Cyber security crisis management

Supporting organisations to prepare for, respond to and recover from cyber crises.

Why does being “crisis ready” matter?

Leaders need to rethink cyber resilience in the face of today’s increasingly frequent, complex and destructive cyber attacks, and the significant financial, operational and reputational risk that can result.

Eliminating the possibility of a cyber attack isn’t realistic, no matter how advanced your technical capability. Resilience to cyber attacks also means being able to withstand or absorb disruption from a cyber incident when it hits, or to respond quickly to minimise the impacts.

That’s why it’s key to take proactive steps to develop and rehearse your holistic response capability and build the resilience, skills and confidence you need to navigate today’s complex cyber risk.

Attributes of a crisis ready organisation

Number one

Existing and emerging threats and risks are proactively identified, mitigated and monitored

Number two

Critical business services have been articulated and understood, and are used to inform priorities within a crisis response

Number three

The expertise of related resilience disciplines is harnessed to enhance and strengthen the organisation’s ability to respond, recover and emerge stronger from crisis

Number four

Crisis tools and technologies are in place and understood

Number five

Leadership promotes an organisational culture that empowers action and quick decision making during a crisis

Number six

Leadership encourages continuous improvement of its crisis capabilities to address new risks

Number seven

Leaders and crisis responders are trained, rehearsed and exercised regularly

Number eight

In-house crisis capabilities, vulnerabilities, and gaps are understood and addressed

Number nine

Roles and responsibilities exist and are understood

Number ten

Strategic priorities are articulated and used to drive response

Questions to ask yourself

  • Leadership
    Do your leaders know how to set strategy and make decisions amid uncertainty? Do your leaders understand how to build and lead resilient crisis teams?
  • Strategy
    Do you understand the values and strategic priorities that should drive response actions?
  • Preparation
    Have your response teams rehearsed their roles within a response to a cyber attack, including the touchpoints and communication that should exist between them?
  • Planning
    Does your documentation empower your people to adapt to the demands of a crisis, while providing sufficient structure to act as a handrail within a context of chaos and uncertainty?
  • Stakeholders
    Do you understand your stakeholder landscape and their communication requirements?
  • Technical response
    Do your in-house technical teams have the right skills, capability and authority to take action during a cyber crisis? Are they able to translate technical developments into business-focused impacts to support strategic response activities?

How can we help?


  • Gap analysis: assessing your organisation’s end-to-end cyber response framework, governance, controls and procedures
  • Enterprise resilience programme: identifying what is most critical to your organisation (critical business services), and using this to inform planning for disruption
  • Cyber response plans and playbooks: developing scenario-agnostic crisis management plans and scenario-specific playbooks to support technical and leadership teams in navigating the business-wide response to serious cyber crises
  • Cyber crisis exercises: designing and delivering exercises ranging from discussion-based ‘plan walk-throughs’ to immersive multi-team simulation exercises for teams from technical to senior leadership levels
  • Crisis Leadership Centre: equip, encourage and empower leaders to establish strategy, make decisions and build resilient teams during disruption, uncertainty and crisis


Live support to technical responders, senior management, board and executive level teams during crisis:

  • Cyber incident response expertise and investigations
  • Supporting response and recovery teams with experienced crisis managers to coordinate actions and maintain a common situational picture
  • Providing additional resourcing in support of an organisation’s existing teams, processes and tools to facilitate effective crisis management
  • Providing specialist advice on the key considerations and decisions for response, and how to implement the organisation’s values, principles, priorities and strategies for effective and rapid recovery

Understand and recover

Post Incident Review to provide an independent end-to-end evaluation of your organisation’s response to an incident. This may include:

  • Root cause analysis
  • Timelines of activity
  • The scale of impact on data, systems and key business operations during the incident
  • The effectiveness of detection, escalation, investigation, containment, reporting, operational routine, coordination, information management, stakeholder management, leadership, decision making and strategies for recovery

Our team

Our team has extensive experience of managing live crises and supporting strategic decision makers across both the private and public sector. We have crisis management industry specialists as well as communication experts and ex-military, police and intelligence officers.

Our people have been involved in managing a range of crises including large-scale ransomware and data breaches, pandemic, terrorist incidents, product recalls and other reputational issues.

We bring all of this experience to our services, ensuring that we deliver real insight to our clients and support them through some of the most challenging circumstances of their professional careers.


{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}

Contact us

Richard Horne

Richard Horne

Cyber Security Partner and Chairman, PwC United Kingdom

Claudia van den Heuvel

Claudia van den Heuvel

Crisis Management Specialist, PwC United Kingdom

Tel: +44 (0)7525 283080

Bobbie Ramsden-Knowles

Bobbie Ramsden-Knowles

Risk and Resilience Partner, PwC United Kingdom

Tel: +44 (0)7483 422701

Follow us