PwC India Harnesses Microsoft Copilot to Better Serve Clients in Cybersecurity

In October 2024 TBR met with Sangram Gayal, PwC India’s Incident Response lead and Managed Services Strategy global lead, and Terence Gomes, PwC India’s Microsoft Alliance lead, for a discussion about PwC’s cybersecurity business in India and the firm’s alliance with Microsoft. The following reflects that discussion and TBR’s ongoing interactions with and research on PwC.

Building on solid base, PwC India and Microsoft expand cybersecurity alliance

Setting the stage for an India-centric discussion, TBR met with PwC India leaders for a discussion about the post-pandemic shift in perspectives on opportunities within the India market, based on India’s economic growth and the growth of international companies’ global captive centers. Increasingly, according to Gayal and Gomes, decision makers for global companies reside in India, which is influencing talent management, supply operations and growth opportunities.
 

In this emerging environment, PwC’s decade-old decision to shift its cybersecurity practice from purely consulting to a mix of advisory and managed services has positioned the firm well for transformation, implementation and operations engagements. While PwC India earns 35% to 40% of its cybersecurity revenues from multinational clients, the remaining 65% to 60% comes from India enterprises, primarily in banking and other highly regulated industries.
 

Additionally, PwC has gained ground providing cybersecurity managed services in the manufacturing and pharmaceuticals spaces. Gayal and Gomes confirmed that consulting accounts for roughly 70% of the firm’s cybersecurity revenues while managed services makes up the rest.
 

 

Turning to PwC India’s summertime announcement regarding collaboration with Microsoft, Gayal and Gomes noted that PwC’s strategy led the firm to partner more closely on cybersecurity because of Microsoft’s scale, established PwC India-Microsoft relationships, and Microsoft’s focus on large enterprise clients (not SMBs), which aligns with PwC India’s target market.
 

Further, PwC India’s Microsoft practice is, according to Gomes, “holistic,” covering everything in cybersecurity and much of the full Microsoft stack, making PwC an attractive partner for Microsoft — attractive enough, according to Gayal and Gomes, that Microsoft is bringing PwC clients and co-conducting workshops around transformation, security operations center (SOC) modernization, and cloud migration. Not surprisingly, clients then award PwC the cyber managed services deals that flow from these workshops and consulting engagements.
 

One issue the PwC leaders raised centered on talent growth paths. While PwC mostly hires university graduates and puts them through a cybersecurity academy, the firm expects the smartest freshers to move beyond cyber managed services and onto a partner track. TBR notes that PwC has dealt with this talent management issue, particularly in cyber managed services, for decades, constantly refining the professional development paths and selection processes. Gayal and Gomes said the Microsoft incident response in India is “very lean” and supported by teams in Australia and Singapore with “good local and good global connectivity with PwC.” As a result, PwC is enhancing incident response overall in India, helping Microsoft leverage the capacity and helping extend capabilities within India. In TBR’s view, PwC’s recognition of Microsoft’s long-term cybersecurity talent and capabilities needs in India — beyond just Microsoft salespeople — reflects the strategic nature of PwC’s partnership with Microsoft and bodes well for sustained growth.

“You need to be good. AI helps. We’re replacing mindless work with intelligent work.”

Regarding Microsoft Copilot — ostensibly a catalyst to the July 2024 announcement mentioned above — Gayal said generative AI is “all about the promise of being able to do better queries and get better recommendations, not about the promise of cost cutting and not about reducing headcount.” Working with Microsoft Copilot enables PwC cybersecurity staff to make “better queries without exceptional coding and software skills,” leading to faster threat hunting and faster incident response.
 

Further, according to Gayal, Microsoft Copilot “enables recommendations not previously easy to formulate … [so PwC professionals] can be more creative and expansive in the how-to of running a SOC and … doing investigations.” When TBR asked about demonstrating these Microsoft Copilot-enabled capabilities to Indian clients, Gayal and Gomes noted that PwC conducts workshops at PwC SOCs, PwC Experience Centers, Microsoft offices or — most often — the client site.

A strategic growth hub for cybersecurity services

On multiple occasions over the last year, PwC leaders globally have asserted to TBR that India will become one of the most important markets for PwC services — clients based in India and served by PwC India. Gayal noted that India companies struggle to “hire the right skills right now,” even as these companies are “growing very fast and have growing cybersecurity needs.”
 

PwC’s global leadership attention and investment, combined with a market ready for PwC’s services and — critically — a strategic partnership with Microsoft, have created a level of enthusiasm for the opportunities in India.
 

Arguably, PwC brings another key element to bear: the firm is not new in India — it is not jumping onto the Indian economic bandwagon — but is, instead, a long-established brand with an intimate understanding of the Indian business climate and culture. Other IT services companies can emulate PwC’s cybersecurity offerings and capabilities but lack the firm’s deep knowledge of how Indian companies actually run their businesses beyond the IT shop.
 

As companies increasingly view cybersecurity as critical to running the business, cyber managed services players need to have a full understanding of their clients’ operations, financials and risks. Being part of the broader PwC firm gives PwC India’s cybersecurity team a clear advantage. TBR will be watching in 2025 to see what the team does with it.