Cyber solutions for the mid market

Your cyber security team, when you need us.

The average cost of a cyber attack to a business is $274k^, yet almost half of businesses only spend $500 a year protecting their business.*

Australian consumers are becoming more concerned about cyber security, and trust in a company's ability to protect their information is becoming a key decision maker in who they do business with.

Cybercrime is currently believed to cost Australians more than $1 billion every year, and businesses in both the private and public sector have been compromised. This heightened risk environment, coupled with increased regulatory requirements, means that cyber security needs to be a key priority and area of concern for organisations, and it's not just IT departments that are bearing the burden. Boards, audit committee and executives are responsible for ensuring and demonstrating to customers, employees and all stakeholders and regulators that appropriate safeguards are in place.

Cyber is a whole-of-business concern.

KPMG's specialised cyber solutions offering is tailored to help private, mid market and family business outpace cyber threats and protect their most important assets - their customers, their business, their people and their data. Our dedicated cyber team can help our clients implement the building blocks for a cyber resilient organisation so they have the confidence to focus on what will truly make an impact and help them succeed.


  • 65%

    of Australia business were interrupted due to breach in 2020.^

    ^ Telstra Security Report 2019, Telstra
  • 44%

    of employees have put their company at risk of a cyber attack.#

    # Compare The Market
  • 1051

    Is the number of data breaches as reported to the Office of the Australian Information Commissioner between January 2020 through to December 2020.*


What are the benefits?

  • Cyber governance and transformation

    Establish compliant and secure cyber security foundations through a cyber transformation program that includes a data and legal framework review and capability uplift.

  • Threat and intelligence management

    Detection and real-time response to threats and cyber incidents, including security testing, cyber analytics, incident response and SOC/SIEM capability uplift.

  • Data and identity protection

    Practical and affordable technical and business solutions to address areas such as privacy and data protection, identity management, and access management.

Our specialised cyber solutions and services

  • Cyber health check

    Cyber health check

    An objective assessment of your cyber risk profile in the context of the current threat landscape to help you identify and remediate any security control gaps and risks. This may also help you to prioritise the future investment to enhance business risk reduction.

    Expected outcomes of a Cyber health check include:
    1. An agreed risk appetite statement that reflects your risk tolerance.
    2. A clear view of the cyber threats that you face.
    3. How these cyber threats translate into risks for you based on your information assets combined with the control environment.
    4. An assessment of your cyber control maturity using KPMG Cyber Maturity Assessment (CMA) framework that is based on industry standards (ISO, NIST).
    5. A tangible and executable roadmap of cyber uplift activities, which are prioritised based on the risk reduction.
  • Cyber solutions

    Cyber solutions

    We can provide you with a set of turnkey cyber solutions from us or our alliance partners that help you tap into world-class solutions in a package that is right sized for the private, mid market and family businesses. The managed Security Operations Center (SOC) is a cloud-based service available through KPMG’s international alliance with CyberHat, a leading cyber security firm who specialise in cyber security operation monitoring. This service monitors your network environment 24 hours a day, seven days a week to provide affordable, integrated cyber attack detection, response and threat intelligence services.

    There are two types of service offerings:

    CYREBRO® Core is designed for organisations that already have a security information and event management (SIEM) function.

    CYREBRO® One is designed for organisations that require a solution combining both technology and professional services in one offering.

  • Incident response

    Incident response

    A cyber incident can happen to anyone, any time. We can offer you specialised incident response services to help effectively and efficiently respond to an incident and get you back up and running as quickly as possible and comply with your obligations.

    Prior to detecting an incident

    Incident Response readiness services help you to prepare for the inevitable cyber security incidents. We can assess current capabilities, test them using table top exercises or in-depth technical war games and help build any identified capability gaps. We can work with you to be prepared, strengthen your defences and identify who to call and the chain of command. This helps you to mitigate the impact of and effectively respond to cyber attacks.

    When an incident is detected

    Tackle incidents of high complexity by providing wide support during incidents, ranging from incident response and management and digital forensics, to assistance dealing with regulatory matters, remediation, communication. We understand that the highest priority for you during cyber incidents is to continue with or return as soon as possible to business as usual with minimal impact. KPMG’s in-depth industry experience and familiarity with your business helps provide targeted and practical advice.

    Compliance audits

    Post a cyber incident: Provide full post-incident support to you so that operations can return to normal mode with least cost and impact and manage identified risks as a result of the incident. We can also follow a cyber attack with a thorough analysis of root cause and improvement recommendations.

  • Virtual CISO services

    Virtual CISO services

    As you go along your journey of implementing the changes put forward by a cyber capability uplift roadmap, you may need specialised advice or support in certain areas. We provide a service that allows you access that specialised advice/support from us, as and when you need it.

    Support we can offer:
    • Cyber strategy review and development.
    • Cyber risk management.
    • Cyber capability uplift.
    • Cyber threat management.
    • Business resilience.
    • Incident management.
    • Data protection and data privacy;
    • Cyber and data governance and board reporting; and
    • Cyber operation management and vendor management.
  • Cyber security governance, risk & compliance management

    Cyber security governance, risk & compliance management

    We can help you in understanding and meeting your regulatory, contractual and compliance obligations (CPS 234/PCI etc.) in relation to cyber security. We can support you with targeted reviews, full scope audits and advisory projects to meet your compliance requirements through the below services.

    Cyber governance and controls advisory

    We can help you understand what effective cyber security governance and risk management tools should look like taking into account your specific requirements and needs. We can also assess your control design and advise on any uplifts to fit-for-purpose controls.

    Management analysis

    Targeted analysis of one or more areas of cyber security, performed either as internal audits or standalone reviews, to provide you and your stakeholders with insights into what is working and what is not.

    Compliance audits

    We can help you assess your compliance to a set of requirements – contractual, regulatory, legislative. This may be necessary for you to complete as part of a mandatory filing, because you want to work with a client that requires this as part supplier governance or because executives want to demonstrate to market how cyber secure you are.

Meet the team

  • Linda Chai
    Linda Chai
    Partner, Enterprise Cyber Lead, KPMG Australia

    Linda has more than 20 years of experience working across roles in strategy, operations and technology. Her broad, hands-on experience allows her to bring an integrative and pragmatic perspective to digital transformation programs.

  • Sarah Cain
    Sarah Cain
    Partner, Enterprise Risk Consulting, KPMG Australia

    Sarah leads Enterprise's Risk Consulting practice. She has over 12 years' experience providing professional services to a range of clients including listed entities in the ASX 300+, private companies, large multi-nationals, local government, not-for-profit and indigenous businesses.

  • Clara Luya (née Li)
    Clara Luya (née Li)
    Director, Enterprise Advisory, KPMG Australia

    Clara has global experience in many areas including cyber security, IT strategy, governance and risk management, digital transformation and service management. She has designed many IT and cyber strategies and led large transformation programs which were designed to execute on these strategies.

  • Puneet Gulati
    Puneet Gulati
    Director, Enterprise Risk Consulting, KPMG Australia

    Puneet has more than 10 years' experience in advising clients in governance, transformation, operational and compliance aspects of digital, technology and operational risks. He has worked with clients across the globe spanning industries including IT services, telecom, technology, and financial services.

Find out more

Fill in your details and one of our cyber team will get in touch to discuss how we can help you outpace cyber threats.

What is your enquiry about?

KPMG will use your personal information to process your interest in KPMG Cyber solutions.

KPMG will also use your personal information to maintain our contacts database, to contact you about KPMG services, events or insights and for other business related purposes. We may disclose this information to our service providers on a confidential basis. You may access or seek correction of the personal information that we hold about you by contacting our Privacy Liaison. For further details on how we handle your personal information, please refer to our Privacy Policy.

By continuing with your registration, we acknowledge your consent for KPMG to use your personal information as set out in our Privacy Policy. You can withdraw your consent at any time by contacting our Privacy Liaison.

Check the box if you agree: