11.01 2023

Information security can only be ensured at a high level of quality under the leadership of a competent Chief Information Security Officer

Why is information security important and what is its main purpose in the context of a company’s business activities?

The answer is not difficult – information security (and security more broadly) allows a company to continue its core business despite any external attempts to steal its valuable data or render its physical and technological assets unusable. However, ensuring information security requires that a company have adequate area-specific competence.

Against this backdrop, it is indispensable for almost any company and organisation today to have a sufficiently competent Chief Information Security Officer (CISO), or at least a person who has some basic knowledge of information security management. A Chief Information Security Officer is responsible for managing the information security of a company or organisation and has the best overview of the current security situation of the company’s most valuable data and information assets. If there is no CISO in a company, there is no central manager who would be competent to make decisions in all matters related to information security. This may lead to a lack of coordination and oversight of the organisation’s information security, which in turn may increase the risk of cyber-attacks, data leaks and other security incidents.

The role of a Chief Information Security Officer, or CISO

The main task of a CISO is to ensure the achievement of the three objectives of information security: availability, integrity and confidentiality. To ensure that these objectives are met, the CISO consistently manages the implementation of technical and organisational protection measures and the monitoring of their functioning within the company. They make sure that the measures comply with the best information security standards in the context of changing circumstances.
Today, the role of a CISO is often primarily associated with protecting the company’s IT-specific assets, but in fact, important (sensitive) information is not only in digital format. Therefore, a CISO must ensure that effective safeguards are in place to protect the company’s information regardless of its format, whether it is digital, on paper or transmitted orally.

CISO as a service (CISOaaS) – who can benefit and how?

A CISO is a top expert, and to be able to perform the duties of this position requires a sound knowledge of information technology and experience in managing people and processes. Due to the ongoing technological innovation, a CISO needs to stay abreast of the latest developments in information security. Therefore, it usually takes considerable resources to maintain a CISO’s competence in-house. However, today’s highly competitive labour market makes it extremely difficult to find talented people and to keep them professionally competent and motivated.

This is where KPMG’s CISO as a service (CISOaaS) can be a solution for companies:

  • by assessing the needs of different companies, we have created a service that allows you to outsource CISO’s responsibilities;
  • the service is provided by our top experts who have relevant experience and internationally recognised professional certificates;
  • the content of our CISOaaS is not provided by a single KPMG expert, but we offer our clients a whole team;
  • our team members have experience working as CISOs, IT system administrators and physical security experts, as well as in computer network and web application penetration testing, digital forensics and much more.

CISOaaS enables companies to acquire the competence of a CISO without having to search for a specialist in the labour market, hire them and maintain their competence in-house.


Igmar Ilves
Senior Cyber Security Advisor
KPMG Baltics OÜ

KPMG: artificial intelligence cannot replace a doctor

Mihkel Kukk, Head of Cyber Security Services at KPMG, says that artificial intelligence cannot rep..

State funding to improve the cyber security of companies

The joint organisation of Enterprise Estonia and KredEx, together with the State Information Syste..

The most cost-effective way to identify information security and cyber security vulnerabilities is through cyber maturity assessment

The most cost-effective way for companies and other organisations to identify their cyber security..

When did you last do a penetration test on your web application?

Almost every company is targeted by cybercriminals in one way or another. KPMG cyber security expe..

KPMG: Artificial intelligence and machine learning are a hard nut to crack for corporate cyber security

Artificial intelligence (AI) and machine learning (ML) offer many benefits for businesses, but wid..

Provide a safe and sustainable business environment for your company! We will help you build a resilient and reliable digital world, even in the face of changing threats.

KPMG Baltics OÜ

+372 626 8700
itaudit@kpmg.ee
Narva mnt 5, 10117 Tallinn, Estonia
${item.title}
KPMG Baltics KPMG Küberkaitse KPMG Global Privacy Policy
Oma veebilehel kasutame küpsiseid. Küpsised aitavad analüüsida veebiliiklust ning annavad meile statistilist teavet.
Email again:

HR assessment 

HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.

Email again:

Threat assessment

Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.

Email again:

Maturity assessment

Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.

Email again: