Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Cybersecurity considerations 2024

Technology innovations demand strategic pragmatism.

Cyber Security Services

As 2024 unfolds, organizational leaders face many challenges, from sustaining growth to navigating emerging technologies and talent acquisition and retention. The role of the Chief Information Security Officer (CISO) is evolving, and they are increasingly being seen as proactive partners in managing ongoing business needs rather than just being called upon to rescue the organization during times of crisis.

The KPMG annual Cybersecurity considerations report identifies eight key considerations that CISOs should prioritize in 2024 to help mitigate risk, drive business growth and build resilience.

Explore the eight key cyber considerations and uncover the key actions organizations can take as they seek to accelerate recovery times, reduce the impact of incidents on employees, customers, and partners and aim to ensure their security plans enable — rather than expose — the business.

Explore the eight key cybersecurity considerations for 2024

1. Meet customer expectations, improve trust

Consumers, employees, suppliers — every corporate stakeholder — expect businesses to pursue growth and profits. But increasingly, organizations are expected to operate socially responsibly, as well. Organizations should heed this call and strengthen the connection between security and privacy and environmental, social and governance (ESG) factors. This bond is increasingly recognized across the business ecosystem, particularly by ESG rating services, as they search for greater transparency in measuring and comparing organizations.

2. Embed cybersecurity and privacy, for good

Security, from the CISO down through their entire team, is a very different role today. Cyber is becoming more embedded in core business processes. That reality is being reflected in a move away from a centralization of cybersecurity in the CISO role to a federated model, in which the CISO is the conductor of the orchestra, establishing the frameworks, assessing risk, and providing implementation support. Security is integral to every function across the organization, from front office to back, and many leaders now acknowledge the value of integrating a security mindset into their very different business cultures and processes.

3. Navigate blurring global boundaries

Global businesses are operating within an increasingly complex cyber and privacy regulatory space. National interests are playing out, leading to diverse regulatory requirements over information sovereignty, supply chain security, transparency of cyber controls compliance, incident reporting, and, of course, privacy. Businesses should seek to calibrate their regulatory reporting for an increasingly borderless world but also maintain security controls that can be tailored to local requirements. Organizations should be prepared to respond quickly to changing geopolitics and diverse sanctions requirements.

4. Modernize supply chain security

Many organizations’ current approach to third-party and supply chain security does not align with the reality of today’s complex and interdependent ecosystem of partner organizations. Traditional models were built around the assumption that third parties provide services on a transactional basis. That view does not reflect today’s intricate network of APIs and processes tethered by a complex set of software-as-a-service dependencies. Organizations are encouraged to establish more strategic supplier partnerships focused on continuously monitoring and managing the evolving risk profiles of these suppliers to strengthen operational resilience.

5. Unlock the potential of AI - carefully

With careful planning and execution, artificial intelligence (AI) has the potential to transform how, when, and by whom work gets done. All the talk is currently about generative AI, but many other branches of AI, from robotics to machine learning, continue to transform business. Calibrating the security, privacy, and ethical implications inherent in these technologies is challenging, and organizations are looking to establish frameworks that provide both risk management and governance when implementing AI.

6. Supercharge security with automation

Businesses are increasingly moving systems to the cloud, the volume of data that needs protection is skyrocketing, and more people are working remotely and accessing corporate networks with their own devices. As a result, the cyberattack surface is expanding, creating more alerts, false positives and triage events for CISOs to manage. There’s a lot of noise in security operation centers (SOCs), and there aren’t enough panes of glass or humans to deal with the volume. How can CISOs keep detecting threat after threat and feel they're not missing something? They need to collect, correlate and escalate the signals that require a response — and it must be done rapidly. The only way to do that is through automation.

7. Make identity individual, not institutional

Every organization with which consumers interact assigns them a unique digital identity, and just as usernames and passwords vary, authentication methods do as well. From a cybersecurity perspective, the identity model is evolving. Most identity and access management (IAM) models were originally devised to manage digital identities and user access for single organizations. Many are now being reconceptualized to encompass a level of resilience suitable for federated, private, public or multi-cloud computing environments. This will eliminate the need for individuals to ensure the exhaustive, time-consuming and intrusive process of identity-proofing every time they interact with a new institution, either as a customer or employee.

8. Align cybersecurity with organizational resilience

During a cyber incident, organizations need a response measured in minutes and hours, not days and weeks. In today’s volatile environment, resilience has become a common theme for organizations across critical infrastructure sectors such as energy, communications and transportation, with executives focused on recovery if preventative controls fail. Resilience should seamlessly align with cybersecurity, emphasizing protection, detection, and rapid response and recovery. Cyber resilience is vital for maintaining business operational capabilities, safeguarding customer trust, and reducing the impact of future attacks. These disciplines must work in tandem to help organizations manage risk.

Dive into our thinking:

Cybersecurity considerations 2024

Discover how to balance cyber priorities to build a resilient future

Download PDF

Explore more

Insights on cyber security

KPMG professionals are passionate and objective about cyber security. We’re always thinking, sharing and debating. Because when it comes to cyber security, we’re in it together.

Read more

Meet our team

Image of Kyle Kappel
Kyle Kappel
Cyber Security Leader, KPMG US

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.