An integrated incident response solution with Microsoft and PwC

Today Microsoft Incident Response is excited to announce a new collaboration with PwC to expand our joint incident response and recovery capability. In this global alliance, Microsoft begins the initial containment and investigation, bringing a deep understanding of a company’s infrastructure to help evict the bad actors faster and more effectively. PwC can then work on securely rebuilding and restoring mission-critical systems, while helping clients manage the broader incident, including incident reporting, crisis management, and a recovery strategy. 

Together, we work with the company to help remediate and update business processes and systems to better prevent or detect. We collectively share our world-class threat intelligence and knowledge between Microsoft and PwC to help solve wide-ranging and complex problems that arise during and after a breach.

“This type of industry collaboration is key to addressing the volume, complexity, and severity of breaches we see today. It will take all of us working together to stop nation-actors from attacking organizations and governments around the world,” said Kelly Bissell, Corporate Vice President, Microsoft Security Solutions. “For example, Microsoft security researchers have seen a 130.4 percent increase in organizations that have encountered ransomware over the last year. Microsoft Threat Intelligence is tracking more than 300 unique threat actors, including 160 nation-state actors, 50 ransomware groups, and hundreds of others.1

PwC and Microsoft formed this collaboration because they both have a long history of helping customers with incident response globally, offering both remote and boots-on-the-ground support. By combining our forces, we bring distinct areas of specialty to a broader range of customers.

How Microsoft Incident Response and PwC collaborate

When a customer experiences a crisis and engages Microsoft Incident Response and PwC, both teams can immediately mobilize. We typically start helping the customer remotely straight away and, when needed, can have people in their offices within 24 to 48 hours, parlaying their large global footprint so we can be at wherever the issue is quicker.

The Incident Response team focuses on evicting the bad actor, determining root cause analysis, and getting the customer’s core technology back up and running. Our extensive relationships with government agencies and organizations around the world can help stop the damage and bring criminals to justice. We can help find the bad guys so customers can start their recovery journey.

Meanwhile, PwC focuses on the broader incident response, like executing contingency plans—or helping companies navigate through the situation quicker, updating business processes, and identifying control failures to design a prioritized and measurable recovery strategy. They can work closely with C-suite and the board of directors to help address their needs. For example, the chief financial officer should understand the cost implications due to fines or fees. The legal counsel should engage the right law firm to help during the response and recovery. And the board and public relations team should figure out the appropriate thing to say to the media and customers. PwC can stay with customers to provide guidance throughout this very abridged sample recovery journey with the goal of helping the company emerge stronger.

Why Microsoft Incident Response and PwC are better together

“Time is often the enemy in any breach. The incident response collaboration between Microsoft and PwC means our customers have a team that can help support them from discovery through recovery. With a global footprint and history of recovery, remediation, and transformation experience, we can assist customers with the speed, agility and broad knowledge needed to provide a level of confidence and professional services during a potentially chaotic period,” said Sean Joyce, Global Cybersecurity and Privacy Leader, PwC.

The collective lessons learned from Microsoft and PwC’s incident response collaboration are interwoven into the fabric of how Microsoft’s solutions operate and how the two companies’ teams can help customers contain, isolate, eradicate, and emerge from an incident. This collaboration is better together because it combines the strength of both organizations: Microsoft’s deep understanding of technology and PwC’s industry-leading knowledge in business and risk management.

Here are some specific examples of how the collaboration can benefit customers:

  • Faster and more effective response: When a customer experiences a security incident, Microsoft and PwC can mobilize a team of specialists to help contain the cyberthreat, investigate the root cause, and get the client’s systems back up and running quickly. The two companies’ combined knowledge allows them to respond to incidents quicker and more effectively than either company could on its own.
  • More holistic response: The collaboration also allows Microsoft and PwC to provide a more holistic response to incidents. Microsoft can focus on the technical aspects of the incident, such as evicting the bad actor and restoring systems, while PwC can focus on the business and risk management aspects, such as developing a recovery plan and communicating with stakeholders. This holistic approach can help customers decrease the impact of incidents and recover quicker.
  • Improved security posture: The lessons learned from incident response engagements are used to improve Microsoft’s solutions and the security posture of its customers. Microsoft and PwC work together to help identify and mitigate common security vulnerabilities and to develop new security solutions. This can help clients to reduce their risk of future incidents.

That’s why it’s so important to have a team of professionals in place who can help you respond faster and more effectively to cybersecurity incidents. The Microsoft and PwC incident response collaboration can be an asset for customers when they are experiencing a breach within their organization. To connect with PwC and learn more about this collaboration, register for our webinar in December 2023 called “5 things you (probably) don’t know about incident response.”

Microsoft Incident Response

Strengthen your security with an end-to-end portfolio of proactive and reactive incident response services.

Enterprise office workers collaborating in an open work space.

Learn more

Learn more about Microsoft Incident Response.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as “Twitter”) (@MSFTSecurity) for the latest news and updates on cybersecurity.


1Microsoft Digital Defense Report 2023 .

READ MORE HERE