Privacy and cyber response
From investigation, to litigation and regulatory response, EY Privacy & Cyber Response professionals help organizations navigate through complex cyber attacks.
What EY can do for you
EY teams have assisted companies in responding to a range of cyber incidents including Personally Identifiable Information (PII) data thefts, business email compromises, ransomware attacks and credit card theft. The teams combine cybersecurity and computer forensic experience with traditional investigative approaches, including interviewing witnesses, interrogating data and examining physical and digital evidence to uncover all facts pertaining to a breach.
EY professionals are experienced in helping address regulatory inquiries and liaising with law enforcement authorities. As cyber breaches often span international borders, they tailor their procedures to the specific legal and regulatory requirements of each country involved in the investigation, including our work with external legal counsel.
EY interdisciplinary teams help organizations develop data governance frameworks that are supported by appropriate policies and technology so data protection and privacy compliance is achievable and sustainable in the long run. The teams also assist in developing data protection and privacy compliance plans that work in conjunction with the organization’s cyber response plan to enable them to respond to cyber breach in an effective manner within the required time window.
EY teams help organizations develop cyber response plans and conduct simulation testing by taking into consideration the magnitude and types of cybercrimes, data loss, customer privacy violation, regulatory compliance and infrastructure damage. The teams help organizations establish an investigation framework and the forensic procedures to support the investigation. EY professionals also work with organizations to form recovery plans that include containment and eradication, and leverage the broader business continuity plan.
EY cyber investigators combine computer forensic knowledge with traditional investigative approaches, including interviewing witnesses, interrogating data, and examining physical and digital evidence to uncover the facts pertaining to a cyber incident. They work with organizations to customize the investigation approach for each incident, taking into account potential litigation and regulatory inquiries, resource requirements, timing, desired work product and budget.
EY teams are able to perform time-critical data mapping and forensically sound preservation and collection activities around the world simultaneously. In the event of an attack, the teams can quickly deploy resources to collect investigative evidence, such as network trafﬁc captures, log ﬁles and static host-system images. They also utilize forensic data analytics to collect and fuse data from multiple logging and audit-trail systems to piece together the attack timeline and discover the original point of entry, as well as subsequent attacker activities.
EY teams work with organizations and their counsel to develop work products consistent with litigation evidentiary requirements. Procedures for chain of custody, security of exhibits and contemporaneous note-taking practices are standard components of the methodology EY professionals follow. EY cyber response professionals are experienced in working with national security and law enforcement bodies, as well as management and counsel, to safeguard the organization’s interests.
Data privacy is an important consideration of cyber response planning. EY teams work with organizations to develop strategies and mechanisms to enable them to securely process and transfer the data needed for an investigation. Working with counsel, EY professionals develop written protocols that help them comply with applicable regulatory requirements.
If cyber incidents result in destruction or corruption of data, EY teams can provide data recovery services and resources to support restoration from all types of deleted, corrupted, missing or inaccessible data that may have resulted from a cyber attack. This includes recovery of loss from any operating system environment and working with response teams to restore services.
Our latest thinking
Like what you’ve seen? Get in touch to learn more.