Rapid risk reduction

Find, fix, tune, and validate: a new approach to purple teaming that rapidly reduces cyber risk

The scale of the cyber security threat facing organisations is becoming increasingly clear, with more and more organisations falling vulnerable to cyber attacks. To add to this pressure, IT and security teams are finding it extremely difficult to implement quick and sustainable improvements needed to defend against these persistent cyber threats and meet strict compliance requirements due to:

  • lengthy, technical reports listing vulnerabilities which aren’t understood and therefore not correctly prioritised or implemented,

  • an often understaffed security team unable to free up resources to assist in the timely remediation of issues, or

  • relying on untested or underperforming protection, detection and response capabilities that aren't able to limit the impact of an incident.

What is rapid risk reduction?

Our rapid risk reduction service provides an enhanced approach to purple teaming, with proven benefits over traditional approaches by combining red team, blue team and technical project management expertise to find and fix security vulnerabilities as soon as they are identified. Our approach iteratively improves protection, detection and response capabilities, and validates all improvement activities, providing assurance to stakeholders that cyber risks have been remediated effectively:

Our approach is underpinned by the MITRE ATT&CK framework to provide structure and align to the real world threat, and Agile methodologies to deliver rapid and flexible progress

Our regular progress reporting clearly demonstrates verified benefits; namely increasing 'cost to an attacker' and reduction of cyber risk across the environment. This reporting is tailored to both technical frontline staff, and senior executives, stakeholders, and regulators.

Key benefits 

Rapid risk reduction delivers rapid short term cyber risk reduction by verifiably remediating security weaknesses as soon as they are identified, and improving the effectiveness of security technology, across a series of Agile sprints.

  • Get a threat focused understanding of your cyber security posture - We allow your organisation to move away from arbitrary maturity levels, and instead measure and report on the cost to an attacker of compromising your environment. Reporting on the cost to an attacker provides an effective way to demonstrate progress, educate stakeholders on the threat and the organisation’s exposure to this, and provide an alternative and pragmatic means to set risk appetite.
  • Tune existing security capabilities - We help organisations to maximise the value of existing from existing security tools and technologies by evaluating their performance at protecting and detecting cyber attacks, tuning configurations, and engineering additional detection content.
  • Remediate security weaknesses as soon as they are identified - Security architects and technical project managers work with your BAU teams and IT service providers to rapidly remediate security weaknesses, across a series of Agile sprints.
  • Validate new fixes and remain resilient to new threats - Our approach to Rapid Risk Reduction includes the retesting and iterative refinement of technical controls to increase the cost to an attacker and decrease cyber risk across the kill chain. Attack simulations are performed with increasing levels of stealth and sophistication, ensuring defensive capabilities are tuned to the environment and optimised.
  • Identify the root causes of recurring security issues - We also work to identify the root causes of recurring issues (e.g., insecure Active Directory configuration, lack of network segregation, lack of endpoint visibility) which require a longer term remediation plan. We ensure that these are integrated with, or reprioritised in, strategic programmes.

Why choose PwC? 

  • We have an in depth and hands on understanding of attacker tools and techniques, gained by our years simulating, tracking and responding to intrusions around the world. This allows us to develop our own tools and stay ahead of the curve.
  • Our technical subject matter experts are recognised by leading industry accreditations, demonstrating our ability to deliver controlled, bespoke, and intelligence led simulated attack and red team exercises, and respond to serious incidents on networks of national significance.
    • Our incident responders are members of the National Cyber Security Centre’s Cyber Incident Response scheme, accredited to respond to serious incidents on networks of national significance.
    • Our threat intelligence and red teams are members of CREST’s Simulated Targeted Attack & Response (STAR) and the Bank of England’s CBEST schemes. This demonstrates our proven experience and ability to deliver controlled, bespoke, and intelligence led simulated attack and red team exercises.
  • As well as a depth of technical knowledge, our assurance and advisory heritage means we understand the business, legal and regulatory context underpinning your operations. This gives us a clear understanding of cyber risk, its business impact, and the regulatory perspective, all of which helps us drive clear and rapid cyber risk reduction.
  • We are supported by our industry-specialist cyber security advisory teams, allowing us to rapidly deploy skilled and specialist resources from a huge range of technical and industry competencies. This includes over 1,000 professionals across Europe, and 3,400+ around the world.


{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
Follow us

Required fields are marked with an asterisk(*)

By submitting your information, you acknowledge that we may send you material relevant to your interests.
Please see our privacy statement for details of why and how we use personal data and your rights (including your right to object and to stop receiving marketing communications from us). To stop receiving marketing communications from us, click on the unsubscribe link in the relevant email received from us or send an email to unsubscribe@uk.pwc.com.

Contact us

Gabriel Currie

Gabriel Currie

Cyber Threat Advisory - Senior Manager, PwC United Kingdom

Tel: +44 (0)7802 658893

Will Oram

Will Oram

Cyber Threat Advisory - Senior Manager, PwC United Kingdom

Tel: +44 (0)7730 599262