Cyber incident response and recovery

Do you have the resources to anticipate cyber-threats and drop everything when they strike?

In an increasingly interconnected and technology-enabled world, it’s no longer a question of whether you’ll experience a cybersecurity incident, but when. Recent high-profile breaches show that you can get hit by an attack when you least expect it. It’s crucial to be prepared and able to respond effectively − whatever your industry, location or organisation size.

Contact us

We make it easy for you to make life difficult for hackers.

Are you prepared? 

With data protection regulations punishing failures to promptly respond to breaches, cyber-insurers demanding proof of adequate preparedness, and plenty of evidence showing that responses often fail because of a lack of expertise and planning, the time to act is now. You might want to ask yourself some questions:

  • Are you ready to respond to a cybersecurity incident?
  • Do you have plans to respond to and recover from the most likely scenarios?
  • Have you rehearsed your response to a security incident at all levels, including executive and board level?
  • Have you imagined your worst-case cybersecurity incident?
  • Does your board have the necessary expertise?
  • Do you have experts on call and ready to respond to an incident?
  • Would you be able to contain and limit the impact of a breach?

If the answer to any of these is ‘no’, we can work with your organisation to help.


51% of Swiss executives expect a surge in reportable ransomware incidents in 2023.

Source: PwC, 2023 Global Digital Trust Insights

Only 40% say they thoroughly understand their third-party cyber and privacy risks.

Source: PwC, 2022 Global Digital Trust Insights

What is cyber incident response?

Cyber incident response is the reaction and associated measures to an IT security incident. In order for your company to be able to act directly in an acute case, you need an incident response readiness. It prepares you for a cyber emergency and helps you to react faster and more effectively in such case.

The benefits of a systematic cyber incident response and recovery plan

Rapid response

With a clearly defined response framework and governance in place, clear ownership, an agreed decisionmaking and escalation pathway, you’re able to respond rapidly when required.

Integrated response

With a plan covering both the business and technical aspects of response of recovery and drawing on broad capabilities from across the organisation, you can be sure of having the right people involved from the word go.

Increased readiness

Your people, processes and tools are well rehearsed and ready to respond. It’s like building ‘muscle memory’ that can be triggered immediately in the event of a breach.

Emerging stronger

Your operational resilience is better because business as usual can be quickly restored – and you’re able to identify and address the lessons learned to help prevent a repeat of the incident.

How we help you prepare, respond and recover

Our incident response and recovery team has a broad range of capabilities to be able to provide support across the prepare, respond and recover phases of a cyber crisis or incident.

Incident Response Retainer

When the incident occurs, it is too late for negotiations. After all, onboarding an incident response team without an existing retainer takes valuable time in an emergency. That's why we offer you an Incident Response Retainer with competitive fees and contractually defined response times in advance. You get access to a professional team of experts who already know your IT landscape and are involved in your action plans. This allows us to respond more effectively and help you rebuild your systems.

Our services:

  • Workshops in which our IT experts get to know your IT landscape, identify vulnerabilities, and are integrated into existing emergency protocols.
  • 24/7 on-call service.
  • Unused contingent of agreed hours can be allocated to other incident response services.
  • Support both remotely and on-site.

Incident Response Readiness

We help your company prepare for a cyber attack in order to control and limit damage in the event of an incidence.

Our services:

  • Develop technical and management guidelines for the crisis with action plans for different incident types, assigned roles, and defined workflows.
  • In our first responder trainings, we prepare your IT staff to make critical decisions in the first 48 hours to contain the incident and secure critical information.
  • We help you develop your crisis management plan and develop incident response guidelines to minimise the impact on ongoing business.
  • In crisis simulations, we check whether the relevant employees at all hierarchical levels are capable of putting the elaborated plans and guidelines into practice.
  • We ensure your forensic readiness. This means that the appropriate data is available to investigate an incident thoroughly and define a containment strategy.


Post Incident Review

We support you in the aftermath of a cyber attack – from identification of the security breach to evaluation of the incident response activities to stakeholder communication and possible disputes regarding your cyber insurance.

Our services:

  • With a root cause analysis, we investigate how the incident occurred. We examine the IT infrastructure and conduct interviews with the IT stakeholders.
  • In the incident response and management review, we help you understand whether the incident was responded to appropriately from an IT and management perspective.
  • In the "lessons learned" phase, we support you in gaining deep understanding of the incident and adapting your security concepts.
  • We advise you on legal issues and support you in the event of claims for damages from your insurance company.

Prepare for upcoming cyber threats

We have a broad range of flexible solutions, including entire packages, to help you plan and prepare for cybersecurity incidents. Feel free to call us to discuss the best way forward for you.

Contact us

Johannes Dohren

Johannes Dohren

Partner, Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 22 20

Urs Küderli

Urs Küderli

Partner and Leader Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 42 21

Yan Borboën

Yan Borboën

Partner, Leader Digital Assurance and Cybersecurity & Privacy, PwC Switzerland

Tel: +41 58 792 84 59