New technologies. Sales channels. Customer experiences. Does your organisation have the confidence and agility to seize these kinds of opportunities, or are cyber threats holding you back? Can you do what you want to do, knowing you have the resilience to withstand a cyber security event and continue to serve customers? As you exchange more data and become more dependent on interconnected systems, a strategic approach to cyber security has never been more critical.
That’s why cyber security is not just an information technology issue, it’s a business issue — demanding the attention not only from CISOs but also from the rest of the C-suite, the board, employees, supply chain and business partners.
A strong cyber security strategy should align to the business vision, objectives and innovation projects. If implemented effectively, it can enhance product integrity, customer experience, operations, regulatory compliance, brand reputation, investor confidence and more — turning risk into a competitive advantage.
KPMG's cyber security helps you with tailored methodologies for cyber security and data protection. From determining the appropriate levels of acceptable risk to aligning your information protection agenda with your business and compliance priorities to building enterprise-wide security strategies to help move your organisation from reacting in crisis mode to having proactive, value-added business methodologies, we help you carry security throughout your entire organisation.
Cyber security framework/compliance assessment: Focusses on our clients’ ability to comply with industry standard frameworks such as The National Institute of Standards and Technology cybersecurity framework (NIST CSF), Control Objectives for Information and Related Technologies (COBIT), International Organisation for Standardisation (ISO) and other relevant information security regulatory frameworks. By assessing current-state security control processes, we assist clients in identifying needs, strengths and weaknesses in the current environment as compared to peers and determining future business processes and technology that will be needed in order to enhance the cyber security function over time.
Cyber Maturity Assessment (CMA): KPMG’s CMA is a unique offering that incorporates our insight into leading cyber practices from the public and private sectors. The assessment is targeted at boards and executives to assist with appropriate board-level reporting and communications. The CMA framework is based on a combination of internationally accepted standards (such as NIST CSF, ISO and COBIT) and can be tailored to the specific requirements of our clients yet is comprehensive in its ability to address key dimensions that together provide an in-depth view of an organisation’s cyber maturity.
Cyber strategy and target operating model development: KPMG’s cyber strategy and target operating model service provides clients with an efficient method to establish a security strategy, quantify risks, evaluate true cost and determine effectiveness of their current security programme. Driven by an assessment of core capabilities across people, process and technology, clients will gain an understanding of their current security capability maturity, which will then drive the creation of a tailored target operating model.
Cyber key performance indicator, metrics and dashboarding: Helps security organisations establish a consistent, repeatable and mature process for reporting cyber security performance at all levels—to the board, executive management and information security leadership.
Third-party security risk management: The third-party security risk management service assists our clients with the design and execution of a third-party security assessment programme. This service provides clients with a risk triage model, representative assessment questionnaires, and a centralised coordination and reporting office to assist our clients in conducting assessments of their vendors, suppliers and other third-party business partners across the globe. Third-party security risk management.
Business resilience: KPMG’s business resilience service assists clients with the development and deployment of a Business Continuity Management (BCM) programme, including emergency response, crisis management, business continuity and technology recovery. Key steps include understanding recovery priorities and requirements through business-impact analysis, developing continuity strategies and plans and performing regular exercising, testing and maintenance of strategies and plans.
Information and data governance: KPMG’s approach to information governance begins with an intimate understanding of industry issues and business processes. We use a DC2 (Define, Clean, Discover, Change) approach to assess and improve information governance capabilities. Privacy regulations and compliance requirements have exploded in the past few months.
Data privacy and protection services: Our clients are struggling with designing, building and sustaining privacy programmes that meet employee, customer and regulatory expectations. Similar to privacy concerns, corporate retention and disposition obligations are fast evolving and changing. Organisations must develop policies and implement technology enablers to facilitate the effective lifecycle management of records and data.