“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Sun Tzu, The Art of War
In today's business environment, cyber security is a business imperative
In today's business environment, cyber security is not just a technical issue, it is a business imperative. According to the recent KPMG 2015 CEO Outlook Study, which surveyed over 1,200 chief executives, half of the CEOs reported that they are not fully prepared for a cyber event. Yet, cyber security was named by 20% of respondents as one of the top five risks—right behind the related issues of third party and supply chain risks.
In the past year, cyber attacks have increased dramatically as companies are failing to take the appropriate preventative steps. In 2014, Luxembourg’s Computer Incident Response Center (CIRCL) received 83,610 reports of cyber attacks in the Grand Duchy. That figure rose 18 times compared with the 4,500 incidents reported in 2011. According to CIRCL, half of these attacks were attributed to cyber criminals attacking companies and individuals for financial gain.
By making cyber security part of your corporate strategy and culture and by establishing positive management practices, we believe you will be best positioned to manage risk, protect yourself and your business, and to deliver to your customers and stakeholders results that are not only effective and efficient, but also secure.
Understanding the who, what, and why behind a cyber attack is the primary prerequisite in understanding the enemy. You and your business can and will survive on the mean streets of the internet provided you understand the risk environment, know your weaknesses, understand the risks, and make intelligent decisions to carefully avoid, mitigate, and accept risk. Thus, IT Security Risk Management provides business leaders with the confidence, knowledge, and understanding to make informed cyber decisions. Consequently, they are able to reduce the likelihood and impact of incidents and make the most of strategic opportunities.
How we can help - our services include, but are not limited to:
- Penetration Testing: Evaluating a company's security level - from an attacker's point of view. This is done by exploiting uncovered vulnerabilities by simulating the means criminals would choose. As the information system is not limited to technology, penetration testing also evaluates people’s and processes’ vulnerabilities.
- Digital Trust: Digital trust is about building loyal consumers and brand advocates. It is about saying “Stick with us, we’ll look after you.” Without trust, consumption of a service is just a means to an end, a one-time event. With trust, it is a powerful tool for generating new revenue streams and building lifelong relationships.
- IT Forensics: KPMG's Forensic team helps clients to protect their business from fraud, misconduct and non-compliance by providing preventive, detective, investigative, and responsive services.
- E-Discovery and Document Review: This field consists of litigation and investigation support activities such as due diligence exercises and data privacy reviews. KPMG's E-Discovery team can help ensure immediate and convenient access to evidence for review, irrespective of format and volume.
- Incident Response: How should your company react after noticing a cyber security event? KPMG offers advice on issues such as communication to stakeholders, further investigation, and prevention of future occurrences.
KPMG's Information Protection professionals are able to help you to protect your invaluable information assets by assisting you in developing processes and incorporating a full lifecycle approach. This includes assessment, architecture, implementation, and monitoring services to help ensure that your information is safe and secure.