Cyber security for the mid market

If you’re unsure what’s working or where to focus, start here.

We provide independent assessments to help you understand your current maturity, identify gaps, and decide where to go next. Our focus is on clarity, not scoring, and on advice you can act on.

• Assess maturity across governance, controls, response capability and leadership.
• Benchmark performance against sector norms and risk tolerance
• Deliver findings in practical terms that guide decisions.
• Run health checks during uplift, after incidents, or before major investments.
• Recommend next steps aligned to risk, outcomes and capacity.

If you have a plan, we help make it real. If you don’t, we’ll help build one that fits.

Many organisations have cyber initiatives underway, but few have a coordinated plan that reflects their risk, obligations, and resourcing. We help clarify direction, align stakeholders, and support delivery.

• Build or refine your cyber strategy based on business context, obligations and risk appetite
• Translate strategy into practical delivery plans across governance, controls, capability and timing
• Provide embedded cyber advisers or virtual CISO Adviser support for organisations without dedicated teams
• Align internal teams, remove duplication, and maintain momentum over time

If a cyber event tests your organisation tomorrow, will it be ready?

We help you prepare for incidents before they happen and support you when they do. We focus on decision-making under pressure, leadership coordination, and regulator-facing readiness.

• Review and improve incident response plans, protocols and governance
• Run tabletop exercises for executives, operational teams, and board members
• Assess readiness against regulatory expectations and internal accountability
• Support post-incident debriefs, root cause analysis, and improvement planning

Regulatory and stakeholder expectations continue to rise. We help you understand your obligations, assess your current state, and strengthen your governance and compliance environment.

• Map and address obligations under the Privacy Act, Cyber Security Act 2024, SOCI Act, CPS 234 and other instruments
• Align with frameworks including ACSC Essential Eight, AESCSF, ISM, ISO 27001, VPDSS, PSPF, PDSS, PCI DSS, SOC 2, and NIST CSF
• Review and uplift control design, documentation and assurance evidence
• Conduct internal audits, management reviews or readiness assessments
• Provide privacy management support, including breach response planning and OAIC alignment
• Support third-party and procurement reviews to manage external risk

Cyber risk stems from the everyday choices people make. Our cutting-edge cyber learning and training program empowers your workforce to adopt stronger security behaviours.

We provide impactful training initiatives to transform behaviour and enhance your organisation’s security posture. From targeted messaging to full program delivery, we support uplift across business roles and maturity levels.

• Evaluate the effectiveness of your current training and awareness approach
• Design behaviourally informed campaigns across teams and business units
• Deliver programs using your content or KPMG’s Cyber Learning Unlock platform
• Track engagement, participation, and measurable improvement
• Tailor messaging by role, exposure and risk profile