Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Cybersecurity considerations 2023

The golden thread


Our future is dependent on data and digital infrastructure. We now have a complex tapestry of public-private partnerships, connected ecosystems, and information infrastructures. And as the degree of interconnectedness and dependency increases, so does the interest from those looking to attack and exploit those infrastructures.

Breakthrough technologies also pose new security, privacy and ethical challenges and raise fundamental questions about trust in digital systems. This is the environment in which global commerce needs to thrive, and we need to address concerns now as we innovate, not retrospectively when it's too late.

The annual Cybersecurity considerations report identifies eight considerations that CISOs should prioritize in the year ahead as they seek to accelerate recovery times, reduce the impact of incidents on employees, customers and partners and aim to ensure their security plans enable — rather than expose — the business. The report also explores the key actions CISOs should take to meet the challenges ahead and to help ensure security is the organization's golden thread, woven into the business across the board — providing the basis for trust.

Explore the eight key cybersecurity considerations for 2023

1. Digital trust: A shared responsibility

Digital trust is finding its way onto Board agendas as privacy, security and ethics debates gain momentum — partly driven by regulation and partly by public opinion. The future success of any digitally enabled business is built on digital trust — cybersecurity and privacy are vital foundations for that trust. CISOs must be prepared to help the Board and C-suite create and maintain the trust of their stakeholders if they are to create a competitive advantage. Realizing this potential requires a collective commitment from all stakeholders.

2. Unobtrusive security drives secure behaviors

Embedding security within the business in a way that helps people work confidently, make productive choices, and play their part in protecting the organization must be a key, albeit often elusive, CISO objective. It’s too easy for people to see security as an impediment, and only by considering security from both human and business-centric perspectives can CISOs hope to change this mindset.

3. Securing a perimeter-less and data-centric future

It’s no surprise that business operating models have fundamentally changed over the last decade — becoming more fluid, data-centric, connected ecosystems of internal and external partners and service providers. In this distributed computing world, to help reduce the blast radius of any potential outages or breaches, CISOs and security teams must adopt very different approaches, such as zero trust, Secure Access Service Edge (SASE) and cybersecurity mesh models.

4. New partnerships, new models

Gone are the days when security teams focused solely on the security of their organization’s IT systems. CISOs need to understand when to hit the brakes, when to press go on outsourcing cybersecurity efforts and determine what skills to keep in-house today and in the future. Security has become a business priority, delivered through a shared responsibility model between the organization and service providers.

5. Trust in automation

In the race to innovate and harness emerging technologies, concerns over security, privacy, data protection and ethics, while gaining more attention, are often ignored or forgotten. Left unchecked, this negligence could lead businesses to sabotage their potential, especially with new AI privacy regulations on the horizon.

6. Securing a smart world

Businesses across virtually every industry are shifting to a product mindset — focusing on developing network-enabled services and managing their supporting devices. CISOs and their teams are getting pulled into discussions with engineering, development and product support teams as organizations realize product security matters too.

7. Countering agile adversaries

The time from initial compromise to enterprise-wide ransomware activation is shrinking. Increasingly, rogue and state-sponsored attackers can penetrate systems with automated tooling and accelerate the exploitation of systems. Security operations should be optimized and structured to fast-track the recovery of priority services when an incident occurs, which can reduce the impact on clients, customers and partners.

8. Be resilient when — and where — it matters

Every security system is flawed. There is an air of inevitability that, at some point, an organization will suffer an incident, large or small, and likely more than one. Regulators are increasingly focusing on plausible scenarios and pushing companies — particularly those in strategically important industries like energy, finance, and health care — to be resilient and position themselves to recover.

Dive into our thinking:

Cybersecurity considerations 2023

Download PDF

Cloud service adoption for the financial service sector

Download PDF

Explore more

Meet our team

Image of Prasad Jayaraman
Prasad Jayaraman
Principal, Cyber Security, KPMG US
Image of Kyle Kappel
Kyle Kappel
Cyber Security Leader, KPMG US

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.