Cyber incident response

Cyber security incidents are becoming the new norm: what should you be doing to prepare and respond?

Why now is the time to take action

Cyber security incidents have become inevitable; the result of our increasingly interconnected and technology-enabled world. As the increasing frequency of high-profile breaches shows, no organisation is immune. It's important you're prepared and able to respond effectively - whatever your industry, location or organisation size.

What questions should you be asking?

Many people and departments have a role to play in ensuring that your organisation is able to effectively respond to cyber security incidents. This includes board level stakeholders such as the CEO, CIO, and CTO; key IT leaders such as the head of IT, head of IT security, and head of IT operations; and others such as legal, internal audit, and risk.

  • How do you know your organisation is not currently compromised?
  • Are you prepared to respond to a cyber security incident?
  • Do you have plans in place to respond to, and recover from, the most likely scenarios?
  • Have you exercised your response to a security incident, including at executive committee and board level?
  • Do you know which regulators need to know what information and when?
  • What would your worst case cyber security incident look like?
  • Is your board equipped with the expertise needed?
  • Do you know who to call should the inevitable happen?

If the answer to any of these is “no”,  we can work with your organisation to help.

How can we help you prepare for cyber security incidents?

As one of the few firms providing comprehensive end-to-end incident response services globally, our market-leading cyber incident response practice is well positioned to advise organisations who are preparing for, responding to and learning from cyber security incidents in order to minimise business impact and residual risk.

When responding to incidents, we bring business experience alongside cutting edge technology and security advice.

We help organisations rapidly resolve technical aspects of breaches, but distinguish ourselves from the competition by guiding them through the wider business risk, legal, regulatory and reputational challenges.

Why choose us as your cyber incident response partner

We can provide rapid and on-demand access to a pool of highly skilled and experienced incident response professionals to help you when your cyber security is breached, as well as a range of other services designed to support organisations in a crisis.

Our incident response professionals respond to incidents day in, day out and are well-versed in ensuring that a challenging situation doesn’t become a crisis.

Our depth of experience, wide range of skill sets, and business experience sets us apart from the competition.

We can help your company regain confidence in your security after an incident.

The only Big 4 firm certified by the UK National Cyber Security Centre to respond to sophisticated, targeted cyber attacks against networks of national significance.

Certified by the US National Security Agency to deliver Cyber Incident Response services to National Security Systems operators.

Certified by CREST, the industry body for technical cyber security, to deliver cyber incident response services.

“PwC very clearly outlines not only its incident triage and escalation processes, but also its customer journey for incident readiness to help customers prepare for crisis”

The Forrester Wave™: Digital Forensics and Incident Response service providers, Q3 2017

How have we helped clients?

Our market-leading cyber incident response team is ready to respond to everything from a simple breach to large-scale advanced and persistent attacks. We've successfully provided this expertise to our clients, founding lasting relationships based on trust as a result of helping them at challenging times.

Recent examples include:

  • Helping a major legal firm get back up and running after a global attack crashed all the computers on their network, sending employees home and grinding their business to a halt.
  • Kicking out hackers backed by nation-states
  • Responding to a malicious insider abusing their trusted and privileged access to steal intellectual property.

If you've got a query about an incident response issue you're facing, please submit it here:

By submitting your information you confirm that you have read our privacy statement . We may, from time to time, send you material relevant to your interests. If you change your mind at any time about wishing to receive material from us, you can click on the unsubscribe link in the relevant email received from us or send an e-mail to

Kris McConkey

Threat Detection & Response - Lead Partner