Incident response

Preserving trust during cyber incidents

Latest insights - 4 items

2025 Global Digital Trust Insights

Bridging the gaps to cyber resilience: The C-suite playbook

Global Compliance Survey 2025

Moving faster: Reinventing compliance to speed up, not trip up

FS Regulatory Risk and Compliance Digest

Stay abreast with the latest regulatory developments

Updates to the MAS Outsourcing Notices

What banks and merchant banks need to know about Notice 658 and 1121

In the digital age, all organisations need to be able to successfully respond to and recover from cyber attacks – it’s no longer a matter of if, but when. This relies on being prepared and drawing on a broad range of organisational capabilities including technical cyber incident response and recovery, IT incident management, IT disaster recovery, business continuity, crisis management and operational resilience.

This capability is increasingly important as:

Cyber incidents and the crises they can trigger are increasingly complex, with malicious threat actors constantly evolving their tools and techniques to have as much impact as possible.
Businesses are dependent on interconnected and interdependent IT, regulations are strict, and public expectation of transparency is high.
Operational resilience is a key regulatory requirement for many industries, with a particular focus on cyber security, as companies become more technology reliant.
Bringing in an incident response provider in the middle of an incident without having a retainer in place can significantly delay response due to the time needed for onboarding.

In this environment, it is essential that organisations have well-documented, understood, and exercised plans and processes; ready to respond when a cyber incident or crisis occurs and to quickly recover. These should encompass the entire organisation – from technical first responders to functional teams, business units and strategic decision makers.

How our incident response services can help you

Responding effectively to cyber incidents requires you to get your affairs in order in advance, so that when it comes time to actually responding, you can handle the incident with agility and clarity. This paves the way for a smoother recovery process, ensuring that trust remains intact.

Preparation
Detection and analysis
Containment, eradication and recovery
Post-incident activity

Preparation

Laying the groundwork to effectively respond to cyber attacks

When it comes to incident response, there’s no such thing as being overly prepared. Digital transformation has increased the surface area of cyber attacks in organisations’ technology systems and processes. It’s no longer a matter of if, but when.

We can help you:

Perform an assessment to identify gaps in your current response and recovery capabilities and help to address these.
Identify the key cyber threat scenarios that you need to prepare for, ensuring that the most plausible and potentially damaging scenarios are considered.
Create scenario response playbooks and technical runbooks to help ensure a coordinated response, covering highly technical step-by-step guidance, through to organisational and strategic decision making support.
Define response frameworks and the underpinning processes.
Ensure business continuity plans help maintain the most important business services in the event of a cyber attack.
Ensure you have the right forensic data and technology available to thoroughly investigate a crisis or incident and inform a containment strategy.
Create response and recovery training and coaching materials and deliver these through a range of mediums, targeting both technical-level teams and senior management.
Run tailored exercises ranging from discussion-based ‘plan walk-throughs’ to immersive, interactive multi-team dynamic simulation exercises and war games for teams from technical experts through to senior leadership level.

Detection and analysis

Identifying incidents quickly, and analysing their ramifications

The first step toward effective incident response is developing an awareness and understanding of the nature, scope and potential impact of the incident.

We can help you:

Provide on-demand access to a technical response team to quickly scope the extent and severity of the incident.
Establish the technical and strategic response structures which will coordinate decision making across all business functions.
Identify all stakeholders that are potentially affected by the incident.
Investigate to determine the scope of malicious activity and impact to the business.
Conduct proactive root cause analysis to establish the facts and timelines of the incident.

Containment, eradication and recovery

Limiting the damage of cyber incidents, putting an end to the event and returning to business as usual

The first step toward effective incident response is developing an awareness and understanding of the nature, scope and potential impact of the incident.

We can help you:

Provide on-demand access to a technical response team to contain and remediate the incident.
Develop a communication strategy that ensures key stakeholders are appropriately engaged and informed where necessary.
Provide a project management office capability for the duration of the crisis or incident.
Monitor for attacker activity with security tooling deployed across the environment.
Analyse and take action to close off the attack paths.
Plan and execute a remediation event to remove attacker access to the environment.

Post-incident activity

Extracting key learnings for future prevention

The aftermath of a cyber incident not only involves restoring normal business operations, but is also a window of opportunity to understand the root cause of the incident and determine the measures that can be taken now to prevent similar events from happening again.

We can help you:

Facilitate a post-incident or crisis review to help establish root cause(s), identify lessons learned and form plans to address both.
Realign strategic programmes to ensure they are addressing the root cause(s) and lessons learned.
Plan and deliver strategy and transformation programmes, helping to build sustainable security capabilities.
Plan the rebuild and recovery of the systems, applications and processes impacted by the incident or crisis with priorities agreed with functional leaders.
Rapidly enhance detection and response capabilities to act as a compensating control until improvements are implemented.

Upcoming events

05/05/25

PwC at Ecosperity Week 2025

Confronting a world in transition: Strong climate plans, adaptation, nature-based solutions for a resilient future.

11/04/25

Asia Pacific M&A Summit

04/11/24

PwC Singapore at COP29

PwC Singapore will join the Singapore Pavilion at COP29 to catalyse the shift from visionary ideals to concrete actions, realising our shared climate vision together.

17/10/24

Singapore fund tax incentive schemes – What’s new?

MAS extends and revises fund tax incentives under ITA sections 13D, 13O, 13U, and introduces new scheme under 13OA.

Hide

Required fields are marked with an asterisk(*)

Business email*

Name*

Organisation*

Job title*

Message*

Tick the box to verify you are not a robot. *

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Incident response

Latest insights - 4 items

2025 Global Digital Trust Insights

Global Compliance Survey 2025

FS Regulatory Risk and Compliance Digest

Updates to the MAS Outsourcing Notices

How our incident response services can help you

Preparation

Laying the groundwork to effectively respond to cyber attacks

Upcoming events

PwC at Ecosperity Week 2025

Asia Pacific M&A Summit

PwC Singapore at COP29

Singapore fund tax incentive schemes – What’s new?

Thank you!