Analyse security spend. Increase effectiveness.

Rationalise your Security Portfolio – more protection, less cost

Your expert for questions

Vladyslav Dunajevski is Director, Cyber Security & Privacy, PwC Germany

Vladyslav Dunajevski
Director, Cyber Security & Privacy, PwC Germany
Tel: +49 1511 6953 894
Email

Stronger security with a rationalised portfolio

Organizations are investing heavily in security—but many still struggle with fragmented tools, overlapping capabilities, and rising costs. Disconnected security solutions, inconsistent maturity levels, and unclear ownership often prevent companies from achieving their desired security outcomes.

“A larger security budget doesn't automatically equate to greater security. It is only when tools, processes, and responsibilities are consolidated that investments translate into measurable protection.”

Vladyslav Dunajevski,Director, Cyber Security & Privacy, PwC Germany

PwC’s Business Value Assessment for Security Portfolio helps you regain control. We assess your current security capabilities against proven reference models, aiming to eliminate redundancies, lower costs, and deliver a measurable increase in security maturity.

By analysing both technical effectiveness and commercial efficiency, we uncover opportunities to reduce total security spend while increasing protection levels—for example by consolidating tools, optimising license models (e.g. Microsoft E3, E5, E7), strengthening cloud-native security in hyperscaler environments, or leveraging leading best of platform solutions.

The result: a transparent, value‑driven security portfolio that delivers measurable risk reduction, improved operational efficiency, and a clear roadmap for future investments.

Our Services

Security Capability & Zero Trust Assessment

Structured assessment of your security capabilities against Zero Trust principles.

PwC conducts a comprehensive assessment of your existing security controls, processes, and tools, mapped against the Zero Trust model and industry best practices. We evaluate identity, device, network, workload, data, and monitoring capabilities, identifying maturity gaps and redundancies. The outcome is a clear view of your current security posture, prioritised risks, and a fact‑based baseline for rationalisation decisions.

Learn more (German)

Security Tool & Cost Rationalisation

Reduce complexity and spend while increasing security effectiveness.

We analyse your security portfolio from both a functional and financial perspective. This includes identifying overlapping tools, underutilised capabilities, and inefficient licensing models. Typical use cases include consolidating redundant solutions, optimising security licensing (e.g. Microsoft E3 vs. E5 vs. E7), and aligning spend with actual risk exposure. The result is a leaner, more cost‑efficient security architecture.

Define the Change Roadmap

A clear, prioritised roadmap to rationalise and evolve your security portfolio.

Based on the assessment results, PwC defines a pragmatic and business‑aligned change roadmap for your security portfolio. We prioritise initiatives based on risk reduction, cost efficiency, and implementation effort, and translate them into concrete short‑, mid‑, and long‑term actions. The roadmap covers target architecture, technology and tooling decisions, operating model implications, and quick wins, providing decision‑makers with a clear and actionable path towards a simplified, value‑driven security landscape.

Accompany Your Change Journey

Hands‑on support to implement and embed your target security portfolio.

PwC supports you throughout the implementation of the defined roadmap—from initial planning to execution and stabilisation. We accompany tool consolidation, technology upgrades, and organisational change, ensuring alignment across security, IT, and business stakeholders. Our experts provide governance, architectural guidance, and handson support where needed, helping you realise benefits quickly while embedding sustainable security capabilities into your daytoday operations.

Ready to rationalise your security portfolio?

Get in touch with our experts

Frequently asked questions on the Business Value Assessment

A Business Value Assessment is a structured evaluation of an organisation's security tools, processes, and capabilities. It aims to identify redundancies, optimise cost, and systematically increase security maturity against recognised frameworks such as CISA Zero Trust and NIST CSF. The outcome is a fact-based foundation for investment and consolidation decisions.

A typical assessment takes 6 to 8 weeks, depending on scope, number of domains evaluated, and stakeholder availability. The first two weeks focus on data collection and tool inventory, followed by capability assessment and gap analysis, and finally the development of a prioritised roadmap and business case.

In most projects, PwC identifies 15–30% savings on security licensing cost and 20–40% reduction in redundant tools. Common levers include consolidating overlapping solutions, moving to integrated platforms (e.g. Microsoft E5 instead of multiple point products), and strengthening cloud-native security in AWS or Azure environments.

PwC assesses all relevant security domains in a vendor-neutral way, including Identity & Access Management, Endpoint Security, Cloud Security, Data Security, and SIEM/SOC. We have deep experience with Microsoft Security Solutions (E3/E5, Defender, Sentinel, Entra), Palo Alto Security Suite, AWS and Google Cloud Security solutions, and leading CNAPP platforms such as Wiz and Cortex Cloud.

The assessment is designed for mid-sized and large organisations seeking to consolidate security landscapes that have grown organically over years. It is particularly relevant for CIOs, CISOs, Heads of IT Security, and IT Finance leaders facing efficiency pressure, NIS2/DORA implementation, or planning cloud transformation.

“Boards are increasingly asking why security spend keeps rising while complexity and risk remain high. Business Value Assessment for Security Portfolio enables CIOs and CISOs to reduce cost, eliminate redundancies, and clearly demonstrate how every security investment contributes to measurable risk reduction.”

Vladyslav Dunajevski,Director, Cyber Security & Privacy, PwC Germany
Follow us

Contact us

Vladyslav Dunajevski

Vladyslav Dunajevski

Director, Cyber Security & Privacy, PwC Germany

Tel: +49 1511 6953 894

Volkmar Kirchner

Volkmar Kirchner

Senior Associate, PwC Germany

Tel: +49 175 9432873

Hide