Cybersecurity Considerations 2025: Technology, Media & Telecommunications

Amid growing economic uncertainty and the ever-evolving geopolitical landscape, the role of Chief Information Security Officer (CISO), in general, and within the Technology, Media, and Telecommunications (TMT) sector, in particular, has become quite complex and demanding. The proliferation of smart, connected devices powered by Internet of Things (IoT) has not only expanded the attack surface but also triggered a shadow technology environment, which adversaries are exploiting using increasingly sophisticated tactics such as deep fakes and polymorphic malware. CISOs must navigate these complexities while safeguarding critical data and staying ahead of cyber attackers.

CISOs in organisations across various TMT subsectors are at forefront of addressing the constantly emerging threats, evolving global regulatory compliance requirements and emerging risks due to rapid adoption of digital technology. Many are recognising the importance of positioning their work as a matter of building and maintaining trust, rather than solely satisfying regulatory compliance obligations, as cyber security is becoming a critical element in the products and services offered by the TMT industry. This dynamic has a direct impact on an organisation's revenue, profits, and reputation, thus requiring today’s CISOs to speak the language of business and engage more directly with C-suite colleagues to justify the need for ongoing funding and resources.

TMT subsectors have similar business drivers and multiple synergies which has led to boundaries becoming blurred. However, at the same time, each of these subsectors has unique security challenges. For example, technology services priorities include regulatory compliance, supply chain risk management, and mitigating human risk. On the other hand, software as a service (SaaS) providers are focusing on platform resilience and artificial intelligence (AI) security to protect global operations and reputation. Proactive measures specific to these imperatives are essential. Indeed, according to KPMG research, 55 percent of TMT CEOs cite cybersecurity as their top overall challenge.¹ For many CISOs, taking a proactive and strategic approach to cybersecurity is crucial to staying ahead of potential threats in today’s environment and also position it as competitive differentiator.

To enhance their defensive posture, many CISOs across TMT are increasingly relying on automation and AI to help bridge gaps left by traditional manual processes and bolster overall security frameworks. Utilising a centralised platform to consolidate multiple tools and processes into a cohesive system is a key strategy for managing alert fatigue, improving decision-making and mitigating risks more effectively. Ensuring resilience is another key area that CISOs are focused upon and newer strategies around data security (specifically with heavy adoption of AI), cloud-based recovery environments, and newer innovative methods are gaining traction, as well.

This report explores cybersecurity considerations for the TMT sector. It provides an in-depth analysis of prevalent challenges, emerging strategies, and the evolving roles of CISOs. It aims to equip security leaders with the knowledge and tools necessary to enhance their efforts, build trust and pursue resilience in a fast-changing digital landscape.

Key cybersecurity considerations for TMT companies in 2025

* Click to read more

Embed trust as AI proliferates
Platform consolidation: Embrace the potential but recognise the risks
Resilience by design: Cybersecurity for businesses and society

Embed trust as AI proliferates

While AI becomes increasingly embedded in business operations, many cyber leaders are focused on ensuring that security and privacy implications are appropriately factored in. Other stakeholders also continue to be apprehensive about data use and access issues. Nevertheless, these concerns need to be balanced against the potential of AI to enhance productivity across various organisational functions. In general, sector CEOs believe that AI (both generative and agentic) has the potential to benefit the industry through increased innovation, workforce enablement, fraud detection, and response to cyber-attacks. Reflecting this optimism, KPMG research has found that 78 percent of TMT sector CEOs cite Gen AI as a top investment priority. Meanwhile, 66 percent believe that ethical concerns are the biggest barrier when implementing Gen AI.²

The TMT sector is associated with constant development of AI technology, which is intended to add value across the wider global economy. This is also becoming a driving force for TMT companies to be at forefront of adoption of AI for their own products, services and processes. To increase acceptance and mitigate risks, it is crucial to work to embed security and, broader trust into AI systems from the outset. By proactively addressing these elements during development, organisations can avoid the costly pitfalls of retrofitting security measures or facing regulatory consequences and reputational damage following an incident. Having trust as a fundamental element of the AI development framework will significantly influence the successful adoption and long-term viability of AI-driven products and services.

Platform consolidation: Embrace the potential but recognise the risks

Organisations are rethinking their technology stack as they seek to reduce complexity and costs. This trend extends to security technologies, where a shift from best-of-breed solutions to more unified platforms is gaining momentum. Historically, while this approach prioritised leading security , it also created a need to manage engineering, which encompasses numerous disparate skills, across multiple tech platforms. This can lead to difficulty in integrating systems and, ultimately, higher costs. In the current environment, with the advent of cloud-based cyber platforms, CISOs must devote increased mindshare to the adoption of platforms to drive efficiency and productivity.

The move toward platform consolidation is rooted in a desire for streamlined operations, lower costs, and more efficient management. However, it could also be considered a factor in the creation of new challenges, such as concentration risk and vendor lock-in, where dependence on fewer vendors can expose vulnerabilities and limit flexibility. Navigating these trade-offs requires strategic planning and a deep understanding of the cybersecurity landscape to help ensure simplification does not come at the expense of security or long-term adaptability.

Resilience by design: Cybersecurity for businesses and society

The TMT sector is integral to the functionality of critical infrastructure in today’s highly connected world. Without a robust plan for strengthening cyber resilience, the consequences of attacks can be far-reaching, affecting essential services and, in some cases, overall societal stability. Therefore, preparing for the full impact of potential critical infrastructure attacks is essential for ensuring both organisations and the broader community remain resilient in the face of evolving cyber threats.

Cyber resilience involves three key components: reducing the attack surface to lower the probability of an attack, quickly identifying and responding to incidents to minimise their impact and ensuring swift recovery. Effective cyber resilience is vital for organisational stability and ongoing security, particularly considering the increasing reliance on interconnected systems.

Key challenges

Sophistication of cyber-attacks

Cyber-attacks are becoming much more advanced, with threats like ransomware, DDoS (Distributed Denial of Service), AI-powered attacks, and state-sponsored schemes targeting critical infrastructure. TMT companies, especially in telecommunications and media, are prime targets because of their vital role in the flow of data and information.

Vast attack surface

The TMT sector's interconnected nature, with multiple adjacent devices, networks, cloud environments, and third-party services, creates a vast attack surface. This complexity makes it challenging to monitor, secure, and defend all potential entry points.

Complex supply chain security

TMT companies rely heavily on third-party vendors and partners. A breach or vulnerability in one of these external systems can compromise the entire infrastructure. Managing the security posture of the extended supply chain remains a critical area for long-term resilience.

Real-time threat detection and response

Given the high volume of data traffic and essential services provided by TMT companies, detecting and responding to cyber threats in real time is crucial. However, many companies struggle to implement adequate monitoring and response mechanisms because of the vast scale and complexity of their operations.

Evolving threat landscape

The nature of cyber threats is constantly evolving, with new attack vectors emerging regularly. TMT companies must continuously adapt their cybersecurity strategies to keep up with developing technologies such as 5G networks, IoT (Internet of Things), AI, and quantum computing, all which can introduce new and varied vulnerabilities.

Key opportunities

Investment in advanced cybersecurity technologies - Implementing leading cybersecurity technologies such as AI-driven threat detection, machine learning, and blockchain for secure transactions and data integrity can help improve the speed and accuracy of threat identification and response.

Partnerships and collaboration - TMT companies are encouraged to collaborate with government agencies, cybersecurity firms, and other industry players to share threat intelligence and best practices and develop joint solutions. These partnerships can strengthen the industry's collective resilience and lead to better protection across critical infrastructure.

Resilient infrastructure development - Designing and building resilient, redundant, and efficiently distributed infrastructure to help minimise the impact of cyberattacks should be a key CISO objective. Tech companies can leverage the power of cloud technology to enhance resilience.

Regulatory compliance and risk management - As regulations around data protection and cybersecurity become stricter, TMT companies can offer tools and services that help other organisations stay compliant. Thus, TMT companies can establish themselves as trusted leaders in cybersecurity.

CISOs across the TMT spectrum should adopt a proactive approach to cybersecurity and resilience. Advanced threat detection systems, comprehensive employee training, regular security audits, collaboration with third-party providers, and the development of robust recovery and continuity plans will all continue to be essential. By addressing challenges proactively, organisations can strengthen their defences and enhance their overall security posture.

Real-world cybersecurity in TMT

The need for enhanced decision-making and operational efficiency places a spotlight on advanced data and analytics solutions.

KPMG India helped a global data and AI firm embark upon a cyber transformation journey to enhance its SOC using advanced cybersecurity technologies. This focus on modernisation included adopting a platformisation approach, which significantly improved the organisation’s overall security posture and yielded substantial cost savings by consolidating licensing and streamlining procurement.

A platform-oriented approach successfully unified security operations, achieving comprehensive coverage with 90,000 events per second (EPS), over 200 detection rules, and more than 20 user and entity behaviour analytics (UEBA) rules. This strategy also impacted incident response, enabling automatic correlation of alerts and logs, which led to quicker fixes and reduced incident response times.

Additionally, integrating a leading cloud security management application provided robust security for over 500 cloud accounts and more than 300,000 cloud resources, helping ensure robust security and continuous monitoring across hybrid and multi-cloud environments. Automating 10 distinct use cases and 65 playbooks further modernised incident response processes, enhancing efficiency and reducing response times.

KPMG India played a crucial role at all stages of this transformation, optimising resource utilisation and streamlining incident response processes. This work included transitioning playbooks from legacy systems to an automated cloud-based service—which saved the equivalent of approximately four full-time employees yearly—and integrating a generative AI-powered cybersecurity tool to improve threat response and compliance monitoring.

The successful transition to a next-gen SOC marked a significant milestone in the firm's cyber transformation journey. With the right approach, organisations can achieve significant improvements in security operations, ensuring a robust and compliant security posture while optimising resources.

Top priorities for TMT security professionals

Building trust in AI to enable increased adoption of AI technologies.

Sponsoring transformation programmes to drive and build cyber resilience.

Enhancing decision-making through comprehensive visibility on cyber risks by adopting integrated platforms.

Shifting from reactive to proactive security strategies, including threat hunting and red teaming exercises.

How KPMG professionals can help

At KPMG, we bring extensive experience to help address the cybersecurity challenges faced by the TMT sector. Our professionals offer services such as cyber cloud assessments, privacy automation, third-party security optimisation, AI security, and managed detection and response. We can assist in ensuring cybersecurity programmes are properly aligned with global regulations and business priorities.

By developing tailored digital solutions and implementing proactive cyber defense strategies, we help organisations move from a reactive to a proactive. This includes designing appropriate responses to cyber incidents and promoting a focus on trust and resilience. Our wide-ranging approach supports TMT organisations as they seek to swiftly identify threats, minimise impacts, and recover effectively. This helps them maintain the security and reliability of their critical infrastructures.