Skip to content Skip to footer

Loading Results

Cybersecurity and Privacy

Balance security, privacy and opportunity to move boldly forward

We don’t just protect business value, we create it — using cybersecurity and privacy as a tool to build trust in a digital, data-driven world

As companies pivot toward a digital business model, exponentially more data is generated and shared among organizations, partners and customers. This digital information has become the lifeblood of today’s interconnected business ecosystem and is increasingly valuable to organizations—and to skilled threat actors. Business digitization also has exposed companies to new digital vulnerabilities, making effective cybersecurity and privacy more important than ever. PwC can help you take a broader view of cybersecurity and privacy as both protectors and enablers of the business.

PwC’s global team can help you see the big picture

We provide a unique client experience in following ways:

  • Deep sector knowledge of business, technical and regulatory issues to help you build a cybersecurity and privacy program that will enable your business strategy.
  • Strategy through execution with 20+ years of experience helping clients strategically assess, design, implement and operate their cybersecurity and privacy program.
  • Global thought leadership to help you address emerging trends through our 3300+ practitioners, 60+ labs and operations centres, and domain experts from our global impact centre.
  • Strong vendor alliances with leading cybersecurity and privacy vendors. We bring proven accelerators to help you maximize return on your cybersecurity and privacy technology spend.
  • Broad perspective by bringing you a multidisciplinary team of specialists such as digital, people and organization, business resilience, forensics, financial crime and human-centric design.
  • Business outcome focused mindset on every engagement to help you deliver on your strategic objectives whether it be digital enablement, risk management, agility or others. 

PwC professionals can help companies in the following critical areas:

Security management

Security management involves the general security activities and concerns of an organization. This includes all projects and activities that surround the personnel responsible for security at the policy and general management levels.

Case: IT-services and IT-infrastructure of the Company evolve and IT security risks arise accordingly. The Company implements a new Information Security management system and must evaluate its effectiveness and efficiency in satisfying the established security requirements.

Our services include:

  • Knowledge management;
  • Personnel management;
  • Portfolio management;
  • Enterprise security feedback;
  • Third-party management;
  • Risk management;
  • Communication.

Resultminimized actual IS risks relevant for the Company and established effective IS management system.

View more

Security awareness and education

The PwC’s security awareness and education team is dedicated to increasing company-wide awareness of the importance of corporate security and educating entire organizations—at every level—about how they can securely maintain the company’s information and physical assets.

Case: Companies now recognize that the main reason for Information Security incident is a “human factor”. Contemporary as well as familiar instruments need profound knowledge and wealth of experience to avoid such incidents.

Our services include:

  • Awareness programs and procedures;
  • Educational programs around certifications and qualifications;
  • Communication strategies.

Resultmitigated risks of ”human factor” incidents and improved management of Information Security.

View more

Threat and vulnerability management

PwC’s threat and vulnerability management practice is dedicated to the critical task of protecting the enterprise. The activities in this area range from traditional firewall and host security mechanisms to dealing with the increased security risks that are an outgrowth of ever-expanding network infrastructures.

Case: The Company is unaware of that an attack on critical company resources is in-progress or has already occurred.

Our services include:

  • Intrusion monitoring;
  • Malicious program detection;
  • Security information management;
  • Threat management;
  • Vulnerability management;
  • Incident response;
  • Asset management;

Resultdecreased risk of serious Information Security incidents and improved control over and security of critical information resources.

View more

Information security architecture

Information security architecture describes all aspects of the system that relate to security, including the set of underlying principles that guide the design.

Case: The existence of anti-virus software and corporate network firewalls in the Company’s IT environment does not address all the risks of Information Security.

Our services include:

  • Enterprise requirements analysis and prioritization;
  • IT security reference architecture;
  • Common security services infrastructure;
  • Security implementation methodology or software development lifecycle (SDLC) and code review.

Resultreduced risks of Information Security relevant for the company IT infrastructure and comprehensive management of Information Security risks.

View more

Regulatory and policy compliance

PricewaterhouseCoopers’ regulatory and policy compliance practice helps companies address the laws, regulations, and internal policies with which they must comply including the following:

  • the requirements of legislative and regulatory documents;
  • international standards;
  • internal regulations of the company.

Key laws and regulations that companies need to know and follow include:

  • FZ 152 on personal data;
  • General Data Protection Regulation (GDPR);
  • FZ 161 on national payment system;
  • Bank of Russia information security regulations for financial institutions (382-P, 683-P, 684-P, 719-P, 747-P), as well as the Standards and Recommendations of the Central Bank of the Russian Federation;
  • National standard GOST R 57580.1-2017 “Security of financial (banking) transactions. Protection of information of financial institutions. Basic composition of organizational and technical measures”;
  • Series of international standards ISO 270XX and NIST;
  • Health Information Portability and Accountability Act (HIPAA);
  • Sarbanes-Oxley.

Case: The Company requires an external assessment of its Information Security maturity level and compliance status for their business partners

Our services include:

  • Compliance assessment with regulatory requirements, including the requirements of the Bank of Russia;
  • Development of internal information security regulations and standards;
  • Verification of compliance with the requirements of internal regulations and standards;
  • SWIFT Customer Security Programme.


  • Confidence in compliance with requirements and regulations.
  • Readiness for regulators inspections on information security.
  • Readiness to carry out the necessary certifications, considering business goals and objectives.
  • Confidence of management in an efficiently built information security system.

View more

Identity and access management

Identity and access management relates to the granting or denying of access to a company’s equipment and data. Strong, effective access management enables the access of authorized workers while restricting the access of unauthorized workers and external third-parties.

Case: the Company management has no clear understanding of who has access to critical information.

Our services include:

  • Authentication and authorization analysis;
  • User management and provisioning;
  • Identity storage and data integration.

Result: decreased risk of unauthorized access to critical business information.

View more

Privacy and data protection

The privacy and data protection practice provides companies with a series of important security capabilities. The team can help organizations ensure proper data handling practices for the collection, use, retention, and sharing of personally-identifiable information about customers and employees in its care.

Case: personal and business-critical infromation circulate both inside and outside the Company. Such data could be intercepted, altered or even destroyed without management’s knowledge.

Our services include:

  • Accountability;
  • Notice;
  • Choice and consent;
  • Data collection;
  • Data use and retention;
  • Data subject access;
  • Third-party data disclosure;
  • Data accuracy.

Result: decreased risk of information disclosure, unauthorized change or destruction.

View more

Physical security

PwC’s physical security team considers the capabilities necessary to protect a company’s facilities, hardware, and people involved in information security.

Case: Physical security considerations related to electricity disruptions, fires, server rooms located in hospitable environments (e.g. exposed warehouse), could lead to data loss and theft.

Our services include:

  • Data center security review;
  • Policies and standards;
  • Access controls.

Result: decreased risk of unauthorized physical access and unexpected loss of company information.

View more

Penetration testing

PwC’s penetration testing team performs infrastructure and application penetration testing that focuses on identifying and validating vulnerabilities associated with critical infrastructure and business applications, both internal and external facing.

Case: cybercrime is rapidly evolving (according to recent survey of leading analysts). Hackers exist both outside and inside the Company. Risk of “probing” as well as “hacking” of Company’s information resources is likely, as autonomous viruses can perform such unauthorized activities.

Our services include:                        

  • Comprehensive infrastructure penetration testing;
  • Website security testing procedures;
  • Black-box and white-box approach;
  • Recommendations on mitigating known security vulnerabilities.

Result: decreased risk of loss or theft of information through remediation of IT infrastructure weaknesses.

View more

Security Operations Centres (SOC)

As cyber threats continue to grow and evolve, it is imperative that companies improve their security measures, make the best use of new technology and quickly respond to threats as they arise. To improve their cyber resilience, many companies are setting up their own security operations centres (SOCs), which use a combination of technology, processes and trained staff to monitor security incidents and respond appropriately.  

Case study. A company is interested in having a dedicated SOC. This would entail designing a strategy for establishing the SOC, including estimating the required headcount, determining the target technical architecture, and identifying key initiatives to develop the SOC, as well as performing a financial assessment and developing a roadmap. In addition, the company needs to implement effective processes to monitor and respond to cyber threats in line with global best practices, as well as conduct trainings for its employees.

Our team of professionals has a long and successful track record of working with major Russian and international companies in setting up and developing state-of-the-art SOCs. In this area, we help our clients with the following:

  • Conducting a financial assessment and preparing the business case for setting up the SOC;
  • Developing a strategy and budget for the SOC;
  • Assessing SOC technology, processes and staff using PwC’s proprietary SOCCER methodology;
  • Designing a robust SOC organisational structure;
  • Introducing metrics and KPIs for the SOC and visualisation of reporting for management and technical staff;
  • Conducting a health check to assess the performance of technology in use;
  • Designing a high-level target technical architecture for the SOC’s information security tools;
  • Drafting recommendations to implement use cases for the risks and threats that the company faces;
  • Designing and implementing key SOC processes;
  • Outlining staff roles and responsibilities, as well as the skills needed to perform various functions;
  • Comparing various SOC implementation options, either in-house or outsourced to a managed security service provider (MSSP).

What you gain: With timely incident identification and response, as well as a balanced use of personnel and technology, a PwC-designed SOC will help your company to minimise risk and improve information security management.

View more

Digital Identity

  • Assessment, analysis, design, implementation, and managed services of digital identity management systems and processes;
  • Facilitation and improvement of secure and manageable access for customers, contractors, partners, services, and IoT devices;
  • Enablement of identity and roles life-cycles;
  • Privileged accounts management;
  • Quality management for digital identity management programs and projects;
  • Digital transformation business acceleration.

View more

Security in the cloud

  • Design cloud security strategy and governance models for a compliant standard operating environment;
  • Engineer continuous audit, risk, privacy and compliance outcomes for the cloud;
  • Deliver secure migrations and automate DevOps security and compliance;
  • Deploy security reference architectures and cloud service provider-specific design patterns;
  • Conduct cloud health check security assessments;
  • Extend identity and access management (IAM) governance to the cloud;
  • Implement data protection solutions for the cloud, including data loss prevention (DLP), encryption, and key/cert management;
  • Integrate cloud security operations and incident response into DevOps processes. Leverage log/SIEM integration and real-time threat analytics.

View more



Contact us

Alexei Okishev

Partner, Digital Solutions Development Center Leader

Tel: +7 (495) 967 6000

Vitaly Sokolov

Partner, Risk Assurance, Cybersecurity Leader

Tel: +7 (495) 967-61-53

Follow us