Managing cyber security risk: An operating model that’s fit for the future

A building society approached PwC for help because it was struggling to understand its cyber security risk and how information security in general should be managed. After two failed attempts to tackle the issue internally, the society’s board and risk committees decided they needed to resolve the issue once and for all.

In particular, the society asked PwC to help it produce a gap analysis against a recognised industry standard, bench marked against industry peers, so it could assess the state of its systems and processes and the extent of its cyber security risk. It would also need help in designing and implementing a new information security target operating model and project plan that would build controls aligned to ISO 27001:2013. To aid this process, the society asked that a Chief Information Security Officer be seconded into the organisation to oversee the project temporarily. PwC would then carry out an independent review a year to 18 months into the programme.

How did we add value? How did we get the client ready for change?

PwC had previously worked with the society, so it was able to build on its previous knowledge to deliver outstanding results on this project, using a multi-disciplinary team from the regional Cyber Practices. The strength of the skills of its team, coupled with its understanding of the values that are important to the society, created a strong working relationship.

How did we help the client stand out for the right reasons?

The society was been extremely pleased with PwC’s work, which will leave it in a far stronger position than at the beginning of the project. An incoming Chief Information Security Officer has now taken charge, and thanks to the level of trust and respect formed, PwC will continue to work with the society in the future.

Contact us

David Roper

Midlands Financial Services Leader, PwC United Kingdom

Tel: +44 (0) 121 265 5428

Follow us