Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

The cyber security pivot: from enforcement to enablement

CISOs highlight seven key actions to help security teams expand contributions while navigating mounting threats.


In the high-stakes world of cyber security, it’s hard to tell which is changing faster: the rapidly expanding landscape of incoming threats or the rapidly expanding job responsibilities of the company’s security team.

Start with the positives. After navigating the pandemic’s unprecedented cyber security challenges, chief information security officers (CISOs) and their teams are now essential seat-at-the-table partners for the entire enterprise, well beyond their traditional traffic cop role. That includes expanded and forward-thinking support for delivering business-critical initiatives like digital transformation, faster-to-market products, and seamless digital experiences that customers both embrace and trust.

But on the flipside are the relentless security threats, where the CISO and team are often the only ones at the table, trying to find the right balance between enablement and enforcement. Today that means redefining and expanding their role while always maintaining a vigilant front-line defense against constantly mutating cyber threats—and with a workforce that now views at least some amount of remote (i.e., more vulnerable) work as a given.

To find out more about how cyber security roles and the related leading practices are evolving, we spoke to a number of CISOs from major organizations across a wide range of industries and regions, as well as to our own cyber security specialists. A number of consistent themes and recommendations emerged from these discussions, as we outline in our comprehensive new report.

Taking a closer look

Above all, the CISOs we spoke to emphasized the critical need for security teams to move from enforcers to influencers. Rapid digital innovation is now table-stakes for ongoing business competitiveness and resiliency, and cyber security teams must adapt. That will require partnering across the enterprise with a pragmatic security culture that embeds secure-by-design thinking into every aspect of digital product development, infrastructure, and data.

Specifically, our new report identifies seven key actions for CISOs, which focus on helping their teams evolve, expand, and ultimately reimagine their role in the business:


Act like you belong in the C-suite


Broaden horizons


Weave cyber security into the organizational DNA


Shape the future cyber security workforce


Embrace automation as the rising star


Brace for further disruption


Strengthen the cyber security ecosystem

Check out the new report for complete background on each of these seven areas, as well as the underlying insights from security pros at leading companies.

Expanding the portfolio

Perhaps the biggest finding from our discussions is the emerging leadership mandate for the CISO role. At many companies today, CISOs are increasingly public figures, building trust and confidence with customers, employees, and the public at large against the backdrop of the latest headline about a large company’s security breach.

To make this shift, CISOs and their teams must shed their historical “can’t-do” perception and work to build consensus, acknowledging and navigating corporate politics while ensuring that leadership understands the security implications of the company’s growth-focused strategic initiatives.

That’s going to require security teams to be more sophisticated communicators, working across the business to embed a security focus into every new initiative. For example, that might involve integrating security into governance and management processes, education and awareness, and establishing the right mix of corporate and personal incentives, according to our discussions with leading CISOs.

Upskilling and automation shape up as two critical paths to support the security team’s evolution. CISOs are putting a premium on acquiring new capabilities for their teams, seeking unconventional, diverse new talent for their own teams while working to make a commitment to basic security a natural way of thinking for everyone in the company. Meantime, increased automation profiles as a way to reduce the manual workload, ease skills shortages and address the growing compliance requirements in a consistent and repeatable way. 

Planning for the inevitable

Above all else, the CISOs and cyber security leaders we spoke to emphasized one essential fact of life: Always plan for disruption.

The same forces that are driving digital innovation—the expanding smart device Internet of Things (IoT), advanced mobile networks, gigabits of new data being managed by AI, and hyperconnected cross-channels with customers, suppliers and employees—all open up exotic new cyber risks.

To maintain leading-edge cyber security for an impossible-to-predict future, CISOs are evolving their approach, expanding their influence, and finding new ways to facilitate growth and embed security into the entire company’s way of life. Read the full “Cyber trust—securing the future” for the full report on our discussions with CISOs and much more detail on their seven areas of focus.

Explore more

Meet our team

Image of Matthew P. Miller
Matthew P. Miller
Principal, Advisory, Cyber Security Services, KPMG US

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.