Cyber security
16.05 2022

KPMG’s Cyber Security Considerations 2022

As we enter the year of 2022, it is vital for organizations and people alike to reassess the current technological landscape, particularly in the area of cyber security. According to KPMG’s CEO Outlook report, 75% of Chief Executive Officers (CEOs) believe that a strong cyber security strategy is critical to instill trust with key business stakeholders. Cyber security as a field is one that is constantly evolving, with that comes both challenges and opportunities. KPMG as an organization has assessed the landscape in cyber security and has published “Cyber security considerations 2022: Trust through security” in which they identified eight key cyber security considerations that Chief Information Security Officers (CISOs) should consider in the year 2022. Prior to exploring each consideration in more detail, it is vital to point out that CISOs require an overall paradigm shift. CISOS should place themselves in an organization as influencers rather than enforcers of cyber security measures and practices. Inspiration is often a more long-term effective way for people to take action rather than enforcement. This aforementioned principle applies to cyber security also. CISOs should influence colleagues to do things securely rather than tell their colleagues what they can and cannot do in relation to their organization’s cyber security posture.

Eight Cybersecurity Considerations for 2022

Expanding the strategic security conversion

Cybersecurity nowadays encompasses and affects almost all aspects of any technological business. Cybersecurity is no longer an issue that only security and IT professionals deal with. There must be a shift from cyber security being solely the responsibility of IT professionals into an understanding that it is a shared responsibility of an enterprise. A CISO must be able to wear multiple hats and be able to align a companies business strategy with their cyber one. Thus, it is essential that security is incorporated into the business process. CISOs should help business leadership in making this conversion possible.

Achieving the x-factor: Critical talent and skill-sets

Accelerated by the COVID crisis, yet present before is an increased need for speed-to-market, coupled with an acknowledgment of the risks involved. In the present economy, the amount of skilled cyber security professionals strongly lacks. KPMG recommends looking into alternative solutions for addressing this gap of professionals by incorporating gig economy workers and cyber security automation, for example. Additionally, CISOs are urged to attract a wider range of talents in cyber security, in order to break down barriers of inclusion and attract a larger group of talents to the field.

Adapting security for the cloud

As cloud adoption has skyrocketed within organizations, the cyber security landscape has changed. The processes and skills required for ‘traditional’ cyber security may no longer apply to cloud cyber security. According to KPMG’s report, 90 percent of organizations may be vulnerable to security breaches related to cloud misconfigurations. CISOs need to work with their team to understand the cloud specific cyber security requirements and adopt security for the cloud. This should be done within the regulatory framework and take into account how regulations such as the GDPR or HIPAA would affect cloud security.

Placing identity at the heart of zero trust

As millions of employees shift to remote work and purchase goods from anywhere in the world through their phones, it is increasingly important to place identity management and zero trust at the heart of business processes. Zero trust should no longer be viewed as a technology or feature, but rather a security standard. CISOs should make zero trust an approach to security, with identity being the central component of any zero trust model.

Exploiting security automation

Automation often helps with freeing up resources that may be better spent than on mundane, repetitive tasks. This also applies to the field of cyber security, where vulnerability scanning, log analysis and compliance are being automatically executed rather than done by a highly skilled professional. Automation can help security professionals concentrate on truly critical assets rather than spend time on lower level threats that can be handled using automation. CISOs are encouraged to leverage automation to the full advantage.

Protecting the privacy frontier

At present, cyber security and data privacy are disciplines that seen as different and often operate separate from one another. As more awareness and recognition exists for data privacy there is an ever increased need to view privacy not as a standalone legal discipline but as a multi-disciplinary field. Privacy should be intertwined with security, where companies incorporate a privacy by design approach to their business.

Securing beyond the boundaries

Companies nowadays are more often dependent on robust supply chains and multiple business partners. Such dependencies result in 79% of cyberteams to recognize that protecting a business’s partner ecosystem and supply chain is just as important as building their own cyber defenses. This creates a network of businesses operating together and requiring an adequate controls to protect their own and partners’ data simultaneously. It is necessary to create a strong risk management framework that addresses the cyber risks within and outside the organization. This requires a proactive role by CISOs, using automation, continuous monitoring and zero trust models to help in achieving security beyond boundaries of their enterprise.

Reframing the cyber resilience conversation

CISOs are encouraged in the KPMG report to initiate conversation with senior leaders within an organization on the assumption that a company is ready for a cyber-attack. A company resilient to cyber-attacks is one that assesses the key operational processes of business and strategy. CISOs should reframe the cyber resilience conversation to encompass a company-wide effort to mitigate cyber-attacks and identify the greatest risks.


Hopefully, this article brings thoughtful recommendations for you as an organization or CISO serving an organization. For a detailed overview, access the full report HERE.

Yusef Ward

Cyber Advisory

Bolstering Cyber Resilience with High-Quality Red Teaming

The escalating complexity and frequency of cyberattacks pose a critical risk to the stability of f..

Cyber security

KPMG recognized as a Leader in Cybersecurity Consulting Services in Europe

According to The Forrester Wave: Cybersecurity Consulting Services in Europe, Q1 2024.

We are excit..

Cyber security

Cyber Security Expert: IT Hygiene Should Not Be Neglected During Holidays and Vacations

The line blurring between work and spare time, and the widespread use of remote work mean that peo..

Cyber security

A Company Must Not Be Bought Without a Pre-transaction IT Audit

It is a volatile time for economy, which always leads to businesses being purchased and sold. For ..

Cyber security

How To Prepare for Overcoming a Cyber Incident

It is no longer a question of if cyber incidents take place, but when they will take place. Based ..

Cyber security

Too Many Companies Underestimate IT Risks

Mihkel Kukk, Head of Cyber Security Services at KPMG, notes that, although great importance is att..

Cyber security

Provide a safe and sustainable business environment for your company. We help build a resilient and reliable digital landscape, even in the face of changing threats.

KPMG Baltics OÜ

+372 626 8700
Ahtri 4, 10151 Tallinn, Estonia
KPMG Baltics KPMG Global Privaatsuspoliitika
Email again:

HR assessment 

HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.

Email again:

Threat assessment

Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.

Email again:

Maturity assessment

Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.

Email again: