KPMG named Leader in Cyber Risk Quantification solutions

KPMG firms have been recognized as a Leader in The Forrester Wave™: Cyber Risk Quantification Solutions, Q2 2025 assessmentopens in a new tab for our CRI offering.

The report researched, evaluated, and scored cyber risk quantification (CRQ) vendors against three categories: current offering, strategy, and customer feedback. KPMG was named a Leader among the ten providers assessed.

The report states that: “CRQ solutions today look very different from CRQ solutions two years ago, and they cover entirely new territory than they did when they were first introduced.” Furthermore, it identifies three key considerations for customers when evaluating CRQ solutions: CRQ solutions do more than just model risk; More integrations yield more precise outputs…to an extent; Risk is a range, not a score.

In relation to our capability, it states that “KPMG’s vision of making CRQ more accurate, accessible, and actionable at scale reflects its deep understanding of modern risk management challenges. It excels in adoption support, providing sophisticated onboarding and guided support to embed CRQ in existing risk programs. Its innovation strategy, roadmap, partner ecosystem, and pricing flexibility are on par and support primary CRQ use cases”. Adding, KPMG offers superior user experience, with a highly intuitive interface and some of the most in-depth in-product guidance to help technical and nontechnical users conduct risk analyses from start to finish. It shines in model transparency, scenario scoping, comparative analysis, prioritization, and control performance monitoring. Extensive benchmarks from the firm's global services insights further accelerate CRQ analyses.”

We are proud of the dedication KPMG firms have shown in developing leading practices that help clients manage cyber risk and provide scenario-driven risk quantification to enhance decision-making. In support of this, the report continues, “KPMG is the only major professional services firm to offer its own full-featured CRQ solution.”

The report concludes: “Customers value the product’s user experience, especially its emphasis on user journeys and guided assessment support, and they like the “complete transparency” in how risk models are applied. Customers also value its benchmarks and reporting but note that when extracting a report, the generated files aren't as polished as its on-screen view. Organizations looking for a dedicated CRQ solution with an emphasis on scenario analysis and security program decision support should consider KPMG.”

Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here