Cyber incident response and recovery services

Menu

Loading Results

Cyber incident response and recovery services

All organisations need to be able to successfully respond to and recover from cyber attacks. This relies on being prepared and drawing on a broad range of organisational capabilities including technical cyber incident response and recovery, IT incident management, IT disaster recovery, business continuity, crisis management and operational resilience.

This capability is increasingly important as:

  • Cyber incidents and the crises they can trigger are increasingly complex, with malicious threat actors constantly evolving their tools and techniques to have as much impact as possible.
  • Businesses are dependent on interconnected and interdependent IT, regulations are strict, and public expectation of transparency is high. Regulators require organisations to respond within specific set of hours or face significant fines.
  • Operational resilience is a key regulatory requirement for many industries, with a particular focus on cyber security, as companies become more technology reliant.
  • Bringing in an incident response provider in the middle of an incident without having a retainer in place can significantly delay response due to the time needed for onboarding.

In this environment, it is essential that organisations have well-documented, understood, and exercised plans and processes; ready to respond when a cyber incident or crisis occurs and to quickly recover. These should encompass the entire organisation – from technical first responders to functional teams, business units and strategic decision makers.

Benefits of an effective cyber incident response and recovery plan

Rapid response

There is a clearly defined response framework and supporting governance, clear ownership, pre-agreed decision-making authority and escalation pathways; all enabling rapid response when needed.

Integrated response

The response and recovery capability spans both business and technical concerns, drawing on broad cross-organisational capabilities; ensuring you have the right people engaged from the outset.

Increased readiness

People, processes and tools are rehearsed and ready to respond when a cyber attack occurs; building a strong ‘muscle memory’ that can be quickly triggered.

Emerging stronger

Business as usual operations are quickly restored and lessons learned are identified and addressed to help prevent recurrence; enhancing overall operational resilience.

Our approach to cyber incident response and recovery

Our incident response and recovery team has a broad range of capabilities to be able to provide support across the prepare, respond and recover phases of a cyber crisis or incident.

“PwC demonstrated an exceptional ability to blend technical skill with executive-level communication.”

Forrester c4 2019

Ensuring you are prepared to respond and recover from cyber incidents and crises

We can help to:

  • Perform an assessment to identify gaps in your current response and recovery capabilities and help to address these.
  • Identify the key cyber threat scenarios that you need to prepare for, ensuring that the most plausible and potentially damaging scenarios are considered.
  • Create scenario response playbooks and technical runbooks to help ensure a coordinated response, covering highly technical step-by-step guidance, through to organisational and strategic decision making support.
  • Define response frameworks and the underpinning processes.
  • Ensure business continuity plans help maintain the most important business services in the event of a cyber attack.
  • Ensure you have the right forensic data and technology available to thoroughly investigate a crisis or incident and inform a containment strategy.
  • Create response and recovery training and coaching materials and deliver these through a range of mediums, targeting both technical-level teams and senior management.
  • Run tailored exercises ranging from discussion-based ‘plan walk-throughs’ to immersive, interactive multi-team dynamic simulation exercises and war games for teams from technical experts through to senior leadership level.

Provide expert cyber response capability

We can help to:

  • Provide on-demand access to a technical response team to quickly scope, contain and remediate the incident.
  • Establish the technical and strategic response structures which will coordinate decision making across all business functions.
  • Identify all stakeholders and develop a communication strategy that ensures they are appropriately engaged and informed where necessary.
  • Provide a project management office capability for the duration of the crisis or incident.
  • Investigate to determine the scope of malicious activity and impact to the business.
  • Monitor for attacker activity with security tooling deployed across the environment.
  • Conduct proactive root cause analysis to establish the facts and timelines of the incident.

Helping to recover and restore business as usual operations, understand root cause and address lessons learned

We can help to:

  • Facilitate a post incident or crisis review to help establish root cause(s), identify lessons learned and form plans to address both.
  • Realign strategic programmes to ensure they are addressing the root cause(s) and lessons learned.
  • Plan and deliver strategy and transformation programmes, helping to build sustainable security capabilities.
  • Plan the rebuild and recovery of the systems, applications and processes impacted by the incident or crisis with priorities agreed with functional leaders.
  • Plan and execute a remediation event to remove attacker access to the environment.
  • Analyse and take action to close off the attack paths.
  • Rapidly enhance detection and response capabilities to act as a compensating control until improvements are implemented.

Incident response retainers

We can also provide on-demand support from our specialist cyber incident response team to prepare and manage your broader organisational response. This includes:

  • Workshops to understand your IT estate and existing incident response policies and procedures.
  • On-site and remote response service level agreement (SLAs).
  • Emergency response hotline.
  • Real-time virtual communication with a dedicated incident response team.
  • Crisis preparedness support where it is needed from board-level to first-responder teams.
  • Access to our customised incident reporting templates.
  • Any unused retainer hours/days can be spent on other incident response services.
  • Access to a range of threat intelligence services and detailed reporting to inform your wider security strategy.

What are the benefits?

  • Rapid and effective response to reduce the impact of a cyber security incident.
  • Understanding of your organisation across technical, strategic, legal and crisis management priorities.
  • Customisable service agreements to suit your business requirements.
  • Availability of relevant documentation and data to demonstrate compliance to stakeholders and regulators.
  • Rapid access to a wide-range of cyber security, forensic, business advisory experts – all of whom are experienced in working closely together in times of crisis.

Why choose us as your cyber incident response partner?

  • Along with having an in-depth technical knowledge, we also understand the business, legal and regulatory context that underpins your operations. Hence, we bring the right blend of expertise and insight to support a truly holistic and end-to-end response.
  • We are with you all the way, and don’t step away once the incident is closed. We support and advise you through your remediation needs, and help to drive the right sort of transformation.
  • We are technology agnostic, and we’re not only in it for a sale.
  • Our expert staff are handpicked and have years of experience identifying and responding to a range of incidents on some of the world’s most sensitive networks.
  • Our services are powered by in-house threat intelligence and threat detection capabilities, providing first hand insight into the latest attacker techniques.

Related content

Loading...
Loading...
We unite expertise and tech so you can outthink, outpace and outperform
See how
Follow us
Hide

Required fields are marked with an asterisk(*)

Your personal information will be handled in accordance with our Privacy Statement. You can update your communication preferences at any time by clicking the unsubscribe link in a PwC email or by submitting a request as outlined in our Privacy Statement.

Contact us

Raymond Teo

Raymond Teo

Cyber Leader, South East Asia Consulting, PwC Singapore

Tel: +65 8522 3492

Email