Cybersecurity considerations 2024

Technology innovations demand strategic pragmatism.

girl-wearing-glasses-holding-tablet-backend.jpg

Back to KPMG Cyber Security Services page

As 2024 unfolds, organizational leaders face many challenges, from sustaining growth to navigating emerging technologies and talent acquisition and retention. The role of the Chief Information Security Officer (CISO) is evolving, and they are increasingly being seen as proactive partners in managing ongoing business needs rather than just being called upon to rescue the organization during times of crisis.

The KPMG annual Cybersecurity considerations report identifies eight key considerations that CISOs should prioritize in 2024 to help mitigate risk, drive business growth and build resilience.

Explore the eight key cyber considerations and uncover the key actions organizations can take as they seek to accelerate recovery times, reduce the impact of incidents on employees, customers, and partners and aim to ensure their security plans enable — rather than expose — the business.


Cybersecurity considerations 2024

Discover how to balance cyber priorities to build a resilient future.

girl-wearing-glasses-holding-tablet-backend.jpg


Explore the eight key cybersecurity considerations for 2024

 

Consumers, employees, suppliers — every corporate stakeholder — expect businesses to pursue growth and profits. But increasingly, organizations are expected to operate socially responsibly, as well. Organizations should heed this call and strengthen the connection between security and privacy and environmental, social and governance (ESG) factors. This bond is increasingly recognized across the business ecosystem, particularly by ESG rating services, as they search for greater transparency in measuring and comparing organizations.

Security, from the CISO down through their entire team, is a very different role today. Cyber is becoming more embedded in core business processes. That reality is being reflected in a move away from a centralization of cybersecurity in the CISO role to a federated model, in which the CISO is the conductor of the orchestra, establishing the frameworks, assessing risk, and providing implementation support. Security is integral to every function across the organization, from front office to back, and many leaders now acknowledge the value of integrating a security mindset into their very different business cultures and processes.

Global businesses are operating within an increasingly complex cyber and privacy regulatory space. National interests are playing out, leading to diverse regulatory requirements over information sovereignty, supply chain security, transparency of cyber controls compliance, incident reporting, and, of course, privacy. Businesses should seek to calibrate their regulatory reporting for an increasingly borderless world but also maintain security controls that can be tailored to local requirements. Organizations should be prepared to respond quickly to changing geopolitics and diverse sanctions requirements.

Many organizations’ current approach to third-party and supply chain security does not align with the reality of today’s complex and interdependent ecosystem of partner organizations. Traditional models were built around the assumption that third parties provide services on a transactional basis. That view does not reflect today’s intricate network of APIs and processes tethered by a complex set of software-as-a-service dependencies. Organizations are encouraged to establish more strategic supplier partnerships focused on continuously monitoring and managing the evolving risk profiles of these suppliers to strengthen operational resilience.

With careful planning and execution, artificial intelligence (AI) has the potential to transform how, when, and by whom work gets done. All the talk is currently about generative AI, but many other branches of AI, from robotics to machine learning, continue to transform business. Calibrating the security, privacy, and ethical implications inherent in these technologies is challenging, and organizations are looking to establish frameworks that provide both risk management and governance when implementing AI.

Businesses are increasingly moving systems to the cloud, the volume of data that needs protection is skyrocketing, and more people are working remotely and accessing corporate networks with their own devices. As a result, the cyberattack surface is expanding, creating more alerts, false positives and triage events for CISOs to manage. There’s a lot of noise in security operation centers (SOCs), and there aren’t enough panes of glass or humans to deal with the volume. How can CISOs keep detecting threat after threat and feel they're not missing something? They need to collect, correlate and escalate the signals that require a response — and it must be done rapidly. The only way to do that is through automation.

Every organization with which consumers interact assigns them a unique digital identity, and just as usernames and passwords vary, authentication methods do as well. From a cybersecurity perspective, the identity model is evolving. Most identity and access management (IAM) models were originally devised to manage digital identities and user access for single organizations. Many are now being reconceptualized to encompass a level of resilience suitable for federated, private, public or multi-cloud computing environments. This will eliminate the need for individuals to ensure the exhaustive, time-consuming and intrusive process of identity-proofing every time they interact with a new institution, either as a customer or employee.

During a cyber incident, organizations need a response measured in minutes and hours, not days and weeks. In today’s volatile environment, resilience has become a common theme for organizations across critical infrastructure sectors such as energy, communications and transportation, with executives focused on recovery if preventative controls fail. Resilience should seamlessly align with cybersecurity, emphasizing protection, detection, and rapid response and recovery. Cyber resilience is vital for maintaining business operational capabilities, safeguarding customer trust, and reducing the impact of future attacks. These disciplines must work in tandem to help organizations manage risk.


Learn more

 

Cybersecurity Considerations 2024: Technology, Media and Telecommunications

Navigating innovation and threats in a hyperconnected world

Cybersecurity considerations 2024: Financial services sector

Navigating uncertainty and embracing innovation

Cyber Security Services

Cyber security is more than a technology issue – it’s a golden thread that runs throughout your business, enabling it to operate effectively, efficiently, and securely. Our Cyber experts can help you to protect your future.

Our people


Akhilesh Tuteja

Global Cyber Security practice Leader, Partner

India

Dani Michaux

EMA Cyber Security Leader, EMA Women in Cyber Leader and Partner

Ireland

Matt O'Keefe

Partner, Cyber Security ASPAC Lead

Australia

Prasanna Govindankutty

Americas Cyber Security Leader

KPMG in the U.S.

Transforming for a future of value

Connected. Powered. Trusted. Elevate. KPMG firms' suite of business transformation technology solutions can help you engineer a different future – of new opportunities that are designed to create and protect value.

KPMG Connected Enterprise

KPMG’s customer centric, agile approach to digital transformation, tailored by sector

KPMG Powered Enterprise

KPMG firms' suite of services to help transform their back-office functions, leveraging target operating models that are designed with the future in mind.

The Trusted Imperative

Our Trust Impertive brings together risk and regulatory services that build trust and confidence in the organization and its digital transformation journey. It helps ensure that businesses can navigate risk and regulation with greater predictabilty – and deliver on the promise to keep customer data trusted, safe and reliable.

KPMG Elevate

KPMG Elevate is our methodolgy to helps businesses identify and capture value using a data-driven approach. We focus on what an organization needs to change to achieve measurable improvements to revenue, margin expansion, cost management and capital structures . It is value quantified and delivered.

Connect with us

KPMG combines our multi-disciplinary approach with deep, practical industry knowledge to help clients meet challenges and respond to opportunities. Connect with our team to start the conversation.

Two colleagues having a chat