The Digital Operational Resilience Act (DORA) is a new European framework for effective and all-inclusive management of digital risks in financial markets and applies to more than 22,000 financial entities and ICT service providers within the EU.
In its 26th year, PwC’s Global Digital Trust Insights is the longest-running annual survey on cybersecurity trends. It’s also the largest survey in the cybersecurity industry, reflecting the views of over 3,800 senior security, technology and business executives.
The reinvention and innovation that businesses are doing today connect more digital experiences using the latest tech tools. Cybersecurity should be right there at the epicentre, hence the theme of our 2024 survey. We have a C-suite playbook for those who dare to break cyber-as-usual.
Ransomware attacks make headlines again and again. Unfortunately, the reality is even grimmer. Most victims never appear in the media because they quietly give in and pay up. The threat is increasing because the hackers' methods are becoming more effective and their ransom demands are getting higher.
More on Ransomware (German)
“PwC surpasses its peers with platforms and board-relevant services”
The Forrester Wave™: European Cybersecurity Consulting Providers, Q4 2021
Experience a cyber threat “live” and up-close together with your team
A strategy simulation based on the real world: In this simulation we challenge business leaders and teams to make quick, highly effective decisions and test their readiness in the event of a cyberattack.
Put your VR glasses on and you’ll find yourself in the middle of a crisis.
Your organisation is under attack and you need to decide what to do – quickly. Step into the role of the CEO, CFO or CISO. Can you cope with the pressure and take the right decision?
We support you to protect your company against digital threats in the best possible way. To ensure the effectiveness of your cybersecurity, our experts evaluate your degree of readiness. We work together with you to create a risk-based plan of action and prepare effective defence measures to make sure your company is armed in the event of a cyberattack.
Cybersecurity is more than just technology and processes. We help our clients to make changes in security behaviours through security awareness. We help your staff to achieve the paradigm shift and make cybersecurity the DNA of all business processes.
Information security is an ongoing management process. For sustained, long-term information security, all parts of the company need to contribute – from employees and the information security officer through to management.
Our experts can support you with:
Status analysis of your information security
Security risk analyses to determine level of threats and required protection, as well as a risk-oriented package of measures (in accordance with ISO 27002, BSI baseline protection etc.)
Derivation of measures to secure IT infrastructure in accordance with company-specific needs and the required level of protection
Preparing or adapting security policies
All information processes will be optimally integrated into all parts of the company and business processes.
Certification of security and proper IT processes and ISMS in accordance with ISO 27001 or industry-specific certification such as TISAX.
Contact us:
Georg Beham Peter Kleebauer
Companies face many challenges related to data protection. With our comprehensive portfolio of services, we support companies to design and implement control mechanisms within existing processes and control systems (e.g. ICS), as well as to implement all-round data protection management systems. In doing so, we refer to standardised control benchmarks and the data protection standards of data protection authorities.
Our experts can support you in the following areas:
strategy, governance and accountability
data processing and rights of the data subject
internal policies and related data protection processes
risk management and compliance
information lifecycle management
crisis management and data protection breaches
risk management in relation to third parties
data security (see also information security)
Contact us:
Georg Beham Peter Kleebauer
Through the digitalisation of business processes, IT environments are becoming more complex. In parallel with increasing digitalisation, the risk of cyberattacks is growing, which increases the level of security required. In this way, companies are confronted with an increasing HR workload (building and increasing know-how), infrastructure and technical measures (protection measures, log management etc.), as well as security operation processes (false positive triage and incident response).
As a partner who understands technology and business, PwC provides managed security services (MSS) to companies, helping them to improve IT security and cut costs. Our clients profit from the international, multi-industry expertise of around 350 cyber experts within the PwC network in six European countries (Austria, Belgium, Germany, the Netherlands, Switzerland, Turkey).
Contact us:
Georg Beham Philipp Mattes-Draxler
OT security is essential to protect critical infrastructures and industrial processes from cyberattacks. Targeted implementation of OT security measures ensures the availability and integrity of OT systems and minimizes financial losses, production downtime and potential risks to people and the environment.
Our PwC OT security team supports you in the following areas, for example
Contact:
PwC supports you during the entire lifecycle from early recognition and resolution of IT security threats to checks of applications and IT systems for vulnerabilities.
Are your systems and applications sufficiently protected against attacks (penetration testing / red team testing)?
Were threats considered and risks minimised when developing/introducing new IT systems (threat analysis / secure architecture / secure coding)?
Are your employees aware of the current threat level, and do they recognise threats early and report them via the appropriate channels (security awareness training / simulation phishing / social engineering)?
Has a simulation of a realistic attack been carried out to check your processes, staff, and protection measures (red team testing)?
We would be glad to support you to select the required services and prepare an individual proposal for you.
Contact us:
Georg Beham Markus Sojer
Maintaining or restoring critical business activities after an incident is of major importance for the resilience of a company. Significant disruptions of operations caused by major incidents or outages frequently cause financial and reputational damage. With an effective business continuity management (BCM) system, you can restore important services in a timely manner and avoid lasting damage.
BCM systems need to be based on organisational strategies, structures, and priorities, but should also be sustainable and adjust to changes. Our business continuity specialists help companies to establish a reliable and efficient BCM programme. In this way, BCM becomes an integral part of your company.
Contact us:
Georg Beham
Michael Pummer
Digital identities are core components of digital services, which represent important information about individuals, data and devices. PwC supports you during the entire lifecycle from planning through to the implementation of Identity and Access Management (IAM) and Privileged Access Management (PAM) solutions.
Our experts can support you in the following tasks:
survey and analysis of the current situation
design and planning of IAM/PAM strategies
preparing of policies and controls
preparation and verification of role and authorisation concepts
advice on the selection of software providers and services
implementation and go-live of IAM/PAM solutions
identification of rights and roles within the company
implementation of network scans to recognise vulnerabilities and anomalies in relation to privileged accounts
Contact us:
Georg Beham Florian Brunner
How would you respond to a threat? Our experts offer you the opportunity to experience a cyber threat “live” and up-close together with your team.
Cybersecurity workshops:
Phishing simulation
Game of Threats
Virtual reality cyber experience