To Keep Cybersecurity Going Strong, Pay Attention to Your People

A new report shows that the federal government should focus less on technology and more on people, cyber hygiene, and cyber as a business enabler

Presented by KPMG KPMG's logo

Cybersecurity never ceases to mystify, whether from an individual, corporate or federal perspective.

In addition to the real vulnerabilities cyber activity presents, a natural fascination with the ins and outs of cybersecurity makes it a complex and popular topic amongst its stakeholders.

Tackling these intricacies is one of the goals in a May 2016 report by (ISC)2 and KPMG LLP, The State of Cybersecurity from the Federal Cyber Executive Perspective.

The report presents results from a survey of federal cybersecurity executives and debuted during May's (ISC)2 CyberSecureGov 2016 conference, where professionals from the public and private sectors discussed the current state of cybersecurity in the United States.

The results shed light on cybersecurity risks, specifically from a federal perspective. Most notable was the finding that respondents viewed the people in their agencies as simultaneously their greatest asset and highest vulnerability.

While federal agencies should do everything they can to build and train their cyber workforce, they must also be wary of it, KPMG Principal Tony Hubbard said.

“There are not many technology controls that are going to prevent someone from clicking on a malware link in an email,” Hubbard said. “We have to continue emphasizing good cyber hygiene, including training and awareness.”

Cyber hygiene, or threat prevention through proactive and continuous implementation of leading cybersecurity practices, has become a necessity. One way agencies can foster good cyber hygiene is through well-defined organizational accountability, which the report suggested should be a major area of continued focus.

Accountability stems from a clear definition of roles. Problems occur when important messages do not have understood recipients or when stakeholders lack the necessary cybersecurity empowerment.

Hubbard and his colleagues at KPMG assist organizations with all facets of cybersecurity, including the organizational transformation required to educate the entire workforce on cybersecurity and their roles in it. From this vantage point, he believes the appointment of a federal CISO will drive positive change.

“All of us working in the cybersecurity field have been asking for continued positive exposure for cybersecurity,” he said. “For the administration to appoint this official is a move in the right direction.”

Ultimately, Hubbard says cybersecurity should be simple, holistic and dynamic. The strongest solutions focus first and foremost on the organization’s business needs and drivers, using technology as a complement to effective processes and controls.

Organizations working with KPMG learn a straightforward but powerful security philosophy: prevent, improve, detect and respond. This approach is built on the company’s pillars of cyber strategy and governance, security transformation, cyber defense and digital response services. KPMG's approach has garnered attention in the industry as KPMG was named a leader in Information Security Consulting Services by Forrester Research earlier in 2016.

Download the report to learn more about the survey team’s findings. For more information on KPMG’s cybersecurity capabilities and insights, visit

This content is made possible by our sponsor. The editorial staff of Government Executive was not involved in its preparation.