Cybersecurity: It’s time to go on offense

Data security is perhaps the biggest challenge facing companies today. It’s also an emerging opportunity to unlock growth and future-proof your business.

As a way to secure the kingdom, moats never really lived up to the hype. Enemies easily built bridges while shooting cannons right over them. Then there was the opportunity cost: It’s tough to expand your empire when you’re always playing defense.

The parallels ring true today. Yes, cybersecurity is one of the biggest risks facing business today, and it may be tempting to build a moat around your data stores until the threat passes. But here’s the problem: The threat isn’t going to pass. In fact, security analysts are focused instead on an ever-expanding and increasingly exotic menu of new hacks (everyone ready for “adversarial AI”?).

As we report in our latest cyber survey, KMPG cyber trust insights 2022, a better approach is to crack open your offensive playbook. It’s time to embrace cybersecurity as an emerging opportunity that differentiates you from and elevates you above the competition. How? By making it a fundamental thread that connects your entire business.

This new report analyzes data and interviews from more than 1,800 executives and company leaders, revealing that companies meeting the ever-changing cybersecurity challenge can transform their business—from growth and expansion to revenue and margin—by building deeper levels of trust with all stakeholders.

Read on to learn how to make cybersecurity the fuel for your growth—and not just more water for a moat.

Cybersecurity begins with trust

Success in business today depends on integrity and transparency in the way information is collected and processed. Customers, partners, investors, and even regulators must trust you before they’ll engage and do business with you. Cybersecurity and privacy play a key role in building and maintaining that trust.

But in the realm of cybersecurity, what does trust even mean? In a word, confidence. Stakeholders should not have to question whether you have the digital infrastructure in place to protect their interests. That’s table stakes, extending across these three key areas:


Security and reliability

Your organization prioritizes the protection of technology and data and is rigorous about ensuring that all systems operate as designed.


Inclusivity and responsibility

Your organization designs, builds, and operates its technology and data as a steward for people, society at large, its environment, and other stakeholders. 


Accountability and oversight

Your organization clearly defines responsibilities for trustworthiness, assigns a directly responsible individual (typically a CISO), and systematically tracks progress.

According to our survey, companies that take an active role in building trust unlock a host of tangible benefits: 37 percent of leaders say improved trust drives profitability, 32 percent believe it ignites innovation, and 29 percent say it grows market share.

CISO as growth enabler

Data matters more than ever: According to our survey, 80 percent of executives recognize the importance of data protection and increased transparency around data use.

Effectively safeguarding data is essential to growing a business: 61 percent of businesses expect to embrace disruptive and potentially riskier new technology platforms like AI and machine learning within two years.

Who, then, is the steward of this emerging opportunity? Enter the CISO 2.0. Long seen as the antiinnovators, chief information security officers are beginning to step into a critical dual role: trust guardian and growth enabler.

Are they there yet? Not quite, according to our survey:

Two-thirds of respondents say information security is still seen as a risk-reduction activity, and 57 percent say senior leadership does not understand the competitive advantages that come with increased trust.

Still, there are pockets of progress. For example, 45 percent of C-suite respondents tell us that they see the CISO as a key executive, and the role is growing rapidly to meet the challenges of digital transformation, increasing cybercrime, and rising regulatory expectations.

CISOs can build their case by helping their organizations define trust, and then use data security and privacy to reinforce this definition. Here are five steps they can take, starting today:

Infuse cybersecurity into the corporate culture—and don’t stop until it’s woven into every business process.


Build an internal team to establish, embed and reinforce digital trust. Who will advocate for you and your mission? Bring them in, from all functions across the company. 

Rethink your sphere of influence. Who better to talk about the ethics of AI, for example, than you?

Win over the C-suite and board. Show them the way by taking the lead.


Spread the word. Collaborate across the organization to continue improving trust—and ensuring that stakeholders are getting the message.

For a deeper dive into each of these areas—and to learn more about building trust through cybersecurity and privacy—explore some of our related resources below.

Contact us

Kyle Kappel

Kyle Kappel

Cyber Security Leader, KPMG US

+1 949-431-7359