Information security
11.01 2023

Information security can only be ensured at a high level of quality under the leadership of a competent Chief Information Security Officer

Why is information security important and what is its main purpose in the context of a company’s business activities?

The answer is not difficult – information security (and security more broadly) allows a company to continue its core business despite any external attempts to steal its valuable data or render its physical and technological assets unusable. However, ensuring information security requires that a company have adequate area-specific competence.

Against this backdrop, it is indispensable for almost any company and organisation today to have a sufficiently competent Chief Information Security Officer (CISO), or at least a person who has some basic knowledge of information security management. A Chief Information Security Officer is responsible for managing the information security of a company or organisation and has the best overview of the current security situation of the company’s most valuable data and information assets. If there is no CISO in a company, there is no central manager who would be competent to make decisions in all matters related to information security. This may lead to a lack of coordination and oversight of the organisation’s information security, which in turn may increase the risk of cyber-attacks, data leaks and other security incidents.

The role of a Chief Information Security Officer, or CISO

The main task of a CISO is to ensure the achievement of the three objectives of information security: availability, integrity and confidentiality. To ensure that these objectives are met, the CISO consistently manages the implementation of technical and organisational protection measures and the monitoring of their functioning within the company. They make sure that the measures comply with the best information security standards in the context of changing circumstances.
Today, the role of a CISO is often primarily associated with protecting the company’s IT-specific assets, but in fact, important (sensitive) information is not only in digital format. Therefore, a CISO must ensure that effective safeguards are in place to protect the company’s information regardless of its format, whether it is digital, on paper or transmitted orally.

CISO as a service (CISOaaS) – who can benefit and how?

A CISO is a top expert, and to be able to perform the duties of this position requires a sound knowledge of information technology and experience in managing people and processes. Due to the ongoing technological innovation, a CISO needs to stay abreast of the latest developments in information security. Therefore, it usually takes considerable resources to maintain a CISO’s competence in-house. However, today’s highly competitive labour market makes it extremely difficult to find talented people and to keep them professionally competent and motivated.

This is where KPMG’s CISO as a service (CISOaaS) can be a solution for companies:

  • by assessing the needs of different companies, we have created a service that allows you to outsource CISO’s responsibilities;
  • the service is provided by our top experts who have relevant experience and internationally recognised professional certificates;
  • the content of our CISOaaS is not provided by a single KPMG expert, but we offer our clients a whole team;
  • our team members have experience working as CISOs, IT system administrators and physical security experts, as well as in computer network and web application penetration testing, digital forensics and much more.

CISOaaS enables companies to acquire the competence of a CISO without having to search for a specialist in the labour market, hire them and maintain their competence in-house.


Igmar Ilves
Senior Cyber Security Advisor
KPMG Baltics OÜ

Cyber Security Expert: IT Hygiene Should Not Be Neglected During Holidays and Vacations

The line blurring between work and spare time, and the widespread use of remote work mean that peo..

Cyber security

A Company Must Not Be Bought Without a Pre-transaction IT Audit

It is a volatile time for economy, which always leads to businesses being purchased and sold. For ..

Cyber security

How To Prepare for Overcoming a Cyber Incident

It is no longer a question of if cyber incidents take place, but when they will take place. Based ..

Cyber security

Too Many Companies Underestimate IT Risks

Mihkel Kukk, Head of Cyber Security Services at KPMG, notes that, although great importance is att..

Cyber security

KPMG Cyber Security Expert: Chief Information Security Officers (CISOs) Play a Key Role in Combining Business and Information Security Objectives

"Not dealing with information security should not be seen as an IT risk, but rather as a strategic..

Cyber security

KPMG: artificial intelligence cannot replace a doctor

Mihkel Kukk, Head of Cyber Security Services at KPMG, says that artificial intelligence cannot rep..

Artificial Intelligence

Provide a safe and sustainable business environment for your company. We help build a resilient and reliable digital landscape, even in the face of changing threats.

KPMG Baltics OÜ

+372 626 8700
cyber@kpmg.ee
Narva mnt 5, 10117 Tallinn, Estonia
${item.title}
KPMG Baltics KPMG Global Privaatsuspoliitika
KPMG IT Audit
Oma veebilehel kasutame küpsiseid. Küpsised aitavad analüüsida veebiliiklust ning annavad meile statistilist teavet.
Email again:

HR assessment 

HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.

Email again:

Threat assessment

Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.

Email again:

Maturity assessment

Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.

Email again: