Strategy and Governance

Turn risk to competitive advantage.


With passion and purpose: KPMG GDPR team

New technologies. Sales channels. Customer experiences. Does your organization have the confidence and agility to seize these kinds of opportunities, or are cyber threats and regulations holding you back? 

Can you do what you want to do, knowing you have the resilience to withstand a cyber security event and continue to serve customers? As you exchange more data and become more dependent on interconnected systems, a strategic approach to cyber security has never been more critical.

That’s why cyber security is not just an information technology issue, it’s a business issue — demanding the attention not only from CISOs but also from the rest of the C-suite, the board, employees, supply chain and business partners.

A strong cyber security strategy should align to the business vision, objectives and innovation projects. If implemented effectively, it can enhance product integrity, customer experience, operations, regulatory compliance, brand reputation, investor confidence and more — turning risk into a competitive advantage.


  • Cyber Maturity Assessment (CMA): Looks beyond pure technical preparedness against cyber-attacks and takes a rounded view of people, processes and technology. Enabling you to understand areas of vulnerability, identify and prioritize areas for remediation and demonstrate corporate and operational compliance that turn information risk into business advantage.
  • Cyber strategy and target operating model development: Establishes security strategies aligned to business objectives, quantifies risks, evaluates true cost and determines the effectiveness of your current security program.
  • Chief Information security officer metrics and reporting; including Metrics 360: Develops a detailed program to baseline, measure, and report on the health, progress, and value of your cyber security program.
  • Third-party security: Identifies cyber security risks introduced through third party relationships and helps implement sound monitoring and remediation processes.
  • Business resilience: Helps identify and manage disruption risks and reduce your vulnerability to potentially devastating events.
  • Information governance: Enables smart decision-making powered by data and from across numerous, diverse domains so that your organization can pursue what it wants to achieve by addressing key value opportunities, risks and costs.
  • Privacy servicesHelps manage regulatory obligations and enables you to leverage personal information to create value and increase revenue while meeting the expectations of your customers, employees and vendors.

The KPMG strategy and governance team helps you with tailored approaches for cyber security and data protection. From determining the appropriate levels of acceptable risk to aligning your information protection agenda with your business and compliance priorities to building enterprise-wide security strategies to help move your organization from reacting in crisis mode to having proactive, value-added business approaches, we help you carry security throughout your entire organization.

KPMG* ranked number one for the quality of firms’ Security services

KPMG has been ranked number one by clients for the quality of member firms’ security services in Source Global Research’s latest report, Perceptions of Risk Firms in 2021. KPMG received the highest score of the 16 vendors evaluated in this category—a high achievement determined by clients and prospects alone. 

Learn more

*KPMG refers to the global organization or to one or more of the member firms of KPMG International Limited (“KPMG International”), each of which is a separate legal entity. KPMG International Limited is a private English company limited by guarantee and does not provide services to clients. 

Our people

Michael Gomez

Michael Gomez

Principal, Cyber Security, KPMG US