PwC Managed Cyber Risk
by PricewaterhouseCoopers UK
PwC MCR equips executives with the essential insights needed to manage cyber risk effectively.
PwC UK's Managed Cyber Risk (MCR) is a self-serviced low-code SaaS platform that comes with optional cyber risk advisory and managed services. This platform enables risk orchestration, provides data-driven risk insights, and improves cyber risk oversight, bringing transparency to overall risk management and reporting. Complementing your existing governance, risk and compliance (GRC) investments, we can support you in accelerating time to operationalise a cyber risk management framework.
The platform offers “three levels of reporting” which ensures that users can access basic summaries, detailed analyses, and comprehensive insights tailored to their specific needs.
Risk Oversight: Helps the board of directors and executive committee fulfill their oversight and fiduciary responsibility
Risk Ownership : Helps lines of business and accountable executives manage risk and implement controls
Risk Operations: Helps risk and security teams explain the risk model, mitigate risk and challenge decision making
Further information:
How does it differentiate from GRC and compliance manager? MCR has unique features that differentiates it from traditional GRC platforms and can help complement them by providing deep dive risk analytics into the cyber risk domain, including:
Flexible cyber risk model that supports both deterministic and probabilistic modelling of risks to suit the needs of both mature and immature clients.
Customisable pre-loaded content that includes multiple industry control standards mapped to good practice risk factors (i.e. risks, threats and metrics).
Integrated threat intelligence leveraging PwC’s global platform that provides strategic and technical intel on incidents, threat actors and campaigns.
Continuous controls monitoring based on ingestion of telemetry from security posture management platforms using APIs to calibrate assessment scores.
Sophisticated benefits management that enables the forward projection of risk based on the benefits realised from a portfolio of risk treatment activities.
Complimentary services that support continuous tuning of the risk model, assessment of risk factors, integration of data sources and curation of reports.
How is it extensible?
MCR has the ability to ingest data from GRC and XSPM platforms via their APIs to better automate risk management processes:
Integrate with security posture management platforms (XSPM) to automatically update metrics that measure the effectiveness of security controls.
Integrate with GRC platforms to automatically import details of material findings from any risk and compliance assessments to help validate the control effectiveness scores within MCR.