Digital Operational Resilience Act (DORA)
The Digital Operational Resilience Act (DORA) is a new European framework for effective and all-inclusive management of digital risks in financial markets and applies to more than 22,000 financial entities and ICT service providers within the EU.
Global Digital Trust Insights 2025
In its 27th year, PwC’s Global Digital Trust Insights is the longest-running annual survey on cybersecurity trends. It’s also the largest survey in the cybersecurity industry, reflecting the views of over 4,000 senior security, technology and business executives.
Advances in Cloud technologies and AI come with a down side: the attack surface for bad actors in cybersecurity continues to expand. With the regulatory environment in constant flux, achieving cyber resilience at an enterprise level is essential.
Ransomware: Four issues to prepare for
Ransomware attacks make headlines again and again. Unfortunately, the reality is even grimmer. Most victims never appear in the media because they quietly give in and pay up. The threat is increasing because the hackers' methods are becoming more effective and their ransom demands are getting higher.
More on Ransomware (German)
PwC rated by Forrester as one of Europe’s leading cybersecurity consulting providers
“PwC surpasses its peers with platforms and board-relevant services”
The Forrester Wave™: European Cybersecurity Consulting Providers, Q4 2021
Cybersecurity workshops: How would you respond to a threat?
Experience a cyber threat “live” and up-close together with your team
- Game of Threats
- Virtual Reality Cyber-Experience
Game of Threats
A strategy simulation based on the real world: In this simulation we challenge business leaders and teams to make quick, highly effective decisions and test their readiness in the event of a cyberattack.
Virtual Reality Cyber-Experience
Put your VR glasses on and you’ll find yourself in the middle of a crisis.
Your organisation is under attack and you need to decide what to do – quickly. Step into the role of the CEO, CFO or CISO. Can you cope with the pressure and take the right decision?
We support you to protect your company against digital threats in the best possible way. To ensure the effectiveness of your cybersecurity, our experts evaluate your degree of readiness. We work together with you to create a risk-based plan of action and prepare effective defence measures to make sure your company is armed in the event of a cyberattack.
Cybersecurity is more than just technology and processes. We help our clients to make changes in security behaviours through security awareness. We help your staff to achieve the paradigm shift and make cybersecurity the DNA of all business processes.
Our services
- Information security
- Privacy / Data protection
- Managed security services
- OT/ICS Security
- Technical security
- Business continuity management
- Digital identity
- Cybersecurity workshops
Information security
Information security is an ongoing management process. For sustained, long-term information security, all parts of the company need to contribute – from employees and the information security officer through to management.
Our experts can support you with:
Status analysis of your information security
Security risk analyses to determine level of threats and required protection, as well as a risk-oriented package of measures (in accordance with ISO 27002, BSI baseline protection etc.)
Derivation of measures to secure IT infrastructure in accordance with company-specific needs and the required level of protection
Preparing or adapting security policies
All information processes will be optimally integrated into all parts of the company and business processes.
Certification of security and proper IT processes and ISMS in accordance with ISO 27001 or industry-specific certification such as TISAX.
Contact us:
Georg Beham Peter Kleebauer
Privacy / Data protection
Companies face many challenges related to data protection. With our comprehensive portfolio of services, we support companies to design and implement control mechanisms within existing processes and control systems (e.g. ICS), as well as to implement all-round data protection management systems. In doing so, we refer to standardised control benchmarks and the data protection standards of data protection authorities.
Our experts can support you in the following areas:
strategy, governance and accountability
data processing and rights of the data subject
internal policies and related data protection processes
risk management and compliance
information lifecycle management
crisis management and data protection breaches
risk management in relation to third parties
data security (see also information security)
Contact us:
Georg Beham Peter Kleebauer
Managed security services
Through the digitalisation of business processes, IT environments are becoming more complex. In parallel with increasing digitalisation, the risk of cyberattacks is growing, which increases the level of security required. In this way, companies are confronted with an increasing HR workload (building and increasing know-how), infrastructure and technical measures (protection measures, log management etc.), as well as security operation processes (false positive triage and incident response).
As a partner who understands technology and business, PwC provides managed security services (MSS) to companies, helping them to improve IT security and cut costs. Our clients profit from the international, multi-industry expertise of around 350 cyber experts within the PwC network in six European countries (Austria, Belgium, Germany, the Netherlands, Switzerland, Turkey).
Contact us:
Georg Beham Philipp Mattes-Draxler
OT/ICS Security
OT security is essential to protect critical infrastructures and industrial processes from cyberattacks. Targeted implementation of OT security measures ensures the availability and integrity of OT systems and minimizes financial losses, production downtime and potential risks to people and the environment.
Our PwC OT security team supports you in the following areas, for example
- Implementation of OT security hygiene assessments to determine your OT security maturity and derive an OT security roadmap
- Establishment and operation of an OT Security Operation Center
- Development of customized OT security guidelines and processes based on international standards such as IEC 62443-2-1
- Conducting threat and risk analyses for your OT environment to identify vulnerabilities and threats
- Derivation of measures to secure your OT environment in accordance with company-specific requirement profiles and protection needs.
- Development of a robust and secure OT network architecture in accordance with international standards and good practices such as IEC 62443 and NIST 800-82.
- Support with the selection. Implementation and operation of OT security solutions to detect anomalies and threats in your production facilities.
- Support in the design, implementation and operation of risk-based vulnerability management for your OT systems
- Support for your company in the event of security incidents
Contact:
Technical security
PwC supports you during the entire lifecycle from early recognition and resolution of IT security threats to checks of applications and IT systems for vulnerabilities.
Are your systems and applications sufficiently protected against attacks (penetration testing / red team testing)?
Were threats considered and risks minimised when developing/introducing new IT systems (threat analysis / secure architecture / secure coding)?
Are your employees aware of the current threat level, and do they recognise threats early and report them via the appropriate channels (security awareness training / simulation phishing / social engineering)?
Has a simulation of a realistic attack been carried out to check your processes, staff, and protection measures (red team testing)?
We would be glad to support you to select the required services and prepare an individual proposal for you.
Contact us:
Georg Beham Markus Sojer
Business continuity management
Maintaining or restoring critical business activities after an incident is of major importance for the resilience of a company. Significant disruptions of operations caused by major incidents or outages frequently cause financial and reputational damage. With an effective business continuity management (BCM) system, you can restore important services in a timely manner and avoid lasting damage.
BCM systems need to be based on organisational strategies, structures, and priorities, but should also be sustainable and adjust to changes. Our business continuity specialists help companies to establish a reliable and efficient BCM programme. In this way, BCM becomes an integral part of your company.
Contact us:
Georg Beham
Michael Pummer
Digital identity
Digital identities are core components of digital services, which represent important information about individuals, data and devices. PwC supports you during the entire lifecycle from planning through to the implementation of Identity and Access Management (IAM) and Privileged Access Management (PAM) solutions.
Our experts can support you in the following tasks:
survey and analysis of the current situation
design and planning of IAM/PAM strategies
preparing of policies and controls
preparation and verification of role and authorisation concepts
advice on the selection of software providers and services
implementation and go-live of IAM/PAM solutions
identification of rights and roles within the company
implementation of network scans to recognise vulnerabilities and anomalies in relation to privileged accounts
- quality assurance for IAM/PAM programmes
Contact us:
Georg Beham Florian Brunner
Cybersecurity workshops
How would you respond to a threat? Our experts offer you the opportunity to experience a cyber threat “live” and up-close together with your team.
Cybersecurity workshops:
Phishing simulation
Game of Threats
Virtual reality cyber experience
Contact us
