Analyzing and assessing cyber security risks over the next decade will become increasingly difficult due to the complexity of threatened ecosystems and the expansion of attack surfaces and vectors.

Technologies are posing new and increasing risks to businesses, diluting the traditional perimeters and pushing companies to rethink current models and implement agile approaches to address cyber security from all possible angles.

By keeping up to date on the latest trends and best practices in cyber security, we are prepared to accompany you on your journey to being cyber ready in this new reality. To get started, we have identified two key areas to help you strengthen your cyber security program:


Cyber trends 2021

Companies spent an additional USD 15 billion per week overall on technology to enable secure home working during the first wave of COVID-19 (source: Harvey Nash / KPMG CIO 2020). Cyber risk is now considered one of the major risks that organizations need to address.

Discover the views of our professionals on the key cyber considerations that will shape the way we approach security in the new reality and beyond.


Cyber security divider


Identity & Access Management

At a time of increasing speed of technological disruption, there are significant challenges with stringent regulatory requirements and ever evolving threats to sensitive assets and information. The cyber capability that holds the key to securing data assets and reducing the risk of data breaches is effective identity and access management (IAM).

To help you accelerate your cyber identity and access management transformation, we have designed an outcome-driven business transformation solution that combines deep identity and access management knowledge, delivery capability and leading technologies to drive sustainable change and create lasting value.

Four drivers have led us to change the way we approach IAM:

  1. Move to cloud – more apps operate in the cloud and require a new IAM solution;
  2. Demand for digital products – they need to be simple and meaningful, like ordering groceries or a taxi on your mobile phone;
  3. Increased regulatory outreach – IAM is back in the cross hairs of both financial auditors and regulators;
  4. Insiders are still the weakest link, and most cyber incidents we see end up using access rights.


For KPMG, IAM is not just about the technology - it’s about working effectively and sustainably. It’s 20% tech, and 80% process and people. Our motto is “seeing is believing” and we bring this to our clients on day one. Together with SailPoint, we offer effective IAM focused on an outcome-driven transformation of your business with real, long-lasting change.

Identity is a broad concept

In most cases, organizations think of the management of personnel and external employees. It is crucial here to grant the correct access rights, and to provide guarantees that accumulated rights cannot lead to security problems. KPMG is currently helping numerous companies to correctly position those "workforce" identities in the context of new ways of working.

Another trend that we are working on is consumer identity and access management. These are also types of identity but the approach to managing them is completely different. Working together with our clients, we want to give consumers the opportunity to consult their online services quickly, securely, and in an integrated manner.

Finally, there is a third form of identity management that we as a company strongly focus on, namely internet-connected devices and appliances that fall under the category of ‘Internet of Things’ (IoT), better known as IoT devices. According to our Identity Architect, there are 8 billion people on the planet today, and 11 billion smart devices already in operation. Cautious estimates suggest that there will be 30 billion smart devices up-and-running by 2030. If those devices are linked to us, they will likely have access to our biometric data, location, financial data, and so on. The revolution that the Internet has caused will happen once more, but now through the ecosystem of IoT devices that we use in our daily lives. And there too, correct access control will become crucial.

During the following weeks we will publish a series of in-depth articles on each of the domains mentioned above, covering Workforce Identity Access Management, Consumer Identity Access Management, and Identity of Things.