Navigate risk and regulatory complexity

Assisting with a holistic assessment of cybersecurity maturity, and defining a 3-year remediation roadmap

Client: a major regional insurance company

Client challenge

Concern raised by the Board of Directors about cyber risk, and lack of a consistent and holistic framework to measure the maturity of cybersecurity risk management

  • In view of a number of high-profile cyber-attacks adversely impacting industry peers, the Board was concerned the company may have underestimated its level of cyber risk.
  • The company lacked a consistent / holistic framework and tools to measure the maturity of cybersecurity risk management capability, despite attempts by the 2nd line (Risk and Compliance) and 3rd line (IA) of defence functions to assess the effectiveness of cyber defence measures implemented by the 1st line (IT and business functions).

 

Our solution

Leveraged our cyber maturity framework and proprietary cyber-attack simulation tool to measure the adequacy and effectiveness of the client’s cyber defence capability

  • We used PwC's holistic and consistent cybersecurity management framework to measure the group and the different countries’ maturity within Asia Pacific, covering four key capabilities in our framework, namely ‘Identify, Protect, Detect and Respond’.
  • We utilised PwC’s proprietary cyber-attack simulation tool, called ‘CatchMe’, to measure the effectiveness of the client’s cyber defence capability in preventing and detecting data exfiltration attacks. We demonstrated that cyber-criminal attacks were possible to access the entire sensitive customer database and confidential company information.

 

Business impact

  • The outcome of our cyber-attack simulation exercise was a wake-up call to the group and country management that the company had been subjected to cyber risk which could lead to exfiltration of sensitive customer data by hackers. 
  • As a result, we worked together with management to come up with a 3-year remediation roadmap and helped benchmark between different country operations.

Cimi Leung

Mainland China and Hong Kong Governance and Internal Audit Service Leader

Tel: +852 2289 2997

Contact

Ian Farrar

China and Hong Kong Corporate Treasury Leader

Tel: +852 2289 2313

Contact

Qing Ni

Funds Audit Partner, PwC China Private Equity Group

Tel: +86 (10) 6533 2599

Contact

Wilson Mo