Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Speed, Scale and Trust

On-call services‒Cyber & Fraud Response

speed, scale and trust

The news is ripe with articles about companies involved in incidents of fraud and misconduct that suddenly face regulatory inquiries requiring large-scale evidence discovery efforts. More and more companies are victims of large-scale cyber-attacks, costing them millions in ransom payments, crippling their infrastructure, and destroying trust. COVID-19 and the increase in employees working remotely without strong security or using unapproved data storage devices has propelled both cyber-attacks and less than effective data identification and management protocols. 

The hard truth of today’s environment is that everyone needs to be mindful of their safety.

From global multinationals to smaller non-profit companies, fraud, regulatory enforcement, and cyber-crime can affect all organizations, no matter the size.

On-call services – Cyber & Fraud Response

When you need to move quickly

A rapid response to allegations of fraud, regulatory data requests, and cyber breaches is critical and often complex, especially if the incidents are reported in a company’s foreign operations. Having resources with the right skills set, fluency in the local language, knowledge of local customs, and the ability to be deployed within hours is a tall order for any organization. To improve response time, efficiency and costs, many organizations are proactively establishing collaborative relationships with KPMG.

What can we do to help?

KPMG On-call services are designed to comprehensively address clients’ forensic, regulatory, and cyber needs. Our On-call services help clients reduce risk, proactively identify threats, and develop long-term strategies for addressing fraud, misconduct, regulation, and cyber-attacks, while providing immediate access to experienced KPMG professionals.

  • Expertise at scale

    • KPMG provides access to deep forensic and cyber capabilities around the world. Our highly collaborative global team consists of multi-language subject matter professionals who reside in more than 100 countries, and we are committed to delivering with consistent processes that may be accepted by local regulatory bodies.
    • Our data-driven approach includes access to extensive global databases, intelligence analytics, and trained resources. We provide market-leading insights and artificial intelligence (AI)-enabled solutions to help you challenge the norm and drive better outcomes.
    • KPMG has shared global methodologies and streamlined project management models that focus on risks and simplify complexities for our clients. We have invested heavily in automaton processes, allowing us to drive consistency, increase quality, and lower client costs.
  • Speed

    Our approach allows for increased speed and accuracy. KPMG accelerates the investigation and remediation efforts through the significant use of IP and proprietary tools

    • The patented KPMG Digital Responder automates common forensic triage tasks in a timely and consistent manner. This allows organizations to respond to cyber incidents by increasing responsive effectiveness and efficiency.
    • Proprietary tooling for containing and investigating large-scale incidents in leading cloud platforms.
    • Proprietary workflows to deal with structured/unstructured sensitive data identification and document review. This helps in the mandatory notification process (regulatory, legal).
  • Trust

    When our clients inspire trust, they create a platform for responsible growth, bold innovation and sustainable advances in performance and efficiency.

    • KPMG concentrates deep skills in risk and regulation, advanced digital solutions and well-established change expertise in one powerful and global capability.
    • We are bringing risk out of the back room, with a positive shift from passive compliance to active value generation. Trust is a multiplier of benefits.
    • We can help you build trust with everyone who has a stake in your business – from customers, employees and suppliers, to regulators, shareholders and the communities in which you operate.


KPMG takes a comprehensive approach to cyber incidents through its integrated cyber practice. Incident readiness services include cyber strategy and planning, security configuration and monitoring, security controls testing, and business and technical simulations. 

IDC MarketScape: Worldwide Incident Readiness Services 2021 Vendor Assessment, Doc #US46741420, November 2021

Did you know?

KPMG is positioned in the Leaders category in the 2021 IDC MarketScape for worldwide incident readiness services.


Decades of experience dealing with cyber breaches, regulatory response and investigations of fraud/financial crimes

We have worked on some of the most high-profile financial reporting investigations; regulatory inquiries into misconduct allegations; ransomware, APT, and insider attacks and litigations. We have significant experience working with all the stakeholders involved – outside counsel, general counsel, internal audit, compliance, law enforcement, regulators, fidelity insurance, cyber insurance, and the broader business on all aspects of incident response. 

We have the ability to further invest in you. Our team is able to conduct an optional onboarding consisting of meeting with stakeholders to learn as much as we can about your business, technology, and processes before an incident occurs. The primary objective of the onboarding is to prepare you and our team to respond quickly and effectively as needs arise.

Global and local

Combined with global capabilities of KPMG firms, KPMG professionals have local knowledge, capabilities and presence in nearly every market where you do business. This deep local expertise allow KPMG to understand the risks and ramifications that vary from one country to the next.  We leverage a consistent engagement governance structure globally and assign you a single point of contact to help ensure consistent delivery across the world.

Independent and vendor neutral

We’re entirely driven by our experience. You can have the confidence in our bias-free judgement and advice.  

We are on cyber insurance carrier lists

We are pre-approved as a preferred vendor on many major cyber insurance carrier lists. This can help streamline your cyber insurance claims.

Case studies

  • Global consulting institution — Cyber response

    The challenge
    A large multibillion-dollar global corporation engaged a KPMG firm to provide cyber response services for a global intrusion event.

    What we did
    The KPMG firm coordinated and executed the global response effort involving identification, forensic analysis and containment of over 19,000 systems in six countries. This included packet-level analysis of six months of network activity and behavior/static malware analysis of over 100 suspicious binaries.

    The outcome
    As a result of the quick resolution, the firm was further engaged to help proactively develop a global cyber response plan.

  • Global insurance provider

    The challenge
    A cyber security investigation prompted by an FBI notification to the insurance provider regarding data leakage.

    What we did
    KPMG assembled a 24/7 operation that began by scanning the client’s network for externally facing servers, performing vulnerability assessments of key systems, and reviewing available network logs for signs of suspicious activities. Further details from external sources enabled KPMG to focus our investigation and identify compromised systems. In addition to identifying the compromised hosts stemming from a VNC exploit, KPMG was able to identify other security weaknesses within the client’s environment and other potentially compromised machines that were not related to the incident under investigation.

    The outcome
    The organization had a dramatically improved overall security posture. Evidence preserved by KPMG was provided to the government through proper legal channels. The suspect responsible for the data leakage was arrested shortly after and later sentenced to several years in prison and ordered to pay nearly $3 million (USD) in restitution to the client.

  • Mexico retail

    The challenge
    A Mexican retail company identified a payroll payment to an un-registered account in their employee master. It was found that the account belonged to an IT employee.

    What we did
    KPMG carried out the forensic collection and analysis of electronic communications of the IT employee and key system logs. At the same time, we collected and processed one year of payroll data from more than 20k employees to identify deviations. As deviations were confirmed, our analysis led to the identification of an unauthorized program in the ERP system that allowed the automatic discount of a certain amounts from all employee’s payroll. The amount deviated was automatically applied to a bank account. Furthermore, this program was design to overwrite payroll disbursement files, overcoming security controls. It was also identified that several third parties were granted remote access to the ERP System by the IT employee.

    The outcome
    As a result of our work, the company implemented more robust controls over the payroll payment process, conducted an in-depth review for unknown programs running on the ERP, improved their remote access monitoring process and began legal action against the involved employee.

Image of Marc Miller

Marc Miller

Partner, Forensic Network Leader

Image of David Nides

David Nides

Principal, Cyber Security Services

Media contacts

Explore more

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.