Share with your friends

Applied intelligence and cyber incident response

Applied intelligence and cyber incident response

By proactively managing the cyber threat, leadership can feel free to achieve their business aspirations



Darren Pauling

Managing Director, Forensic Technology



Also on

Monitors Above Trading Desk

We believe cyber security should be about what you can do – not what you can’t. Building agility into your cyber security strategy, with the expectation of change and disruption, enables you to architect an environment that is secure by design.

Cyber Incident Response - understanding the threat

It’s a common misunderstanding that attackers gain entry to an enterprise’s system and steal data in one or two simple steps. In reality attackers have had access for months as they plan to exploit, pivot and steal assets. The Cyber Kill Chain details the multiple steps of an attack which can be observed, recorded and modelled during an incident, providing real-time intelligence to break the chain and respond to the threat.

Hardly a week goes by without the press highlighting another data breach or cyber security incident, often resulting in a member of the ‘C suite’ resigning. A recent report by renowned think-tank The Centre for Strategic and International Studies quoted losses of $375 – $575 billion, and suggests that cyber crime might extract up to 20% of the global economic value created by the internet through fraud and espionage.

Intelligence on the intentions and motivations of hacktivists, organised criminals, nation states and insiders enables leadership to position cyber risk as an everyday business consideration to implement a proactive and reactive threat management process. This also exemplifies that cyber security is the responsibility of all within the organisation, with the accountability held at the very top.Understanding that rapid, effective incident response is critical during the first ‘golden hours’ of a data breach ensures decisions are made early onto positively affect the outcome of the whole investigation and can minimise reputational risk.

Feel Free

In order for leadership to feel free in the event of a cyber incident there must be a repeatable, robust and risk managed process that is open and transparent. Knowing the who, how and why of a cyber attack allows for a response which matches the threat and maintains the security, integrity and availability of critical assets.

It’s important to mention that responding to a cyber attack involves looking beyond the technical response. Ensuring staff are trained to deal with the media, how to co-operate with authorities, and how to comply with legal obligations relating to disclosure of customer-sensitive information as a result of a data breach is imperative for a favourable outcome.

© 2020 KPMG LLP, a UK limited liability partnership, and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.

KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.

This article represents the views of the author only, and does not necessarily represent the views or professional advice of KPMG in the UK.

Connect with us


Want to do business with KPMG?


loading image Request for proposal