Skip to content Skip to footer



Loading Results

Cyber incident response and recovery

Do you have the resources to anticipate cyber-threats and drop everything when they strike?

In an increasingly interconnected and technology-enabled world, it’s no longer a question of whether you’ll experience a cybersecurity incident, but when. Recent high-profile breaches show that you can get hit by an attack when you least expect it. It’s crucial to be prepared and able to respond effectively − whatever your industry, location or organisation size.

Contact us

We make it easy for you to make life difficult for hackers.

Are you prepared? 

With data protection regulations punishing failures to promptly respond to breaches, cyber-insurers demanding proof of adequate preparedness, and plenty of evidence showing that responses often fail because of a lack of expertise and planning, the time to act is now. You might want to ask yourself some questions:

  • Are you ready to respond to a cybersecurity incident?
  • Do you have plans to respond to and recover from the most likely scenarios?
  • Have you rehearsed your response to a security incident at all levels, including executive and board level?
  • Have you imagined your worst-case cybersecurity incident?
  • Does your board have the necessary expertise?
  • Do you have experts on call and ready to respond to an incident?
  • Would you be able to contain and limit the impact of a breach?

If the answer to any of these is ‘no’, we can work with your organisation to help.


61% of Swiss executives expect a surge in reportable ransomware incidents in 2022.

Source: PwC, 2022 Global Digital Trust Insights

Only 40% say they thoroughly understand their third-party cyber and privacy risks.

Source: PwC, 2022 Global Digital Trust Insights

The benefits of a systematic cyber incident response and recovery plan

Rapid response

With a clearly defined response framework and governance in place, clear ownership, an agreed decisionmaking and escalation pathway, you’re able to respond rapidly when required.

Integrated response

With a plan covering both the business and technical aspects of response of recovery and drawing on broad capabilities from across the organisation, you can be sure of having the right people involved from the word go.

Increased readiness

Your people, processes and tools are well rehearsed and ready to respond. It’s like building ‘muscle memory’ that can be triggered immediately in the event of a breach.


Emerging stronger

Your operational resilience is better because business as usual can be quickly restored – and you’re able to identify and address the lessons learned to help prevent a repeat of the incident.


How we help you prepare, respond and recover

Our incident response and recovery team has a broad range of capabilities to be able to provide support across the prepare, respond and recover phases of a cyber crisis or incident.

Ensuring you are prepared to respond and recover from cyber incidents and crises

  • We help you to assess gaps in your current capabilities, identify the key threat scenarios and create a concrete response, including the relevant procedures and technologies. 
  • We can also define response frameworks and help you draw up business continuity plans to enable you to keep going through a cyber-attack. 
  • We make sure you have access to the right data and technology to investigate incidents. 
  • And we can ensure that people at all the relevant levels of your organisation are trained and coached and have rehearsed their roles in an incident.



Provide expert cyber response capability

We can: 

  • Give you on-demand access to a technical response team to rapidly assess, contain and remediate the incident and manage your broader response, as well as making sure you have appropriate response structures to coordinate decisionmaking.
  • Develop a communication strategy to inform and engage all the relevant stakeholders, and provide a project management office for the duration of the incident.
  • Investigate the scope of malicious activity and its impact on the business, as well as deploying security tools to monitor for attacker activity.
  • Proactively seek evidence of root cause compromise.


Helping to recover and restore business as usual operations, understand root cause and address lessons learned

  • We can help you do a post-incident review to find out the root causes, identify lessons learned, and realign strategic programmes to make sure these things are addressed,
  • We can help you build security capabilities by planning and delivering strategy and transformation programmes, as well as planning the rebuild and recovery of the systems, applications and processes affected by the crisis
  • To remove attacker access to your environment we can plan and execute a remediation events, and take action to close off attack paths.
  • We can quickly enhance your detection and response capabilities to bridge the gap until the relevant improvements have been completed.


Prepare for upcoming cyber threats

We have a broad range of flexible solutions, including entire packages, to help you plan and prepare for cybersecurity incidents. Feel free to call us to discuss the best way forward for you.

Contact us

Urs Küderli

Urs Küderli

Partner and Leader Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 42 21

Yan Borboën

Yan Borboën

Partner Digital Assurance and Cybersecurity & Privacy, PwC Switzerland

Tel: +41 58 792 84 59

Johannes Dohren

Johannes Dohren

Partner, Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 22 20

Naveen Shanmugasundaram

Naveen Shanmugasundaram

Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 24 92