error
Subscriptions are not available for this site while you are logged into your current account.
close
Skip to main content
Submit RFP

      To transform your organisation to be agile enough to adapt quickly to change, you’re making more use of the latest digital technologies. As you do that, you need to understand the cyber threats you face, how to defend against them and how to respond fast if something happens. 

      You face cyber security risks from attackers of all shapes and sizes – from well-funded professional cyber criminals to bedroom hacktivists. And they’re not the only cyber threats. User error – someone clicking on a malicious link in an email – remains one of the most common causes of a data breach.

      Governments and regulators understand the risks and are raising the regulatory barrier year on year. Get cyber security right and you’ll have the confidence to embrace new opportunities. Get it wrong and the costs could be significant – fines, disruption and reputational damage.

      We work in collaboration with you to put in place robust strategies, organisational transformation initiatives, cyber defences and cyber response capabilities. And our cyber security professionals don’t just recommend solutions, they’re there to help you implement them.

      Martin Tyley
      Martin Tyley

      Partner, Global Lead Cyber Risk Insights

      KPMG in the UK

      Subscribe to cyber security insights

      Our cyber security services

      How do I balance protecting data with accessibility? What cyber security measures should I invest in and how can I measure ROI? How can I mitigate the risks? And how do I ensure our business is back to normal as soon as possible after a cyber attack?

      We can help you answer these questions and support you with everything from penetration testing and privacy strategy to access management and cultural change.

      We work with our clients throughout the Security Operations Centre (SOC) lifecycle to overcome the current security operations challenges, increasing the maturity of security incident response models within an organisation.

      Benefits to clients:

      • Help define vision and the requirements for security operations; define strategy for realising the vision and the Target Operating Model (TOM) for SOC
      • Strategic sourcing assistance for different tools and TOMs (in-house, hybrid or external)
      • Implementing an effective security operations capability
      • Deliver activities to enhance operations
      • Transform a sub-optimal SOC into an effective and high performing capability
      • Identify key processes which are ripe for automation, streamline workflows and Implementing automation and orchestration capabilities using ServiceNow SecOps 

      Typical client challenges:

      • Lack of workflow integration
      • Disparate security tools
      • Incomplete risk profile
      • Lack of business/IT context
      • Responders are overwhelmed
      • Ineffective incident response

      Resilience refers to an organisation’s ability to anticipate, prepare, respond and adapt to sudden or gradual disruption. We primarily work with clients in the prepare and adapt domains, supporting them from strategic level to operational level, and develop both their technology resilience and enterprise (business) resilience.

      Benefits to clients:

      • Align business expectations with actual resilience
      • Achieve compliance or alignment with regulation and standards
      • Coherent, organisation-wide plans for continuity, response and recovery
      • Validation of resilience preparedness against objectives
      • Provide roadmaps for developing resilience maturity

      Typical client challenges:

      • We want to understand our resilience maturity and benchmark ourselves against peers
      • Our board has asked for assurance around our ability to respond to a cyber attack
      • We managed through the pandemic - but businesses are facing a range of different threats now
      • We have recently been a victim of an incident. How can we identify and track learnings from this incident?

      We help clients improve the security posture of their applications, systems, networks and products by identifying technical vulnerabilities and demonstrating how they can be exploited. We do this in support of our clients improving their security posture, gaining certification or accreditation.

      Benefits to clients:

      • Identify system vulnerabilities, enabling effective protection of systems and data
      • Determine an organisation’s ability to detect and respond to cyber attacks
      • Enable the certification and accreditation of systems and products to government standards

      Typical client challenges:

      • I need to understand my security operations centre (SOC’s) ability to detect and respond to cyber attacks
      • We need to make sure if our web application is safe before launch
      • We need to determine what vulnerabilities exist in our systems
      • I need to gain accreditation or certification for my product or system

      Data privacy and protection regulations bring strict compliance requirements from regulators around the world. We support our clients on their compliance journey to protect personal data, respect individual rights and enable compliant use of data from both advisory and technology perspectives.

      Benefits to clients:

      • Improve regulatory compliance position and privacy governance
      • Better understanding of privacy risk, know your data, and what is processed and shared
      • Optimise operating models
      • Provide ‘best practice’ policies and controls
      • Automate privacy processes
      • Ensure compliant international transfer of data
      • Ability to identify and delete unnecessary data

      Typical client challenges:

      • We ran a GDPR programme in 2018 but we do not know how compliant we are now with latest regulations
      • We have privacy policies but do not know to what extent are they operationalised in the business
      • We are not sure if we have the best operating model for Privacy. What are our peers doing?
      • How can technology help to automate and remediate privacy processes?

      Cyber strategy

      We work with clients to assess, design and deliver their cyber security strategies, aligned to their current and future business, technology and regulatory environments. We support both the design and delivery of cyber target operating models, focusing on value delivery and quantifiable risk reduction.

      Cyber risk

      We work with clients to identify and manage cyber risk, benchmark security posture against peers and assess compliance with good practice, regulation and global standards.

      Benefits to clients:

      Cyber strategy

      • Identify and understand cyber risk position
      • Provide insights to plan risk-led improvements and remediation
      • Increase value of an investment at exit
      • Reduce loss of value across private equity (PE) portfolio

      Cyber risk

      • Identify and understand cyber risk position
      • Provide insights to plan risk-led improvements and remediation
      • Increase value of an investment at exit
      • Reduce loss of value across private equity (PE) portfolio

      Typical client challenges:

      Cyber strategy

      • Which investments should I prioritise within my cyber capabilities to have the greatest impact?
      • What steps should I take to plan and secure investments in new technologies?
      • What are others doing to manage cyber risk?
      • How can I best make use of limited cyber budget and resources while keeping pace?

      Cyber risk

      • We ran a GDPR programme in 2018 but we do not know how compliant we are now with latest regulations
      • We have privacy policies but do not know to what extent are they operationalised in the business
      • We are not sure if we have the best operating model for Privacy. What are our peers doing?
      • How can technology help to automate and remediate privacy processes?

      Cyber Risk Insights (CRI) is a one-stop Cyber Risk Quantification (CRQ) SaaS solution to transform how you measure cyber risk, in financial terms. It takes a scenario-driven approach to more accurately assess the likelihood and impact of cyber-attacks.

      KPMG has brought together its experience from Cyber Incident Response, Cyber Defence Services, Threat Intelligence, Actuarial Science and Data Modelling to build this game-changing solution.

      CRI combines 10+ years of cyber risk quantification expertise with best-in-class native visualisations and modelling all in one Cyber Risk Quantification (CRQ) solution. We’ve been recognised by Forrester as a ‘Leader’ in their latest CRQ Wave and the only major professional services firm to offer its own full-featured CRQ solution.

      How we help our clients:

      • Build confidence in cyber risk position against risk appetite
      • Identify and prioritise the most effective cyber security investments
      • Inform the development and refinement of a client's cyber security strategy
      • Determine the appropriate level of cyber insurance coverage
      • Quantify the cyber risk associated with mergers and acquisitions
      • Quantify cyber risk exposure of an organisation's supply chain and identify the riskiest suppliers and compare with other risks in the organisation
      • Understand where the client’s cyber risk exposure benchmarks, against their peers

      In our fast-changing, hyper connected digital world evermore people are affected by cyberattacks. Our Cyber Response Services (CRS) team enables businesses and organisations to respond and recover as quickly as possible with minimum disruption to normal activities.

      Benefits to clients:

      • Respond – retained cyber response capability on stand-by
      • Recover – access to recovery experts
      • Readiness – prepare for the worst with experienced consultants
      • Access to legal, communications and other technology experts

      Typical client challenges:

      • How to meet compliance and financial reporting obligations for UK internal controls (UK SOx) systems?
      • How to manage and govern access across applications?
      • How to manage joiner, mover, leaver processes?
      • How to manage my organisational workforce including full-time equivalents (FTEs), contractors and managed service providers (MSPs)?

      Identity and Access Management (IAM) is a fundamental control to protect organisations against cyber threats and to protect sensitive data. Our IAM team ensures that the right people have access to the right systems at the right time by managing the user lifecycle journey within an organisation.

      Benefits to clients:

      • Compliance with external audit and regulatory standards
      • Improve user experience
      • Enhance security
      • Ensure robust business enablement and automation
      • Increase operational efficiency
      • Protection against cyber attacks
      • Adapt to remote and fungible workforces

      Typical client challenges:

      • How to meet compliance and financial reporting obligations for UK internal controls (UK SOx) systems?
      • How to manage and govern access across applications?
      • How to manage joiner, mover, leaver processes?
      • How to manage my organisational workforce including full-time equivalents (FTEs), contractors and managed service providers (MSPs)?

      The four questions every public sector leader must answer.

      Discover more

      Operational technology vs conventional IT.

      Discover more

      Providing everything from preparation, response, recovery, management and post-incident support in the event of a cyber-attack.
      Discover more

      Find out more about how Raj is tackling Phishing in the NHS

      Our consulting insights

      Innovating Supply Chain Assurance

      Combining data insights, technology, and process enhancements to embed resilience and continuity of operations

      Discover more
      Person looking at a laptop

      Something went wrong

      Oops!! Something went wrong, please try again

      Our people

      MTD

      Get in touch

      Discover why organisations across the UK trust KPMG to make the difference and how we can help you to do the same.

      Contact us