Solving 5 Top CISO Challenges

With concerns around AI, data privacy and overall cyber resilience growing, CISOs need to ensure operations are resilient in the event of an incident. Here’s how they can respond.

Achieve balance between preparation and resilience

Chief Information Security Officers (CISOs) and their teams have a lot on their plates. As they contend with diverse challenges and evolving threats, they need to operate not only as a key security leader, but also as a proactive co-steward of the organization’s ongoing business objectives.

One of the most urgent developments reshaping their priorities is the rapid rise of AI — not only as a powerful enabler of business innovation across the enterprise, but also as a tool increasingly leveraged by threat actors. Its democratization, making advanced models accessible widely via the cloud, has revealed new paths to value and exposed significant potential risks.

This evolving threat landscape requires CISOs to view security through a new, more pragmatic lens. From a cybersecurity perspective, the impacts of societal, economic, political, and regulatory developments are now more consistently felt globally than ever before. The simple reason is the boundaries between nations, much like the network perimeter, are disappearing.

This is emblematic of the resilience agenda we’re seeing with many of the recently proposed regulations, particularly those that focus on critical infrastructure, supply chains and smart products. In many cases the solution revolves around classic backup/restore actions, but much of it also depends on prioritization and doing rapid system rebuilds or even constructing systems that can be reconfigured in real time following an attack.

Finance as a Service with AI elevates finance functions, reduces costs, and boosts productivity

Finance teams face a growing roster of complex issues even as the company pushes them to move faster, innovate operations, and deliver more value. To make that happen, many companies are turning to a new class of managed services providers.

Facing Cyber Challenges with Smarter Strategies

Here’s a look at how CISOs are mobilizing to address some of their most pressing challenges.

CHALLENGE #1

Aligning cybersecurity with organizational resilience

Organizations need to continually improve and adapt. Resilience means being better equipped to address an incident quickly, comprehensively, and with minimal or at least controlled business impact.

Evolving CISO mindset

As CISOs navigate today’s evolving and volatile cybersecurity landscape, resilience should not be viewed as a series of one-off or intermittent projects. Rather, it should be an adaptive strategy that complements the organization’s cybersecurity agenda, protects all stakeholder interests, aligns with the objectives of the business, and focuses on delivering long-term value.

Key challenge

Companies are very familiar with ensuring high levels of operational execution and resilience as they deliver critical services to which disruptions can have a significant impact. CISOs need to recognize that cyber-attacks not only target their IT infrastructure but also threaten the entire enterprise. Cyber resilience will require organizations to shift their thinking to activate new capabilities and security measures.

The result of getting it right

  • Stronger cyber governance and risk management
  • Better visibility into asset inventory, including both IT and OT
  • Improved ability to monitor, control and secure critical assets
CHALLENGE #2

Supercharging security with automation

Digital agendas are proliferating at a massive rate. With the increasing shift to cloud-based systems and remote work, the volume of data that needs protection is skyrocketing.

Evolving CISO mindset

As the cyberattack surface expands, more alerts and triage events are being created for CISOs to manage, requiring them to work to detect and prioritize threat after threat. The most effective way to sort through the noise is with automation.

The result of getting it right

  • Ability to prioritize, assign, and remediate critical vulnerabilities using policy-as-code solutions
  • Machine learning-enabled vulnerability management
  • Proactive incident response controls
CHALLENGE #3

Modernizing supply chain security

Developing a new supply chain security strategy is crucial as traditional third-party security models struggle to keep up with today's complex, interconnected ecosystems. In the current environment, APIs, advanced processes, and software-as-a-service dependencies demand a more strategic approach to supplier partnerships.

Evolving CISO mindset

There is a greater need to continuously monitor and manage the evolving risk profiles of suppliers. In doing so, the challenges of visibility, scalability, and evolving third-party risks loom large. Amid these challenges, CISOs are seeing an opportunity to reimagine supply chain security as a key business enabler with a comprehensive risk-based mindset and strategic application of intelligent automation.

The result of getting it right

  • A more integrated and resilient network
  • A continuous monitoring plan to promptly detect and address potential supply chain vulnerabilities 
  • Improved ability to diagnose third-party cyber risk and triage vendor security issues quickly
CHALLENGE #4

Making identity individual, not institutional

Digital identity has emerged as a key factor for efficient digital interactions in the connected world. With smart devices tethered to organizations’ digital backbone, it is imperative to manage their underlying identities.

Evolving CISO mindset

As the digital landscape becomes more complex, CISOs are challenged to evolve beyond traditional security measures, especially in the realm of digital identity. With the rise of sophisticated threats like audio and video deepfakes, developing a robust and adaptable identity model is crucial—not just for securing access, but for maintaining trust and deflecting emerging threats. By prioritizing cutting-edge identity solutions, CISOs can stay ahead of attackers and safeguard both consumer interactions and critical infrastructure.

The result of getting it right

  • Adoption of a verification-centric approach
  • Leverage advanced behavioral authentication 
  • Improved ability to detect anomalies and suspicious activity
CHALLENGE #5

Meeting customer expectations and improving trust

At the enterprise level, CISOs must align their team’s priorities with their organization’s worldview and business strategy. As both the value and potential liability around organizational and customer data become more strategically important, CISOs need to be diligent about evolving data practices and global imperatives for compliance with multiple global regulations and reporting requirements, as well as customer expectations.

Evolving CISO mindset

Many CISOs recognize the importance of motivating their colleagues to integrate security into their daily activities. This proactive approach safeguards the organization's intellectual property, protects critical infrastructure, improves identity and network access management, prioritizes vulnerabilities, and builds trust among both internal and external stakeholders.

The result of getting it right

  • Clear focus on safeguarding proprietary and customer data, implementing AI ethically and securely, and managing digital identities with precision
  • Robust cyber governance frameworks, including adoption of continuous monitoring of key controls
  • Stay ahead of regulatory scrutiny

Stay prepared and keep small issues from becoming big problems

Cybersecurity must be viewed as an ever-evolving ongoing endeavour. The more organizations and CISOs accept cyber incidents as inevitable yet manageable, the better their chances of achieving the necessary balance between preparation and resilience.

Proactive cybersecurity to help you guard against tomorrow’s threats today

As cyber threats grow in sophistication, CISOs must navigate an increasingly complex landscape of risks and vulnerabilities. With expanding regulatory requirements and the continuous evolution of attack methods, maintaining a robust cybersecurity posture is more critical than ever. 

At KPMG LLP (KPMG), we understand these challenges and provide targeted solutions to address them effectively. Today's CISOs need strategies that are both adaptable and multifaceted to stay ahead of ever-evolving threats. KPMG combines cutting-edge technology, actionable insights, and distinguished expertise to help you prioritize and address your most critical cyber and tech risk challenges.

Our team leverages the latest in AI-driven analytics and industry best practices to deliver proactive, tailored solutions that fortify your security posture. Our cybersecurity and tech risk solutions are designed to enable your organization to anticipate threats, respond swiftly, and emerge stronger. From predictive threat intelligence to rapid incident response, KPMG is your partner in navigating cyber risk with confidence and agility.

KPMG Cyber and Tech Risk Services 

KPMG Cyber Managed Services 

Get in touch

Advanced Threat Detection

Stay ahead of sophisticated cyber adversaries with AI and machine learning that detect and mitigate threats before they can impact your operations. Our solutions offer real-time threat intelligence and automated response mechanisms to keep your defenses strong and adaptive.

Enhanced Access Management

Effective identity and access management (IAM) is critical for controlling access to your systems and data. Automating IAM processes improves security and operational efficiency, ensuring only authorized users have access based on stringent, dynamic policies.

Regulatory Compliance

Stay compliant with evolving regulations and standards such as GDPR, CCPA, and industry-specific mandates. Our compliance services minimize regulatory risks and potential fines while streamlining audit and reporting processes.

Data Protection and Privacy

Ensure the integrity and privacy of data wherever it resides – on-premises, in the cloud, or in hybrid environments. Our strategies encompass robust encryption, DLP solutions, and strict access controls to protect against breaches and unauthorized access.

Take a Deeper Dive into our Cybersecurity Insights

Meet the team

Our KPMG Cyber and Tech Risk team offers clients distinguished expertise and access to cutting-edge technology, ensuring robust protection against evolving cyber threats. By leveraging a unique blend of functional, industry, and technological experience, our professionals help organizations navigate the complex landscape of cybersecurity with confidence. Our specialists are skilled in areas such as AI-driven threat detection, cloud security, identity and access management, and advanced data privacy. We empower your organization to embrace technological advancements safely and confidently, transforming your cybersecurity posture from reactive to proactive.

Image of Charles A. Jacco
Charles A. Jacco
Principal, Cyber Security, KPMG US

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's . Privacy Statement

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Headline