Cyber incident response

Ready to help you 24/7 with your cyber incident

E-mail us

Call us

PwC is one of very few companies that offer a comprehensive approach to dealing with incidents that are a threat to security.

Cyber incident readiness and response

Cyber security incidents have become inevitable; the result of our increasingly interconnected and technology-enabled world. As the increasing frequency of high-profile breaches shows, no organisation is immune. It's important you're prepared and able to respond effectively - whatever your industry, location or organisation size.

Now is the time to take action

Regulations such as GDPR and NIS2 require organisations to respond within 72 hours or face significant fines.
More and more cyber insurance providers now expect their clients to demonstrate adequate level of preparedness before making a claim.
Bringing in an incident response provider in the middle of an incident without having a retainer in place can significantly delay response due to the time needed for onboarding.
Response efforts often fail due to a lack of expertise and poor approach to incident response planning.

What questions should you be asking?

Many people and departments have a role to play in ensuring that your organisation is able to effectively respond to cyber security incidents. This includes board level stakeholders such as the CEO, CFO, CTO, CISO, market and communications, legal counsel, internal audit, security specialists and IT Operations. Your business should address:

Have you identified the business' “crown jewels”?
Are we prepared to respond to a cyber security incident?
Do you have plans in place to respond to, and recover from, the most likely scenarios?
Have you exercised your plans?
What would your worst case cyber security incident look like?
Do you have the capability to contain and limit the impact of a breach?
Do you know who to call should the inevitable happen?

If the answer to any of these questions is "no", PwC can help.

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, please send us an email at Contact-us.

PwC satisfies the requirements set by the National Security Authority (NSM) for incident management.

NSM imposes strict requirements, including on the quality of organization, tools, process, competence, and reporting. PwC has equivalent certifications in other countries, but this is the first time an international consultancy firm is on NSM's list. PwC has cyber teams all over the world that collaborate to help businesses that have been subjected to data breaches. – The threat actors have no national borders, and it is easier to assist Norwegian customers with a base all over the world since we have colleagues in 151 countries, says Jan Henrik Schou Straumsheim

How can we help you?

Incident Readiness
Incident Response Retainer
Post Incident Review

Incident Readiness

The benefits of Incident Readiness are to minimize the financial, reputational, and operational consequences of a data breach. You further develop your existing organization to be able to handle incidents on your own. Decision makers will be better able to understand the threat landscape so that the business can make necessary priorities.

PwC offers a range of services to further develop businesses' ability to detect and handle security-threatening events:

Development of 'playbooks' (action cards): Technical and organizational guidelines and frameworks for different incident scenarios for various roles in the business.
Forensic readiness: We assist you in preparing the necessary data foundation to enable your business to secure evidence.
First Responder training: We work together with the business's existing team to enable them to handle the first 48 hours of a security-threatening event.
Crisis and preparedness exercises: We tailor exercises to ensure that different parts of the business know what to do when a scenario occurs.
Threat modeling and intelligence: We investigate which threat actors and scenarios are most relevant for your business, and use this information to further develop your detection and handling capabilities

Incident Response Retainer

You can access PwC's experts to quickly detect, mitigate, and handle a security-threatening event or data breach. This service includes:

Working meetings to map and understand the business's IT infrastructure and existing frameworks.
Service Level Agreements (SLAs) that ensure assistance when needed.
Round-the-clock manned guard duty Communication portal with PwC's dedicated experts Unused hours in the agreement can be used for other services
Access to PwC's comprehensive Threat Intelligence services to support the business's security work and priorities

Post Incident Review

In the aftermath of an incident, it is crucial to map out which organizational and technical control mechanisms did not function effectively, as well as which factors affected the ability to detect and handle the incident. Businesses gain an understanding of how the incident could happen, and how to prevent it from happening again. You will find out whether existing control mechanisms and measures work effectively.

Root-cause analysis - Understanding what happened: We analyze the business's network and infrastructure, conduct structured interviews with key personnel to document facts about the incident, secure necessary documentation and evidence, and review log and system data to recreate a timeline of the incident's course.
Evaluation of incident handling capability: We evaluate how effective the business is at detecting and handling incidents, from both a management perspective and at a technical level.

Why choose us as your cyber incident response partner?

PwC has the expertise necessary to understand your business from a business, legal and technical point of view.
Our experts have long experience from the country's best environments within incident management, and have been active in handling several extensive cyber incidents.
We cooperate with cyber teams in over 150 countries.