Cyber solutions for the mid market

Your cyber security team, when you need us.

The average cost of a cyber attack to a business is $274k^, yet almost half of businesses only spend $500 a year protecting their business.*

Australian consumers are becoming more concerned about cyber security, and trust in a company's ability to protect their information is becoming a key decision maker in who they do business with.

Cybercrime is currently believed to cost Australians more than $1 billion every year, and businesses in both the private and public sector have been compromised. This heightened risk environment, coupled with increased regulatory requirements, means that cyber security needs to be a key priority and area of concern for organisations, and it's not just IT departments that are bearing the burden. Boards, audit committee and executives are responsible for ensuring and demonstrating to customers, employees and all stakeholders and regulators that appropriate safeguards are in place.

Cyber is a whole-of-business concern.

KPMG's specialised cyber solutions offering is tailored to help private, mid market and family business outpace cyber threats and protect their most important assets - their customers, their business, their people and their data. Our dedicated cyber team can help our clients implement the building blocks for a cyber resilient organisation so they have the confidence to focus on what will truly make an impact and help them succeed.


  • 65%

    of Australia business were interrupted due to breach in 2020.^

    ^ Telstra Security Report 2019, Telstra
  • 44%

    of employees have put their company at risk of a cyber attack.#

    # Compare The Market
  • 1051

    Is the number of data breaches as reported to the Office of the Australian Information Commissioner between January 2020 through to December 2020.*


What are the benefits?

  • Cyber governance and transformation

    Establish compliant and secure cyber security foundations through a cyber transformation program that includes a data and legal framework review and capability uplift.

  • Threat and intelligence management

    Detection and real-time response to threats and cyber incidents, including security testing, cyber analytics, incident response and SOC/SIEM capability uplift.

  • Data and identity protection

    Practical and affordable technical and business solutions to address areas such as privacy and data protection, identity management, and access management.

Our specialised cyber solutions and services

  • Cyber health check

    Cyber health check

    An objective assessment of your cyber risk profile in the context of the current threat landscape to help you identify and remediate any security control gaps and risks. This may also help you to prioritise the future investment to enhance business risk reduction.

    Expected outcomes of a Cyber health check include:
    1. An agreed risk appetite statement that reflects your risk tolerance.
    2. A clear view of the cyber threats that you face.
    3. How these cyber threats translate into risks for you based on your information assets combined with the control environment.
    4. An assessment of your cyber control maturity using KPMG Cyber Maturity Assessment (CMA) framework that is based on industry standards (ISO, NIST).
    5. A tangible and executable roadmap of cyber uplift activities, which are prioritised based on the risk reduction.
  • Incident response

    Incident response

    A cyber incident can happen to anyone, any time. We can offer you specialised incident response services to help effectively and efficiently respond to an incident and get you back up and running as quickly as possible and comply with your obligations.

    Prior to detecting an incident

    Incident Response readiness services help you to prepare for the inevitable cyber security incidents. We can assess current capabilities, test them using table top exercises or in-depth technical war games and help build any identified capability gaps. We can work with you to be prepared, strengthen your defences and identify who to call and the chain of command. This helps you to mitigate the impact of and effectively respond to cyber attacks.

    When an incident is detected

    Tackle incidents of high complexity by providing wide support during incidents, ranging from incident response and management and digital forensics, to assistance dealing with regulatory matters, remediation, communication. We understand that the highest priority for you during cyber incidents is to continue with or return as soon as possible to business as usual with minimal impact. KPMG’s in-depth industry experience and familiarity with your business helps provide targeted and practical advice.

    Compliance audits

    Post a cyber incident: Provide full post-incident support to you so that operations can return to normal mode with least cost and impact and manage identified risks as a result of the incident. We can also follow a cyber attack with a thorough analysis of root cause and improvement recommendations.

  • Virtual CISO services

    Virtual CISO services

    As you go along your journey of implementing the changes put forward by a cyber capability uplift roadmap, you may need specialised advice or support in certain areas. We provide a service that allows you access that specialised advice/support from us, as and when you need it.

    Support we can offer:
    • Cyber strategy review and development.
    • Cyber risk management.
    • Cyber capability uplift.
    • Cyber threat management.
    • Business resilience.
    • Incident management.
    • Data protection and data privacy;
    • Cyber and data governance and board reporting; and
    • Cyber operation management and vendor management.
  • Cyber security governance, risk & compliance management

    Cyber security governance, risk & compliance management

    We can help you in understanding and meeting your regulatory, contractual and compliance obligations (CPS 234/PCI etc.) in relation to cyber security. We can support you with targeted reviews, full scope audits and advisory projects to meet your compliance requirements through the below services.

    Cyber governance and controls advisory

    We can help you understand what effective cyber security governance and risk management tools should look like taking into account your specific requirements and needs. We can also assess your control design and advise on any uplifts to fit-for-purpose controls.

    Management analysis

    Targeted analysis of one or more areas of cyber security, performed either as internal audits or standalone reviews, to provide you and your stakeholders with insights into what is working and what is not.

    Compliance audits

    We can help you assess your compliance to a set of requirements – contractual, regulatory, legislative. This may be necessary for you to complete as part of a mandatory filing, because you want to work with a client that requires this as part supplier governance or because executives want to demonstrate to market how cyber secure you are.

Meet the team

  • Linda Chai
    Linda Chai
    Partner, Enterprise Cyber Lead, KPMG Australia

    Linda has more than 20 years of experience working across roles in strategy, operations and technology. Her broad, hands-on experience allows her to bring an integrative and pragmatic perspective to digital transformation programs.

  • Sarah Cain-Frost
    Sarah Cain-Frost
    Partner, Enterprise Risk Consulting, KPMG Australia

    Sarah leads Enterprise's Risk Consulting practice. She has over 12 years' experience providing professional services to a range of clients including listed entities in the ASX 300+, private companies, large multi-nationals, local government, not-for-profit and indigenous businesses.

  • Gordon Pereira
    Gordon Pereira
    Director, Enterprise Risk Consulting, KPMG Australia

    Gordon specialises in conducting internal audit, governance, risk and compliance reviews and has worked in each line of defence. He has a deep understanding of technology and cyber risks and the changing digital landscape.

  • Gergana Winzer
    Gergana Winzer
    Partner, Enterprise Advisory – Cyber, KPMG Australia

    An IT and cybersecurity professional, Gergana works with clients to develop creative approaches to reduce their cyber and data security risks. She assists organisations to improve their cyber security posture and supports them to achieve cyber resilient outcomes.

Find out more

Fill in your details and one of our cyber team will get in touch to discuss how we can help you outpace cyber threats.

What is your enquiry about?

KPMG will collect your personal information you provide for your enquiry. By continuing with your enquiry you agree that KPMG may handle your personal information in accordance with the KPMG Privacy Policy.

Check the box if you agree: