Information and Cyber Security
To reduce the risk of business disruptions, meet regulatory requirements, and effectively address complex security breaches, companies should integrate their security infrastructures and continuously oversee standards, policies, and controls to ensure they align with established guidelines. Reducing cybersecurity risk is a critical priority for organisations aiming to protect their digital assets and maintain operational integrity. Strategies to effectively minimise these risks:
- Regular risk assessments
- Strong access controls
- Continuous monitoring and threat intelligence
- Incident response planning
- Third-party risk management
- Employee training and awareness
Gaining complete visibility into the security framework also enables organisations to promptly address any security vulnerabilities.
The recent cybersecurity attacks on public and private entities in Croatia and the region have brought information and cybersecurity into the spotlight of their management. The loss or theft of information can cause severe harm to essential functions as well as to reputation and public trust.
PwC experts work closely with clients to pinpoint potential risk areas and collaborate with executives to prioritise solutions. By utilising established methodologies and deep industry knowledge, we help organisations develop a unified security infrastructure that includes people, processes, and technology, along with implementing standardised procedures. Such comprehensive understanding of their security environment allows organisations to accurately assess their vulnerabilities and take proactive measures to protect their information assets.
We specialise in delivering comprehensive cybersecurity solutions that safeguard your business against these evolving risks. Our team of experts employs cutting-edge technologies and industry best practices to design tailored strategies that align with your business objectives while ensuring compliance with regulatory standards.
How can PwC help you
Cybersecurity has become top-of-mind for many organisations. According to PwC's 2025 Global Digital Trust Insights Survey, more than three fifths (66%) of CIOs rank cyber risks as the most critical threats their organisations plan to mitigate within the next 12 months. This highlights the importance of ensuring the efficiency and maturity of security operations, not only for individual organisations but also for the solutions provided by Managed Security Service Providers (MSSPs).
To achieve this, PwC's experts utilise the Security Operations Centre – Capability Maturity Model (SOC-CMM) methodology, which offers a structured assessment of your Security Operations Centre (SOC). Our team can assist you in identifying critical areas for improvement and provide tailored recommendations to help improve your operational maturity.
Not “penetration testing”, not “red teaming”, but the simulation of live IT infrastructure, protective controls, people, and current processes under a cyber attack. Through this simulation, your incident response team can collaborate with your business stakeholders and test your current incident response capabilities using realistic scenarios.
Globalisation and technology are today’s core business drivers, with the potential to send unprecedented risks cascading across your enterprise – or propel you toward unprecedented opportunity. By unlocking these risks you turn them into a catalyst for growth, stepping ahead of uncertainty.
The intensity of change in today´s business environment requires companies to manage and harness the power of proactive Enterprise Risk Management, combining innovative and proactive governance, risk and compliance activities (GRC) into a comprehensive Enterprise Risk program that facilitates seizing competitive opportunities and meeting stakeholders’ expectations.
The cybersecurity manager function can leverage a wealth of expertise, experience and resources tailored to their specific security needs. This approach allows organisations to benefit from the latest industry best practices and threat intelligence while maintaining flexibility and scalability. Additionally, such services can provide a fresh perspective on risk management and compliance, helping businesses navigate the complex landscape of cybersecurity threats and regulations more effectively.
These are the main points of the cybersecurity manager function:
- Access to top-tier expertise and industry best practices tailored to their specific needs
- Flexible and scalable security leadership
- (Ensuring) Cybersecurity strategies are aligned with evolving threats and business objectives
- Unbiased assessments and innovative solutions
- Fostering a proactive security culture while optimising resource allocation and cost-effectiveness
- Providing security awareness to all employees in the field of cyber and information security
Aimed at educating and informing individuals about various aspects of cybersecurity, cybersecurity awareness is raising employees’ ability to protect themselves and their organisations from cyber threats. The key objectives of such programs include:
- Risk awareness: Help individuals understand the types of cyber threats they may encounter, such as phishing, malware, ransomware, and social engineering attacks.
- Behavioural change: Encourage safe online practices and behaviours that minimise security risks, such as using strong passwords, recognising suspicious emails, and not sharing sensitive information.
- Compliance: Ensure that employees or participants are aware of and comply with relevant cybersecurity policies, regulations, and best practices.
- Incident response: Educate individuals on how to respond effectively to a cybersecurity incident, including whom to contact and what steps to take to mitigate damage.
- Cultural shift: Foster a security-conscious culture within an organisation, where cybersecurity is considered a shared responsibility across all levels.
- Continuous improvement: Provide ongoing education and updates to stay ahead of evolving cyber threats and technology changes.
Why Due Diligence?
Technology is a key driver for M&A.
With the rise of e-currencies, e-payments, and online customer acquisition and engagement services, banks and insurance companies increasingly resemble technology companies.
IT in banks and insurance because is inherently complex due to the intricate financial instruments they handle and the extensive legal and regulatory requirements they must comply with. These businesses are structured around products, which are offered to customers via portals, while complex interactions between different systems are run in the background. Neither pure IT nor pure finance professionals are able to understand and evaluate these complexities on their own. Our experts bridge the gap between these two worlds seamlessly.
Customers are very sensitive to operational disruptions, as seamless service relies on the smooth interaction of multiple systems.. From day one, the expect uninterrupted access to all services and facilities, with no impact on their experience or that of business partners.
Our IT Due Diligence, which integrates digital and functional aspects, ensures a seamless transition. This approach sets us apart from traditional technology Due Diligence services offered in the market.
- We have experience and expertise in financial industry-specific processes and therefore can offer specialised IT Due Diligence services for banks and insurance companies.
Our IT Due Diligence approach
We deliver a typical IT Due Diligence project in four phases.
The Risk Assurance team at PwC can support you in finding the best answers to any question you may face. With a team of experts, our expertise spans all industries, sectors and technologies. We take the time to understand your organisation’s structure, products, services, and planned transactions. As IT specialists, we provide a customised service tailored to your goals.
By working together with you and your team, we are always ready for the next step in the transaction process. We take advantage of the latest comprehensive data and analytics technologies. This supports a fast evaluation of your data and also creates transparency by providing real-time data visualisation.
Related services
