Cybersecurity – Strategy and Transformation

Position your organisation for success with a business-aligned and holistic cybersecurity programme

Cybersecurity for a secure business environment

Cybersecurity in a digitalised world is more important than ever. It is fundamental to build both trust and confidence in your digital business and platform. Protect your investments and grow your business, while staying secure and compliant. Harness yourself against modern challenges.

Swiss ICT minimum standard for protection against cyber risks

The Federal Office for National Economic Supply (FONES) has published the ICT minimum standard for the protection against cyber risks. This catalogue specifies cybersecurity standards that protect information and communication technology (ICT) systems and data from unintended or unauthorised access, or from damage or destruction.

 

READ MORE IN OUR BLOG

Strategise and align

Security is simply a resource allocation decision based on risk, but in order to communicate the value of your security programme and position yourself and your security organisation for success, you must be able to strategise and align with business needs.

Wolfgang Schurr

With our outstanding team of security professionals and advisors, we can support you in assessing your current security programme maturity and accompany you on your security transformation journey.

Wolfgang Schurr, Partner and Leader Cybersecurity and Privacy, PwC Switzerland

How do we do it?

To start your cybersecurity transformation, we get a holistic, independent overview of your cybersecurity programme, your programme’s policies, practices and governance.

PwC’s Cybersecurity framework is a comprehensive and flexible approach for the development, delivery, communication and maintenance of an enterprise-wide cybersecurity programme. It is based on a proven combination of industry standards such as ISO, NIST, as well as PwC’s own real-world experience.

01

Understand

Understand the strategy and guiding principles of your global cybersecurity programme, your business-critical systems and data («Crown Jewels»), the potential impact of a compromise and the relevant threats and risks against these assets.

02

Assess

Assess your present and future cybersecurity readiness, based on your threat environment. Define a risk-informed target state and perform a gap analysis of the actual and the recommended target state.

03

Recommend

Assist in the development of your high-level roadmap and resource requirements to increase cybersecurity programme maturity as a part of assessment reporting.

What to assess

PwC’s Cybersecurity assessment framework allows you to customise the assessment of your security programme. It is either based on an analysis of your programme governance and processes or evidence-based. Cybersecurity Risk Maturity Assessments and Cybersecurity Technical Maturity Assessments analyse your programme across people, processes and technology, using the PwC Cybersecurity framework as a reference.
 
  • Cybersecurity Risk Maturity Assessment
    While we use industry recommendations and standards to compare your maturity against a proposed target state, we help you to benchmark against peers of your market and size. We conduct interviews and workshop-based assessments of your current capability maturity levels, analyse your risk management processes and capabilities, and assess your existing cybersecurity governance framework. PwC’s assessment framework can also analyse your resilience by looking ahead, comparing existing capabilities against a changing business strategy of your organisation and a changing threat landscape.
  • Cybersecurity Technical Maturity Assessment
    Test your systems in real-world conditions with an evidence-based assessment (ethical hacking) to evaluate your resilience to threats. The technical assessment typically includes reconnaissance using Open Source Intelligence (OSINT) data gathering, a tailored social engineering attack (e.g. a phishing attack including malware that breaches your internal network) and Red Teaming activities on your internal network based on a predefined scenario (e.g. trying to connect to our command and control server, performing a network scan, escalating privileges to get domain administrator credentials, attempting to exfiltrate attempting to exfiltrate data, etc.)

What you get

  • An assessment of the current capability maturity levels and the opportunity to leverage our institutional knowledge and relationships 
  • Documented cybersecurity capability gaps and their impact on your organisation
  • Documented recommendations to address these identified security gaps 
  • Recommendations based on assessment results to increase your maturity in support of a global information security programme
  • Transformation assistance in developing a list of actionable cybersecurity initiatives 
  • A high-level roadmap and prioritisation in planning of the required transformation initiatives and required resources

Start your own cybersecurity transformation programme

Leave your email address and we’ll contact you.

This form is protected by reCAPTCHA. Read more about its Privacy Policy and Terms and Conditions.

check
Thank you, we'll get back to you shortly.

Your cybersecurity experts

Wolfgang Schurr
Wolfgang SchurrPartner and Leader Cybersecurity and Privacy, PwC Switzerland
Urs Küderli
Urs KüderliLeader Cybersecurity Strategy and Transformation, PwC Switzerland