KPMG South Africa’s Cyber Security team assists organisations in transforming their security, privacy and continuity controls into business-enabling platforms while maintaining the confidentiality, integrity and availability of critical business functions.

The KPMG Cyber approach is designed to be simple, effective and most importantly, aligned with the business needs of our clients.

Our services are segmented and supported by specialised teams, providing our clients with the right resources for any particular cyber-related need. Below is a breakdown of service offerings and our approach to cyber security:

Prepare: Helping clients understand and improve their current state of preparednes against cyber-attacks, which includes services such as:

• Cyber Readiness Assessment
• Cyber Strategy and Transformation
• Cyber Governance and Resilience
• Data Governance and Privacy
• Emerging Technology Risk Assessment
• Threat Modelling
• Cyber Defence Architecture Design

Protect: Helping clients design and implement their cyber defence infrastructure, including services such as:

• Identity and Access Governance
• Cloud Service and Cloud Provider Assessments
• Vulnerability Management
• Secure Application Development Services
• Data Leakage Prevention Services
• Critical Infrastructure Services
• Secure SDLC

Detect and respond: Helping clients maintain visibility of their cyber weaknesses, and respond to cyber-attacks, including services such as:

• Cyber Operations and Incident Response
• Vulnerability and Penetration Testing
• Platform and Network Security Assessments
• Threat Detection and Intelligence Services
• Cyber Asset Inventory Services
• Post Breach Investigation

Integrate: Helping clients embed cyber security into the culture and decision making of the organisation, including services such as:

• Cyber Security Awareness
• Cyber Incident Simulation
• Red Team/Blue Team Exercises
• Cyber in the Boardroom Services

Sooner or later any cyber defence will be breached. Organisations need to develop cyber resilience, a continuum of tested processes that enable it to respond appropriately to incidents of all sizes, including those which escalate and threaten the survival of the organisation itself. Focusing on technology alone to address these issues is not enough. Effectively managing cyber risk means putting in place the right governance and the right supporting processes, along with the right enabling technology.

Having worked with major organisations from across various industries in South Africa and across the globe including financial services, healthcare and the public sector, KPMG’s cyber team can help your organisation be cyber resilient with the end-to-end management of cyber security threats. We can help your organization prevent, detect and respond to cyber threats.

We understand the cyber threat landscape and the necessary actions your organisation needs to take to be in a defensible position.

KPMG’s Information Protection and Business Resilience (IPBR) team offers a range of services, including:

• Data Loss (crown jewels, customer information, trade secrets)
• Identity and Access Management

Our recommendations and technical strategies are based solely on what is fit and appropriate for your business. KPMG in South Africa is not tied to any technology or software vendor.

KPMG member firms have a long list of certifications and permits to work on.

• Business Continuity and IT Disaster Recovery Assessments and Implementation
• Privacy and POPI Assessments and Implementation
• IT Governance
• Information Security

To learn more about how we can help your organisation be cyber resilient, please contact us. In South Africa, we have 1 ISO 27001 Lead Auditor and 5 ISO 27001 Lead Implementers.

KPMG is a global network of member firms with over 174,000 professionals in 155 countries with over 2,700 security practitioners globally, giving member firms the ability to orchestrate and deliver to consistently high standards worldwide. KPMG’s regional practices can service your local needs from information security strategy and change programs, to low level technical assessments, forensic investigations, incident response, training and ISO27001 certification.