Relevant Results
Sorry, there are no results matching your search.
Autocomplete suggestions are available. Use up and down arrows to review and enter to select.
See more results

Emphasizing resilience in cybersecurity practices

​Best practices for boosting your cybersecurity resilience that include protection, detection, rapid response and recovery strategies.

It has become a truism in cybersecurity circles that a breach is no longer a matter of “if” but “when.” Once again, resilience has emerged as a key theme across all sectors, emphasizing the need for robust cybersecurity measures that encompass protection, detection, rapid response, and recovery. 

Rebuilding trust is key after an incident

When a data breach or ransomware attack occurs the first asset to be impacted is trust. And trust is absolutely a corporate asset. How well organizations are prepared and how quickly they are able to respond and recover are key determinants in restoring customer and—for public companies—investor trust.

When companies commit to earning, and re-earning, the trust of these vital stakeholders, they place themselves firmly on the path to operational resilience. In some cases, rebuilding trust is about rapid technical recovery, in others it's about identifying alternate ways of delivering services. In every instance, it’s about being able to identify vulnerable and/or impacted stakeholders, expeditiously address their needs and minimize disruption.

Backup and recovery planning

As organizations work to restore operations in the wake of a breach the criticality of maintaining a responsive and efficient backup and recovery strategy to mitigate the impact comes into sharp focus.

In this context, we would highlight seven key action steps: 

1

Develop a backup and recovery strategy that is scaled to your organization.

2

Do regular testing of your backup and recovery strategy to make sure it is properly maintained and up to date.

3

Assess your capacity to execute your strategy at scale based on your targeted recovery objectives.

4

Incorporate loss-of-access scenarios into your disaster recovery planning, including situations where physical access may be required, as well as loss-of-enterprise network access for cloud and third-party hosted environments.

5

Conduct regular impact assessments to better understand the blast radius if a specific service or app fails or the network is breached.

6

Review your software vendor list and other critical third parties to avoid an over dependence on or over concentration in one or a small number of suppliers and perform regular assessments of the controls at critical third parties.

7

Review insurance policies in relation to third-party outages to determine whether financial impact can be reduced through coverage in business interruption insurance.

The importance of third-party risk management

Every cyber incident serves as a reminder of the need for diligence in selecting and monitoring third-party vendors, especially those critical to IT infrastructure. Businesses need to intensify their scrutiny of third-party vendors' practices. Specifically, businesses are encouraged to enhance their programs to include:

  • Routine risk assessment: Maintain a broad inventory and perform a risk assessment of third parties involved in the delivery of business software and services to assess their operational viability, financial health, security practices, compliance history, and previous incidents.
  • Contractual protections: Define clear SLAs that outline performance expectations, uptime requirements, and penalties for non-compliance.
  • Regular auditing and monitoring: Perform regular reviews of the controls in place at third parties including periodic audits, reviews of the security operations center (SOC) to ensure readiness, and ongoing dialogue with critical vendors to proactively address issues and concerns. Particularly important are the software update and certification processes — requesting that vendors conduct thorough testing and validation before deploying updates is crucial.

Ongoing cyber hygiene strengthens business continuity

Beyond immediate technical fixes, organizations should cultivate a culture of resilience, embedding robust contingency plans that encompass not just IT infrastructure but also key business operations. Resilience doesn't mean there will never be another incident — there likely will be. It means being better equipped to manage future incidents quickly, efficiently, and with limited business impact.

Some simple yet effective cyber hygiene practices to promote include:

  • Rotating passwords: Regularly update passwords and implement robust password policies.
  • Reviewing and monitoring accounts: Consistently check lightweight directory access protocol (LDAP) and audit logs for suspicious activity.
  • Enabling multi-factor authentication (MFA): Strengthen security defenses with strict authentication layers.
  • Patching and updating systems: Ensure all systems are current with the latest security patches.
  • Staying informed: Remain informed of market and technology developments and updates and ensure all advised precautions are communicated across the enterprise and followed.

Organizations can't control external threats, but they can control their own preparedness.

Strengthening defenses through employee training and awareness programs

In the current cybersecurity landscape, where the threat of phishing attacks is ever-present and potentially exacerbated by the leakage of email addresses and other personal identifiers, it is crucial to empower your workforce with the knowledge and tools to recognize and respond to such threats effectively. Employee training and awareness programs are not just an additional layer of security; they are essential components of a comprehensive cybersecurity strategy.

  • Regular Training Sessions: Conduct regular and mandatory training sessions that cover the fundamentals of cybersecurity, the latest phishing tactics, and the importance of security in everyday tasks.
  • Phishing Simulation Exercises: Implement routine phishing simulations to provide employees with practical experience in identifying suspicious emails.
  • Clear Reporting Protocols: Ensure that all employees understand how and where to report suspicious emails or potential security breaches.

Prioritize threat detection and management

Digital agendas are proliferating at a massive rate. With the increasing shift to cloud-based systems and remote work, the volume of data that needs protection is skyrocketing. As a result, the cyberattack surface is expanding, creating more alerts and triage events for cybersecurity leaders to manage. How can security teams keep detecting threat after threat and identify what to prioritize? The most effective way to do that is through automation.

As operating models digitize, SOCs need to automate and upgrade their processes to keep pace. With security automation, organizations can secure the third-party ecosystem, assess vulnerabilities, and expose weak links within vendor and supplier ecosystems. Using AI and machine learning, firms can centralize critical security processes for high-risk areas, enabling security teams to pursue more agile and efficient response times.

In conclusion: Be vigilant

Security professionals, regardless of industry, must remain aware of the interconnected nature of modern IT ecosystems and the cascading effects a single point of failure can have across global operations.

As companies navigate today’s evolving and volatile cybersecurity landscape, resilience should not be viewed as a series of one-off or intermittent projects. Rather, it should be an adaptive strategy that complements the organization’s cybersecurity agenda, protects customer interests, aligns with the objectives of the business, and focuses on delivering long-term value.

How KPMG can help

Smart businesses don’t just manage risk, they use it as a source of growth and competitive edge. Technology makes many things possible, but what’s possible isn’t always safe. We can help you create a resilient and trusted digital environment in the face of evolving vulnerabilities and threats. Specifically, we can help:

  • Review and test your Business Continuity and Data Recovery plans (BCP/DR)
  • Review and test your cyber resiliency strategy
  • Review your third-party risk management and supply chain management strategy
  • Add scale and assist with remediation as needed
  • Add burst capacity through a technology and cyber recovery retainer to improve your ability to manage and mitigate future incidents

Our professionals bring a combination of technological expertise, deep business knowledge, creativity, and a passion to protect and progress your business. We are available to help you protect and optimize your digital environment.

Cyber Response Services

Operate with confidence in a digital world

Read more

Explore more

Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Be organizationally and operationally resilient when — and where — it matters

During an IT outage, cyber-attack, or any significant functional disruption, organizations must focus on restoring critical operations in minutes and hours, not days and weeks.

Read more
Insight
Webcast Replay Webcast Upcoming Listen Now From The Web

Building resilience in a hyperconnected world

Most enterprises are operationally dependent on a broad third-party ecosystem that must be equally resilient in the face of disruption.

Read more

Meet our team

Image of Gautham Ramkumar
Gautham Ramkumar
Advisory Managing Director , Cybersecurity & Tech Risk, KPMG US
Read bio
Image of Mick McGarry
Mick McGarry
Principal, Advisory, GRC Technology, KPMG US
Read bio
Image of Charles A. Jacco
Charles A. Jacco
Principal, Cyber Security, KPMG US
Read bio
Image of Gautham Ramkumar
Gautham Ramkumar
Advisory Managing Director , Cybersecurity & Tech Risk, KPMG US
Read bio
Image of Mick McGarry
Mick McGarry
Principal, Advisory, GRC Technology, KPMG US
Read bio
Image of Charles A. Jacco
Charles A. Jacco
Principal, Cyber Security, KPMG US
Read bio

KPMG. Make the Difference.


Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation. KPMG LLP does not provide legal services.

The information contained herein is not intended to be “written advice concerning one or more Federal tax matters” subject to the requirements of section 10.37(a)(2) of Treasury Department Circular 230.

© 2025 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Search now!

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Submit

Office locations

View locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Learn more

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Contact

Headline