Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

The gold standard of trust

KPMG helped a global auto manufacturer develop an organization-wide strategy to manage insider risk for its most sensitive data.


A global automotive manufacturer


Industrial manufacturing


Design and delivery of insider risk management

Client challenge

After sensitive company data was lost during a large workforce reduction, the company’s leadership realized that its ability to successfully protect critical assets was limited and tactical, primarily focused on an IT-related detection capability. The board of directors recommended developing an organization-wide strategy to manage insider risk for its most sensitive corporate data. When internal efforts to develop a strategy proved too slow, the company turned to outside advisors for help.

Our experience-based insights tied to this client's “trusted workforce” core value demonstrated that KPMG had the right people with specific insider risk management experience to lead the project.

Key KPMG initiatives

Unlike other firms that were asked to provide insight into this challenge, KPMG took a rare and altogether different approach. We convened biweekly calls designed to listen to the client, not to pitch or propose, but answering a variety of questions from multiple stakeholders, providing experience-based insights tied to the client’s “trusted workforce” core value, and demonstrating that we had the right people with specific insider risk management experience. At the end of 60 days of relationship-building interaction, we were asked to lead the project—without an RFP.

After three months of fieldwork, KPMG recommended an insider risk management strategy that tapped participation from multiple business functions needed to effectively drive down insider risk quickly. Also included was a three-year execution roadmap to guide continual improvement while controlling spend.

Once approved by the board, KPMG: 


Was asked to help execute the first year’s strategy activities, which focused on establishing a cross-stakeholder governance council. 


Working with senior leadership to identify and agree upon the company’s most critical assets, and developing specific insider risk scenarios and the recommended prevention, detection, and mitigation controls.



Subsequently, KPMG was asked to help the client with the day-to-day operation of its evolving insider risk management program.

Business impact

Today, the company has a strategy which recognizes that risk management is not just an IT issue. It’s a multiple stakeholder challenge, requiring board oversight and participation from senior leaders across multiple business functions, along with cross-functional controls and governance.

Importantly, the new strategy helps reinforce a key corporate value: to have the most trusted workforce in the world, supporting the company’s goal to become the most trusted brand.

With our guidance:


The automotive manufacturer now agrees on its most important sensitive data, gaining cross-stakeholder buy in to reduce its critical data types from 500 to fewer than 10.



The company developed three categories of insider threat training—depending on employee access to sensitive data—to reinforce the importance of managing critical assets.




In addition, by providing design input for a proprietary tool to improve detection of insider threats, we helped the company reduce the false positive rate by two-thirds.


  • Innovation in risk management

    We deliver a gold-standard strategy for managing insider risk, based on published standards, leading best practices, and the experiences of KPMG professionals, all integrated into a single, executable framework to meet boardroom expectations.

  • A range of subject matter professionals for specific client needs

    Our team includes deeply experienced cyber security professionals as well as complementary specialists. For example, we bring in organizational psychologists to conduct HR transformation, attorneys who focus on privacy laws and regulations, and professionals with law enforcement and intelligence-community backgrounds to advise the corporate security function.

  • Immediate impact

    In addition to delivering a strategy and roadmap, we also develop client-specific scenarios and prevention, detection, and mitigation controls to drive home the immediate impact of insider threats.

Meet our team

Image of Charles A. Jacco
Charles A. Jacco
Principal, Cyber Security, KPMG US

Explore other services tailored to your business

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.