Cybersecurity has become a front-of-mind issue across just about every organization and industry there is. Numerous high-profile breaches over the last several years have grabbed big headlines and thrown customer trust in those companies into question. So needless to say, cybersecurity is big business today. But these days it's about so much more than simply fortifying security procedures and keeping customer data safe from hackers. Consulting caught up with Tony Buffomante, U.S. Lead of KPMG's Cybersecurity Practice to talk about KPMG's recent acquisition of Cyberinc, the world's largest identity and access management technology provider, and what it means for KPMG's cyber capabilities.
Consulting: How would you describe KPMG's overall cybersecurity strategy?
Buffomante: KPMG's strategy for cybersecurity for the past many years now has been to continue to offer a full suite of services to our clients. That starts with strategy, rolls through to implementation as well as assistance with managing operations, then if it goes go wrong, helping with breach response activities. We have capabilities in each of those areas, and when we look at the complexity that our clients are dealing with, look at the pace of change and innovation our clients are faced with today and how they want to leverage technology to get closer to their customers or to bring new products or services to market, our goal is to continue to integrate cyber into our broader digital transformation offerings.
Consulting: What made Cyberinc an attractive acquisition target?
Buffomante: We were looking for an organization and set of capabilities that can continue to drive the implementation of real solutions that connect with the rest of the firm. When I think about customers creating new banking customer portals, for example, managing not only tens of thousands or hundreds of thousands of customer IDs within the walls of their enterprise, but when they're dealing with millions of customers across the globe and making sure they have a seamless and secure experience with that portal. These are the types of things that are driving business today, and the capabilities, not only the talent but also the intellectual property and managed services capability Cyberinc has, was attractive to be additive to the existing implementation skills and qualifications that KPMG already has in cyber.
Consulting: What are the plans for integrating Cyberinc within KPMG?
Buffomante: Today we have an existing set of resources that execute identity management strategy and implementation activities. We will be folding in those resources into that transformation pillar as we call it. So we will bring over the resources in totality and they will fold into that operational structure. Our goal is to take the existing technical depth and talent that's added to our team and add that to our broader digital transformation play, which basically allows Cyberinc folks to gain access to C-level executives and have board-level relationships for these bigger, broader transformation initiatives that candidly they didn't have on their own. It helps us continue to add depth to our team and broaden the technologies that we'll be able to implement at scale. We're not going to run this business on its own, we're going to make sure we integrate that into the transformation pillar.
Consulting: How is the cybersecurity landscape changing, especially from a C-suite perspective?
Buffomante: I'm fortunate to be able to sit in on about two board meetings a month for clients across the country that are struggling with not just how to mitigate cyber risk, but how to change the conversation to leverage and market cyber capabilities to their customer base to drive growth. When you think about clients that are trying to connect with their customers in different ways, leveraging better automation for not only their back-office, but their middle-and front-office, this whole topic not only of cyber but also around identity becomes core to that conversation. So you're seeing momentum that really started in probably 2013-2014 before this became a major board topic. That momentum is continuing but the conversation is changing in a way for the better for all of us. We're not talking about fear and uncertainty and doubt; we're talking about how do we drive competitive advantage and leverage cyber capabilities.
Consulting: Is part of today's risk landscape embedding best cybersecurity practices into companies' DNA?
Buffomante: Absolutely. I would even take that a step further to say in helping to market those capabilities to their end customers. One client that's in the automotive and manufacturing space has processes and procedures to develop materials and products on a just-in-time basis and have been incredibly successful in that. They want to branch out into tangential markets in the aerospace and defense business. To be able to do that, certainly there are some additional requirements placed upon them from a security and compliance perspective. So the organization that has those policies, those procedures, those controls in place as part of their DNA, those that build security into their products and solutions and can demonstrate via third-party risk assessments, certifications and the like have a competitive advantage over the rest of the landscape in trying to get those contracts.That's what we're seeing today.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.