KPMG in India has expertise across the continuum — from the boardroom to the data centre. In addition to assessing your cyber security and aligning it to your business priorities, we can help you develop advanced methodologies, implement them, monitor ongoing risks and help you respond effectively to cyber incidents. So, no matter where you are on the cyber security journey, we can help you reach the destination.
Latest insights
Driving growth with Cyber Security trends
- CII CFO Roundtable
- Digital Personal Data Protection Act 2025
- Emerging risks in cybersecurity: IT and OT environment
- Emerging risks in cybersecurity
- India Mobile Congress 2025
- Cert-In pivots cybersecurity audits to threat readiness
- Technology, Media & Telecommunications
- Sailpoint identity day
- UPSI Breakfast Session
- Sumit Kapoor
- Ummehaani
Businesses today face rapid, unpredictable changes: new products, regulatory shifts, talent competition, ESG, and tech transformation. The pace of “unknown unknowns” or “Black Swan events” is accelerating at an unprecedented pace. Naturally, traditional risk models find it difficult to keep up with that pace as they assume stability and predictability in businesses and operating landscape. AI is emerging as a new risk nervous system helping with fraud detection, cyber defence, supply chain resilience and more. Future operating model of risk management must consider the four-dimensional lens of probability, severity, interconnectedness, and velocity; which helps with real-time intelligence and simulation of multiple futures.
At KPMG we continue to assist our clients stay ahead of the curve through our AI led risk management capabilities – converting noise to signals and doubts to trust.
Third-Party Risk Management (TPRM) has traditionally been fragmented and siloed across departments, sometimes reduced to check-in-the-box compliance. As supply chains are more interconnected and interdependent today, by integrating ESG, regulatory, reputational, cyber and financial risk parameters into a unified framework, organisations can move from reactive to predictive risk management. However, challenges remain: data quality and availability, integration with legacy systems, regulatory compliance and explainability, and change management. Overcoming these hurdles with Artificial Intelligence makes it possible to connect the dots across all risk types, so companies can stop playing catch-up and start leading with confidence, trust, and adaptability.
- Atul Gupta
- Nitin Shah
DPDPA rules build on the pragmatic approach adopted while publishing the act, which is evident from the additional considerations for significant data fiduciaries and prioritising identified industry segments. These rules will enable addressing the wider issue that the citizens and consumers face today of mass data proliferation across digital channels and need of adequate protection around digital data. Having a data protection board shall lead to stronger enforcement and will go a long way in addressing the vision as part of Digital India and Viksit Bharat.
Nitin Shah
Partner, DT-Cyber Strategy and Govn
KPMG in India
The Digital Personal Data Protection Act empowers India Inc to put customers at the heart of digital transformation. By giving individuals greater control over what data is processed, why it’s processed, and how outcomes are delivered, organisations can build trust as the foundation for innovation and growth.
Generative AI brings immense promise, but trust will depend on going back to the basics. It starts with solving the right problems, using the right data, and understanding the risks that extend beyond security. True confidence in AI comes from human validation, cross‑functional collaboration, and compliance with emerging regulations. Building trusted AI is not a choice for tomorrow, it is a responsibility for today.
𝗧𝗿𝘂𝘀𝘁 𝗵𝗮𝘀 𝗯𝗲𝗰𝗼𝗺𝗲 𝘁𝗵𝗲 𝘁𝗿𝘂𝗲 𝗰𝘂𝗿𝗿𝗲𝗻𝗰𝘆 𝗼𝗳 𝘁𝗵𝗲 𝗱𝗶𝗴𝗶𝘁𝗮𝗹 𝘄𝗼𝗿𝗹𝗱. It reminds us that security, privacy, transparency, and responsible conduct are not optional; they are the foundations on which lasting digital relationships are built.
Cyber resilience: Building a nationwide threat intelligence and response ecosystem
In a constantly evolving connected world, the need to collaborate in cyber is fundamental. Building a unified intelligence and response ecosystem allows to detect, analyse and be proactive in managing cyber threats that enables in securing digital ecosystem which powers the digital economy of the country.
Indian enterprises have recognised the impact due to cyber risk, and the recent spate of cyber incidents has further heightened the sensitivity. The Cert-In guidelines are timely and comprehensive. It is heartening to see the inclusion of attack vectors like VPNs, supply chains, and access controls, which have been repeatedly exploited in recent breaches. With hyperconnected applications, multi-cloud adoption, and AI-enabled platforms growing rapidly, security audits must now be conducted by teams that understand threat exposure and can apply professional judgment.
TMT industry is at forefront of digital innovation and rapidly adopting technologies to derive business value. The dynamism demands CISO to address the evolving cyber threats landscape and have a proactive and strategic approach. Cyber leaders are pivoting to establish Trust and thereby enhance the competitive positioning of organisations.
In the digital age, experience is everything - and a badly implemented identity management can destroy it. Today, identity is not just a shield against threats; it’s an accelerator for business and a foundation for trust. The true differentiator isn’t just the technology we use, but how we apply it with purpose and context. Identity, when managed wisely, transforms risk into opportunity and security into a seamless experience.
UPSI has become increasingly critical in today’s corporate and regulatory environment. In an era of heightened scrutiny and fast-paced market movements, the way organisations identify, manage, and safeguard sensitive information can significantly impact their reputation, stakeholder trust, and legal standing. Organisations need to strengthen the key pillars of people, process and technology, and implement systems and controls to effectively safeguard themselves.
