Cyber solutions for the mid market
Your cyber security team, when you need us.
The average cost of a cyber attack to a business is $274k^, yet almost half of businesses only spend $500 a year protecting their business.*
Australian consumers are becoming more concerned about cyber security, and trust in a company's ability to protect their information is becoming a key decision maker in who they do business with.
Cybercrime is currently believed to cost Australians more than $1 billion every year, and businesses in both the private and public sector have been compromised. This heightened risk environment, coupled with increased regulatory requirements, means that cyber security needs to be a key priority and area of concern for organisations, and it's not just IT departments that are bearing the burden. Boards, audit committee and executives are responsible for ensuring and demonstrating to customers, employees and all stakeholders and regulators that appropriate safeguards are in place.
Cyber is a whole-of-business concern.
KPMG's specialised cyber solutions offering is tailored to help private, mid market and family business outpace cyber threats and protect their most important assets - their customers, their business, their people and their data. Our dedicated cyber team can help our clients implement the building blocks for a cyber resilient organisation so they have the confidence to focus on what will truly make an impact and help them succeed.
* business.vic.gov.au
^ cyber.gov.au
What are the benefits?
-
Cyber governance and transformation
Establish compliant and secure cyber security foundations through a cyber transformation program that includes a data and legal framework review and capability uplift.
-
Threat and intelligence management
Detection and real-time response to threats and cyber incidents, including security testing, cyber analytics, incident response and SOC/SIEM capability uplift.
-
Data and identity protection
Practical and affordable technical and business solutions to address areas such as privacy and data protection, identity management, and access management.
Our specialised cyber solutions and services
-
Cyber health check Cyber health check
An objective assessment of your cyber risk profile in the context of the current threat landscape to help you identify and remediate any security control gaps and risks. This may also help you to prioritise the future investment to enhance business risk reduction.
Expected outcomes of a Cyber health check include:
- An agreed risk appetite statement that reflects your risk tolerance.
- A clear view of the cyber threats that you face.
- How these cyber threats translate into risks for you based on your information assets combined with the control environment.
- An assessment of your cyber control maturity using KPMG Cyber Maturity Assessment (CMA) framework that is based on industry standards (ISO, NIST).
- A tangible and executable roadmap of cyber uplift activities, which are prioritised based on the risk reduction.
-
Cyber solutions Cyber solutions
We can provide you with a set of turnkey cyber solutions from us or our alliance partners that help you tap into world-class solutions in a package that is right sized for the private, mid market and family businesses. The managed Security Operations Center (SOC) is a cloud-based service available through KPMG’s international alliance with CyberHat, a leading cyber security firm who specialise in cyber security operation monitoring. This service monitors your network environment 24 hours a day, seven days a week to provide affordable, integrated cyber attack detection, response and threat intelligence services.
There are two types of service offerings:
CYREBRO® Core is designed for organisations that already have a security information and event management (SIEM) function.
CYREBRO® One is designed for organisations that require a solution combining both technology and professional services in one offering.
-
Incident response Incident response
A cyber incident can happen to anyone, any time. We can offer you specialised incident response services to help effectively and efficiently respond to an incident and get you back up and running as quickly as possible and comply with your obligations.
Prior to detecting an incident
Incident Response readiness services help you to prepare for the inevitable cyber security incidents. We can assess current capabilities, test them using table top exercises or in-depth technical war games and help build any identified capability gaps. We can work with you to be prepared, strengthen your defences and identify who to call and the chain of command. This helps you to mitigate the impact of and effectively respond to cyber attacks.
When an incident is detected
Tackle incidents of high complexity by providing wide support during incidents, ranging from incident response and management and digital forensics, to assistance dealing with regulatory matters, remediation, communication. We understand that the highest priority for you during cyber incidents is to continue with or return as soon as possible to business as usual with minimal impact. KPMG’s in-depth industry experience and familiarity with your business helps provide targeted and practical advice.
Compliance audits
Post a cyber incident: Provide full post-incident support to you so that operations can return to normal mode with least cost and impact and manage identified risks as a result of the incident. We can also follow a cyber attack with a thorough analysis of root cause and improvement recommendations.
-
Virtual CISO services Virtual CISO services
As you go along your journey of implementing the changes put forward by a cyber capability uplift roadmap, you may need specialised advice or support in certain areas. We provide a service that allows you access that specialised advice/support from us, as and when you need it.
Support we can offer:
- Cyber strategy review and development.
- Cyber risk management.
- Cyber capability uplift.
- Cyber threat management.
- Business resilience.
- Incident management.
- Data protection and data privacy;
- Cyber and data governance and board reporting; and
- Cyber operation management and vendor management.
-
Cyber security governance, risk & compliance management Cyber security governance, risk & compliance management
We can help you in understanding and meeting your regulatory, contractual and compliance obligations (CPS 234/PCI etc.) in relation to cyber security. We can support you with targeted reviews, full scope audits and advisory projects to meet your compliance requirements through the below services.
Cyber governance and controls advisory
We can help you understand what effective cyber security governance and risk management tools should look like taking into account your specific requirements and needs. We can also assess your control design and advise on any uplifts to fit-for-purpose controls.
Management analysis
Targeted analysis of one or more areas of cyber security, performed either as internal audits or standalone reviews, to provide you and your stakeholders with insights into what is working and what is not.
Compliance audits
We can help you assess your compliance to a set of requirements – contractual, regulatory, legislative. This may be necessary for you to complete as part of a mandatory filing, because you want to work with a client that requires this as part supplier governance or because executives want to demonstrate to market how cyber secure you are.
Meet the team
-
Linda Chai
Partner, Enterprise Cyber Lead, KPMG AustraliaLinda has more than 20 years of experience working across roles in strategy, operations and technology. Her broad, hands-on experience allows her to bring an integrative and pragmatic perspective to digital transformation programs.
-
Sarah Cain
Partner, Enterprise Risk Consulting, KPMG AustraliaSarah leads Enterprise's Risk Consulting practice. She has over 12 years' experience providing professional services to a range of clients including listed entities in the ASX 300+, private companies, large multi-nationals, local government, not-for-profit and indigenous businesses.
-
Clara Luya (née Li)
Director, Enterprise Advisory, KPMG AustraliaClara has global experience in many areas including cyber security, IT strategy, governance and risk management, digital transformation and service management. She has designed many IT and cyber strategies and led large transformation programs which were designed to execute on these strategies.
-
Puneet Gulati
Director, Enterprise Risk Consulting, KPMG AustraliaPuneet has more than 10 years' experience in advising clients in governance, transformation, operational and compliance aspects of digital, technology and operational risks. He has worked with clients across the globe spanning industries including IT services, telecom, technology, and financial services.
Our specialist insights
-
COVID-19: Protecting your business from cyber crime
How SMEs can protect their business from coronavirus-themed cyber attacks that are on the rise.
-
Cyber security sized for your business
Protect your business from cyber crime with the latest in attack detection, response and threat intelligence – delivered 24/7.
Find out more
Fill in your details and one of our cyber team will get in touch to discuss how we can help you outpace cyber threats.