The number of legislative and regulatory requirements regarding cyber security is rapidly growing and taking a heavy toll on global organizations. The need to increase efficiency and secure compliance to various cyber security regulations and requirements is now a pressing matter and at the top of the agenda for many of our global clients. 

- We at KPMG recommend that centralized capabilities are designed, implemented, and managed in a way that enables the organization to adhere to these regulatory requirements regardless of their origin. We see many organizations still working in silos, trying to implement cyber security related capabilities in a fragmented way, often without regard for neighboring business areas. There is a clear opportunity for increasing operational efficiency and empowering the employees while still adhering to strict requirements, says Visar Lapashtica, Head of Cyber Security at KPMG. 

A lot of the regulations and directives demand a systematic approach to topics such as incident response, business resilience, access management and third-party management.  

- We support our clients in establishing these components as centralized capabilities, enabling a significantly more streamlined way of working. Reporting the level of adherence to supervisory authorities is also made significantly easier as it follows the same capabilities.  We believe that this is the way forward and advise our clients to continue exploring areas where there is room for synergies and efficiency.