The impact of cyber incidents has increased exponentially over the past years and is therefore regularly featured in the media. At the moment of discovery, it is important to act quickly and adequately to limit the business impact as much as possible. A cyber incident can impact any organization, small or large, and can have a significant impact on the day-to-day operations. 

Responding to cyber incidents

KPMG's ‘Incident Ready’ cyber response approach is designed to help organizations respond quickly and effectively to cyber incidents. Our approach is closely aligned with the NIST 800-61 standard and includes four major stages: Prepare, Find, Fix, and Close. We offer advisory and incident management services to both the C-suite and operational teams throughout the process, with activities ranging from preparing for potential incidents to closing the incident with a report and insights for future preparation. Our proven approach has been applied to different incidents, and we offer various services throughout the incident response stages.

Explore our services below and contact our experts directly for more information or immediate help.

Incident Response and Recovery Services

Often, various authorities are involved in a cybersecurity incident and ask for insights into the incident. An example is the Dutch Data Protection Authority that supervises the processing of personal data in order to ensure compliance with laws that regulate the use of personal data.

We can support with a root cause analysis on the aspects of people, process and technology and identify what was underlying the situation of the cybersecurity incident that occurred.

Each cybersecurity incident is also an opportunity to prevent similar incidents. We provide a cybersecurity road map and improvement plan to lead to adequate improvement activities that can be executed to improve your cybersecurity posture. These are not limited to technical changes but include elements in governance, people and processes. 

Our TOM solution for incident response is designed to help your organization better prepare for potential cyberattacks by making necessary changes to your current operating model. This includes developing a plan to quickly and effectively respond to incidents and mitigate their impact on your business.

With our TOM, you will have a clear road map to better allocate resources and optimize processes for incident response, which can help minimize the impact of attacks and reduce recovery time. Our tailored solution is designed to meet the unique needs of your organization and to build a culture of change and collaboration, empowering your team to respond to incidents with confidence.

Effective incident response is critical for organizations to minimize the impact of potential cyber threats and ensure business continuity. Runbooks serve as a guide for incident response teams, outlining a standardized set of procedures to follow in the event of an incident. By having well-designed runbooks for different threat scenarios, organizations can ensure that their incident response procedures align with industry standards and best practices. At our company, we offer reviews of existing cybersecurity runbooks as well as assistance in creating new runbooks tailored to the specific needs and threats faced by your organization.

To manage a cybersecurity incident successfully, it is necessary to know exactly which stage the incident is currently at and which actions should be taken at the different stages.

We have experience managing complex cybersecurity incidents from the initial breach until the incident is resolved and improvements have been applied to the IT landscape. This also includes technical support. 

After your business-critical systems have been restored and the incident is contained, we perform a factual investigation into the timeline, extent and root cause of a cyber incident. After obtaining initial insights, we will continue with additional deep-dive analyses based on your requirements.

Depending on the target audience, the simulation format can range from a table-top format based on a fictitious scenario to a customized and contextualized real-life scenario hitting your own infrastructure and crown jewels with ‘real malware’ and engaging all involved teams in your organization and testing your specific crisis-handling procedures.

During the simulation, different events and incidents are unfolded. Decisions taken by the participants determine the direction the crisis develops into. 

For any incident that could hit your organization, exercising is an effective way to be fully prepared. With our realistic cyber crisis training sessions, your IT leadership as well as operational staff/first responders experience a simulated incident and learn how to respond to cyber threats.

We offer a diverse range of cyber training, focusing both on an operational and a strategic level. Our training scenarios can be tailor-made for your specific requirements.  

Meet our experts