KPMG on Cybersecurity: Service instead of vulnerability

Key points:

• CISO’s Expanding Role: Chief Information Security Officers (CISOs) are now strategic leaders involved in corporate governance, aligning security with business goals, and translating technical risks for non-technical executives. However, they face challenges like unclear responsibilities and resource shortages.

• Human Factor & Talent Gap: Organizations struggle to build cybersecurity expertise. Comprehensive training programs, flexible work arrangements, and diversity initiatives are critical to attracting and retaining cybersecurity talent. AI can assist but not replace human workers.

• Building Trust in AI: Companies are investing heavily in cybersecurity to address AI-related risks. Transparent, accountable AI development and governance are crucial to maintaining stakeholder trust.

• Using AI for Cybersecurity: While AI can improve efficiency and manage growing workloads, it also introduces new risks. Strong cybersecurity fundamentals are necessary before fully integrating AI technologies.

• Platform Consolidation Risks: Organizations must balance efficiency with the risks of vendor lock-in and over-reliance on single platforms by considering hybrid security solutions.

• Identity and Authentication Challenges: Secure digital identities are essential, but innovations like deepfakes and expanded data processing demand new, robust authentication systems.

• Securing Smart Devices: As smart devices proliferate, securing them—and the data they access—is critical to protecting corporate and infrastructure integrity.

• Building a Resilient Security Culture: Organizations must foster a broad-based, resilient cybersecurity culture to mitigate risks from ransomware, supply chain vulnerabilities, and evolving threats.

The full Cybersecurity Considerations 2025 report by KPMG highlights that cybersecurity must evolve alongside technology, requiring proactive governance, skilled human resources, and strategic integration of new tools like AI.