Cyber-security Incident Response Retainer Services

1

You don’t want to wait for the inevitable. You want to be prepared, with confidence in your ability to manage the threats and risks you face.

Our incident response retainer services will provide you the confidence, and allow for rapid and on-demand access to a pool of highly skilled and experienced incident response professionals around the world, as well as a range of PwC services designed to support you when your business is at risk.

We work as your strategic and tactical advisors as well as arms and legs of your team, supporting your incident response and subsequent remediation and transformation efforts. Our teams (both in Mainland China/Hong Kong and at your overseas locations) maintain local presence and communications with your people. We can deploy our team with the minimum time period and cost overhead.

Cyber security incidents are firmly on the agenda: What should you do to prepare and respond?

• Combining live network and endpoint visibility provides direct access to adversaries actions

• Recognise adversary patterns, TTPs, etc.

• Containment and eradication strategies are carefully scripted

• Business returns to normal with accepted levels of risk and impact

Rapid Return to Operations

Containment & Eradication Strategies

Active Remediation

Endpoint Visibility

Digital Forensics & Malware Analysis

Network Monitoring

Log, Event & Access Analytics

Recursive Artifact

Analysis

Real-time Endpoint & Network Visibility

Actionable Threat Intelligence

2

Cyber security incidents have become unavoidable and significant concerns not just for your executive management team and board of directors, but for regulators, customers, and investors too. The scale and sophistication of cyber security incidents are increasing every year, and keeping pace with evolving attacker tools and techniques for any organisations has become a very difficult task.

Are you prepared to respond to a cyber security incident?

1. Integration

Our incident managers will understand the incident, the response structures in place and the actions that have already been taken.

5. Chief of staff

We will provide senior and experienced staff to ensure the Crisis Management Team operates effectively under the most difficult circumstances.

2. Structure

We will help define a suitable response team structure, and a plan that includes communications with all relevant stakeholders.

6. Business continuity

We will work with individual business units and recovery work stream leaders to define the priorities that will ensure effective business resumption and continuity.

3. Information management

We will apply the relevant tools and templates that will support senior leaders and enable sound strategic decision making.

7. Project management

We will track and report to you the level of resources deployed across the response effort, expenditure and invoicing.

4. Technical translation

Our incident managers can clearly communicate complex technical matters into business language so implications can be easily understood at all levels.

8. Breach readiness assessment

Using a tool we have developed, we can help you to understand your level of technical preparedness to respond to a data breach.

If you don't have a clear or positive answer, you may need to consider some of the important actions listed below and we can work with your organisation to help.

What questions should you be asking?

• Are you prepared to respond to a cyber security incident, including your executive management team and board of directors?

• Do you have plans in place to respond to, and recover from, the most likely attack scenarios?

• Do you already have arrangements in place to meet regulatory requirements on incident handling (e.g., Hong Kong Monetary Authority’s C-RAF 2.0)

• Do you have experts on call and ready to respond to a cyber incident?

• Do you have the capability to contain and limit the impact of a breach?

3

Our response to every incident is tailored, depending on the situation and your desired outcomes. We will work with you to identify the experts you feel will best support you as part of the incident you are facing.

How PwC can help

Our retainers provide global, on-demand, 24x7x365 access to a specialist cyber incident response team in the event of a cyber incident. Benefits include:

1

2

3

4

5

A rapid and effective response to reduce the impact of an incident, with no need to onboard a provider whilst under duress, which could delay your response.

Customisable service agreements to suit your specific business requirements.

Availability of relevant reporting and data to demonstrate compliance to stakeholders and regulators.

Detailed and effective breach notification support, in alignment with regulatory requirements.

Access to a wide-range of cyber security, forensic, business advisory and legal experts – all of whom are experienced in working closely together in times of crisis.

Initial and regular workshops to understand your business, IT infrastructure, and existing incident response policies and procedures that can help ensure an effective response immediately following discovery of an incident.

On-site and remote response SLAs.

Multiple escalation channels including a 24/7 emergency response telephone hotline.

Crisis preparedness and management support, where it is needed, from board-level executives to first-responder teams.

Access to our customised incident report templates, and a range of other PwC resources.

Unused retainer hours can be used on readiness and cyber security advisory services, to maximise your return on investment.

Rapid access to a range of additional cyber security services (including threat intelligence and threat detection) to inform a wider security strategy.

3 Expert

Highly experienced in digital forensics and incident response

Certified by CRESTCertified by GIAC

Holistic end-to-end experts (legal, crisis, business, etc.)

2 Effective

ReadinessInclusive IR hours per year

Workshop to review readiness of IT estate & IR processes + IR testing

80 hours (plus option to invest more at silver discount rates)

Silver + monthly onsite days

140 hours (plus option to invest more at gold discount rates)

1 Rapid

24/7 Incident response hotline

Remote support Onsite support

First responder contact within 4 hours (Monday – Sunday 9-5)

Onsite support next working day to pre-agreed locations

First responder contact within 2 hours

Onsite support within 24 hours to pre-agreed locations

Silver

Gold

We apply what we believe to be three essential qualities across our two incident response retainer tiers

4

7 key features of PwC’s incident response retainers:

Get in touch with us

This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.

© 2021 PricewaterhouseCoopers Limited. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

Kenneth WongCybersecurity and Privacy Leader, Risk Assurance, Asia Pacific and Mainland China/Hong Kong

+852 2289 2719kenneth.ks.wong@hk.pwc.com

Felix KanPartner

+852 2289 1970felix.py.kan@hk.pwc.com

Kok Tin GanPartner

+852 2289 1935kok.t.gan@hk.pwc.com

Ross XiaoPartner

+852 2289 8425ross.xiao@hk.pwc.com

Gary NgPartner

+852 2289 2967gary.kh.ng@hk.pwc.com

Luke GrothPartner

+852 2289 5061luke.ar.groth@hk.pwc.com