KPMG cyber maturity assessment: the cyber threat to your business


Published on

KPMG Cyber Maturity Assessment (CMA) provides a broad ranging review of an organization's ability to manage and protect its information and its preparedness against cyber attack.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

KPMG cyber maturity assessment: the cyber threat to your business

  1. 1. KPMG Cyber Maturity AssessmentThe cyber threatto your businessOrganizations are subject to increasing amountsof legislative, corporate and regulatoryrequirements to show that they are managingand protecting their information appropriately.Simultaneously, the threats from cybercriminals and hacktivists are growing inscale and sophistication. Organizationsare increasingly vulnerable as a result oftechnological advances and changingworking practices including remote access,big data, cloud computing, services ondemand and mobile technology.The financial and reputational costs of not being prepared areas of vulnerability, to prioritize areas for remediation andagainst cyber attack are significant. Estimates suggest the to demonstrate both corporate and operational compliance,global financial impact of cybercrime is US$114 billion.1 turning information risk to business advantage.Companies are thought to bear almost 80 percent of these In developing the CMA, KPMG has combined internationalcosts.2 Loss of consumer and shareholder confidence is a information security standards with our global insight of bestparticular issue. A series of data breaches at Sony in 2011 practice in risk management, cyber security, governancecontributed to a 30 percent fall in its share price and a and people processes. The CMA addresses six keyUS$170 million hit to operating profits.3 With this global dimensions at three levels of maturity that together provide aproliferation of attacks, the question for organizations is not if comprehensive and in-depth view of an organization’s cyberthey will be attacked but when. maturity, as shown below.It is also increasingly common for government buyers and largecorporates to demand confidence in information management as Leadership and Governance Human Factorsa qualifier for lucrative contracts or partnerships. With the stakesso high, organizations must decide on their cyber risk appetite Board demonstrating due The level and integration of a diligence, ownership and security culture that empowersand how they will respond to cyber threats. There is a significant and ensures the right people, effective management of riskresponsibility on executives to assure customers, stakeholders skills, culture and knowledgeand employees that appropriate safeguards are in place. Information Risk Management Business Continuity and CrisisWhat is the Cyber Maturity Assessment? Management The approach to achieveKPMG’s Cyber Maturity Assessment (CMA) provides a broad comprehensive and effective Preparations for a securityranging review of an organization’s ability to manage and protect risk management of information event and ability to prevent or throughout the organization and minimize the impact throughits information and its preparedness against cyber attack. its delivery and supply partners successful crisis and stakeholderIt is unique in the market in that it looks beyond pure managementtechnical preparedness. It takes a rounded view of people, Operations and   echnology T Legal and Complianceprocess and technology to enable clients to understand The level of control measures Regulatory and international1 Norton Cybercrime Report, 2011. implemented to address certification standards as relevant2 The Cost of Cybercrime, Detica/The Cabinet Office, 2011. identified risks and minimize the3 impact of compromise in-Tokyo-as-data-breaches-undermine-confidenceKPMG Cyber Maturity Assessment / February 2013© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. All rights reserved.
  2. 2. Through a combination of interviews, workshops, policy and KPMG member firms are:process reviews and technical testing, KPMG’s CMA rapidly: • Global – through our network of KPMG member firms, we• Identifies current gaps in compliance and risk management employ over 145,000 professionals in 152 countries. KPMG of information assets; cyber security industry professionals have deep expertise• Assesses the true scale of cyber vulnerabilities; and can offer insight to you wherever you operate.• Sets out prioritized areas for remediation and an associated • Award-winning – KPMG in the UK was awarded management action plan. ‘Information Security Consultant of the Year’ at both the 2011 and 2012 SC Magazine Europe Awards. KPMG inThe CMA provides the flexibility to assess the level of cyber the UK was also highly commended for the Informationmaturity on a site by site basis or at a company level. It helps Security Project of the Year category for I-4 program, whichto identify best practice within an organization and provides is the leading information security forum for large globalcomparator information against peer groups and competitors. businesses.In short, it provides executives with a rapid assessment of • Shaping the cyber agenda – Through I-4 (the Internationalyour organization’s readiness to prevent, detect, contain and Information Integrity Institute) KPMG firms help the world’srespond to all threats to information assets. leading organizations to work together to solve today’s and tomorrow’s biggest security challenges.Why KPMG? • Committed to you – KPMG’s client relationships are builtThe CMA is one component of KPMG’s Global Cyber on mutual trust and long-term commitment to providingTransformation Service. Our Cyber Transformation Service effective and efficient strategies.brings together specialists in information protection, technicalsecurity, risk infrastructure, organizational design, behavioralchange and intelligence management. These combined skillsare utilized to tailor a solution relevant to your risk appetiteand the cyber threats your organization faces.Contact usFor more information on the CMA or KPMG’s Cyber Transformation Services please contact one of our practitionersor visit us at US Netherlands GermanyStephen Bonner Tony Buffomante John Hermans Jörg AsmaPartner Principal Advisor Partner PartnerT: +44 20 76941644 T: +1 312 665 1748 T: +31 6 5136 6389 T: +49 221 2073 6233E: E: E: E: jasma@kpmg.comRuth Anderson Australia CanadaPrincipal Advisor Scott Cass-Dunbar Jeff ThomasT: +44 20 76942492 Director PartnerE: T: +61 2 6248 1232 T: +1 403 691 8012 E: E: information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timelyinformation, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information withoutappropriate professional advice after a thorough examination of the particular situation.© 2013 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG Internationalprovides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any suchauthority to obligate or bind any member firm. All rights reserved.The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.Designed by Evalueserve.Publication name: KPMG Cyber Maturity AssessmentPublication number: 120961. Publication date: February 2013