Cyber Risk Insights Software

a KPMG Product

Quantify, manage and mitigate risks for a cyber resilient business

Cyber risk management and quantification software

Do you really know how exposed you are to cyberattacks? Our Cyber Risk Insights software takes a scenario-driven approach to assess the likelihood and impact of cyber attacks more accurately. Adopting risk quantification helps articulate your risk exposure in business terms to the board, and prioritise defence capabilities and controls that maximise risk reduction.

How our Cyber Risk Quantification Software helps you


Make defensible, data-driven decisions Cyber Risk Insights helps you get articulate your organisation’s cyber risk exposure, and demonstrate understanding through the use of threat modelling and risk quantification.


Defence, strength and simulation analysis Risk quantification and simulation analysis, you test the effectiveness of existing security measures, identify potential weaknesses, and refine your cyber resilience strategy.


Strengthen your investment case Using our cyber risk quantification software, you will be able to measure how your planned investments will impact your risk position. Cyber Risk Insights cost-benefit analysis demonstrates the potential risk reduction achieved from your cyber strategy..


This is great – I want the world to see this. This is quantitative risk that anyone can do.

Senior Cyber Risk Engineer
Global Technology Company


We spoke with a number of potential vendors to help us enhance our cyber risk quantification capability, but selected KPMG based on their knowledge and hands on experience in this space

Major UK Bank

How our cyber risk quantification software benefits your business

Boost Cyber Resilience

  • Make data-informed decisions on risk mitigation

  • Focus on controls that maximise risk reduction

  • Spend more time taking meaningful action

Articulate Risk Strategically

  • Align your cyber strategy with business objectives

  • Quantify your risk exposure

  • Demonstrate the cost-benefit of decisions made

Make it happen with Cyber Risk Insights


Yes. Cyber Risk Insights (CRI) lets you easily conduct quantitative risk assessments.

KPMG Cyber Risk Insights can help you with:

  • Quantifying cyber risk - To build confidence in your cyber risk position in alignment with your risk appetite, using quantitative analysis.
  • Prioritising investments - To identify and prioritise the most effective cybersecurity investment(s) using quantitative analysis.
  • Cyber strategy - To inform the development and refinement of the organisation's cyber security strategy using quantification.
  • Cyber insurance coverage - To determine the appropriate level of cyber insurance coverage based on a quantitative analysis of risk.
  • Mergers & acquisitions - To quantify the cyber risk associated with a potential merger or acquisition.
  • Critical vulnerability - To quantify the organisation's exposure to a critical vulnerability / zero day (e.g. Log4j).
  • Third party risk - To quantify cyber risk exposure within the supply chain and identify the most risky suppliers that may require additional oversight.
  • Materiality - To define what constitutes a material impact cyber incident, predict the likelihood one happens, and be able to identify when an incident reaches this threshold
  • Operational resilience - To use quantification to inform the prioritisation of remediation activities associated with operational resilience and important business services, focusing on impact reduction.

Yes Cyber Risk Insights is a cyber risk quantification tool that lets you quantify, manage and mitigate cyber risks efficiently to help sustain business performance.

We wanted to make cyber risk quantification as easy to adopt as possible, and accessible to businesses of all maturities, sizes, and industries. By bringing together KPMG's vast experience in cyber, actuarial, data, and technology and packaging it into a powerful insights platform we created KPMG Cyber Risk Insights. A cyber risk quantification and management software with minimal lead times, no development or implementation, and no upfront fees. We are a team of over 50 cyber, data and product experts, passionate about solving business problems with data.

There are 12 standardised cyber threat scenarios in Cyber Risk Insights. There is also the ability to create custom threat scenarios.