Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

KPMG SAP cyber and data security

Protect your SAP environment with an approach tailored to your risk appetite and the cyber threats your organization faces.

Due to the increased threat of cyber attack, existing security and governance strategies are simply no longer adequate to protect the interconnected SAP landscape. Organizations must change their approach to securing the SAP landscape and adopt a holistic SAP security and governance strategy that protects the entire SAP technology stack. This requires the ability to proactively identify SAP cyber security threats and implement a security and governance strategy to address evolving risk.

The target security operations model

The growing potential and high risk of ERP breaches has companies searching for the most effective way to safeguard their assets across all businesses and functions as they transition to S/4HANA. The solution starts with a strong cyber security framework, including leading practices and technologies that enable organizations to continuously detect and monitor their core business systems long past implementation.


Report and enhance

Meaningful reporting increases the visibility and insights into system threats and vulnerabilities, the effectiveness of the security operations program over time, and opportunities for enhancement to continuously improve and build resilience


Security governance

An effective SAP cyber governance strategy identifies the cybersecurity risks within the SAP ecosystem and prioritizes them based on business objectives, vulnerability magnitude, and regulatory requirements. Risk mitigation requirements are then based on the findings and analysis.


People, process, and technology

Driven by the security governance strategy, develop a target operating model (TOM) for managing SAP cyber security, aligns process, people and technology to determine how a risk is managed, prioritized, and responded to. Note that the process, people and technology may also influence the governance strategy.


Assess, defend, comply, and control

Advanced technologies increase efficiency and effectiveness by: assessing, identifying and prioritizing application threats and vulnerabilities integrating continuous monitoring of threats to defend the SAP ecosystem in real time automating compliance reporting and the audit process to comply with regulatory requirements controlling operational risks associated with SAP maintenance through fortification and the identification of system and code misconfigurations and vulnerabilities.


Risk remediation

Upon identification of threats and vulnerabilities, risks are triaged based on relevancy and impact, followed by activities to remediate, mitigate and/or respond.

KPMG has advised companies how to design and implement effective application security for more than two decades, including helping them implement leading practice processes and tools to manage SAP security risks.

We help clients identify risks and implement leading practices and solutions to secure their SAP landscape. Our approach incorporates cyber security process design and technology adoption into your modern ERP project to enable a leading practice SAP security target operating model. Tools and benchmarks are leveraged implement proper SAP S4/HANA security controls based on a cyber security framework established by the National Institute of Standards and Technology (NIST).

Whatever your approach to SAP S/4HANA transformation—starting from scratch or migrating legacy, deploying on-premises or in the cloud—we can help. Working with Onapsis, we can help with vulnerability management, threat monitoring, application security testing, and compliance automation solutions help prepare legacy applications and code for migration and accelerate development of new HANA and Fiori apps. Using these tools from the start of your project ensures applications and data are protected throughout the project and helps prevent project delays due to security, compliance, or quality issues.

Dive into our thinking:

Learn how KPMG and Onapsis work together

SAP cyber and data security: KPMG and Onapsis work side by side with organizations throughout their migration to SAP S4/HANA to help ensure a secure and efficient outcome.

Download PDF

Learn about our 4-step assessment

KPMG SAP cyber security: Our four-step SAP cyber security assessment can provide an in-depth review of your SAP landscape and your ability to protect your most important information assets against cyber attack.

Download PDF

Sailpoint unified access governance with SAP

Integrating IAM with GRC access control unifies the process and visibility of user access – leading to improved risk management and enhanced operational efficiency.


Explore more

Meet our team

Image of Mick McGarry
Mick McGarry
Principal, Advisory, GRC Technology, KPMG US
Image of Charlie Singh
Charlie Singh
Director Advisory, GRC Technology, KPMG LLP

Explore other services tailored to your business

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.