Applied intelligence and cyber incident response

Applied intelligence and cyber incident response

By proactively managing the cyber threat, leadership can feel free to achieve their business aspirations



Darren Pauling

Managing Director, Forensic Technology

KPMG Crown Dependencies


Also on

Monitors Above Trading Desk

We believe cyber security should be about what you can do – not what you can’t. Building agility into your cyber security strategy, with the expectation of change and disruption, enables you to architect an environment that is secure by design.

Cyber Incident Response - understanding the threat

It’s a common misunderstanding that attackers gain entry to an enterprise’s system and steal data in one or two simple steps. In reality attackers have had access for months as they plan to exploit, pivot and steal assets. The Cyber Kill Chain details the multiple steps of an attack which can be observed, recorded and modelled during an incident, providing real-time intelligence to break the chain and respond to the threat.

Hardly a week goes by without the press highlighting another data breach or cyber security incident, often resulting in a member of the ‘C suite’ resigning. A recent report by renowned think-tank The Centre for Strategic and International Studies quoted losses of $375 – $575 billion, and suggests that cyber crime might extract up to 20% of the global economic value created by the internet through fraud and espionage.

Intelligence on the intentions and motivations of hacktivists, organised criminals, nation states and insiders enables leadership to position cyber risk as an everyday business consideration to implement a proactive and reactive threat management process. This also exemplifies that cyber security is the responsibility of all within the organisation, with the accountability held at the very top. Understanding that rapid, effective incident response is critical during the first ‘golden hours’ of a data breach ensures decisions are made early onto positively affect the outcome of the whole investigation and can minimise reputational risk.

Feel Free

In order for leadership to feel free in the event of a cyber incident there must be a repeatable, robust and risk managed process that is open and transparent. Knowing the who, how and why of a cyber attack allows for a response which matches the threat and maintains the security, integrity and availability of critical assets.

It’s important to mention that responding to a cyber attack involves looking beyond the technical response. Ensuring staff are trained to deal with the media, how to co-operate with authorities, and how to comply with legal obligations relating to disclosure of customer-sensitive information as a result of a data breach is imperative for a favourable outcome.

© 2021 KPMG LLP a UK limited liability partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organisation please visit

This article represents the views of the author only, and does not necessarily represent the views or professional advice of KPMG in the UK.

Connect with us


Want to do business with KPMG?


loading image Request for proposal

Save, Curate and Share

Save what resonates, curate a library of information, and share content with your network of contacts.

Sign up today