Laurie Gibbett, Cyber Risk Quantification Manager, KPMG
Every business plan now includes information technology as a crucial and integral part. IT is used not only by multinational firms that manage mainframe systems and databases but also by small businesses that own just a single computer.
The UK IT Industry Awards are the largest and most well-known event in the technology industry calendar. Owned and operated by BCS, The Chartered Institute for IT and Computing, the awards enjoy a level of professionalism and industry knowledge not seen at other shows.
This year's winners will be announced at a live awards ceremony on Wednesday 8th November in London.
KPMG has reached the shortlist for not just one or two, but six categories: Cloud Innovation of the Year; Apprentice of the Year; Business Analyst of the Year; Mentor of the Year; Development Team of the Year; and Security Innovation of the Year.
We caught up with Laurie Gibbett, cyber risk quantification manager at KPMG Cyber Risk Insights, to find out more about the company's priorities for the next 12 months.
Laurie is enabling organisations to make more informed decisions when it comes to cyber risk management, through the adoption of, and as an ambassador for cyber risk quantification practices. Laurie uses Cyber Risk Insights as an enabler to assess the cyber risk exposure of organisations in financial terms and advise on investment priorities that maximise risk reduction. She is increasingly supporting organisations to bring risk quantification in-house as part of their wider risk management capabilities, so that risk reduction is continuously measured, demonstrating the value of cyber investments.
Computing: Please provide some background on KPMG for our readers. What makes you different from other companies?
Laurie Gibbett: KPMG in the UK has a proud history in professional services. Our capabilities intersect with sectors in our performance groups so that partners and staff can work more cohesively for clients. We describe this model as being capability-led and market-informed.
In 2022 KPMG UK launched KPMG Products, a portfolio of powerful new digital tools and applications, designed to help clients address some of the most challenging issues facing their businesses. Cyber Risk Insights is one of these products that has been driving positive change in the cyber industry, offering a solution for more objective, evidence-based decisions on risk management.
What one company achievement in the last 12 months are you most proud of?
I am incredibly proud of the multi-disciplinary team that has got Cyber Risk Insights to where it is today. Cyber Risk Insights has been on a journey of innovation, powered through the expertise of KPMG UK subject matter experts across Cyber Security, Data Modelling, Software Engineering, Cloud, Econometrics, Digital Design, and Actuarial.
Our cyber risk quantification modelling started in Excel in 2016, with a combination of formulas, Power Query and Visual Basic. By 2022, we had productised 3 discrete excel models into a fully functional WebApp. Fast forward another year to June 2023, and the team are now using the latest version of the product, with a completely overhauled user experience and user interface - making it a fully licensable SaaS product for our clients globally.
Our team's ambition is to change cyber risk management for the better, enabling leaders to make data-driven decisions. To do this, cyber risk quantification needs to be as easy to adopt as possible and accessible to businesses of all maturities, sizes, and industries. Today, Cyber Risk Insights is available as a SaaS risk quantification product enabling organisations to bring cyber risk quantification in-house, integrated as part of their wider risk management practice.
Also, as a new product to the market, whilst traditionally being known as a services-organisation, we were over the moon to hear we were shortlisted as a finalist for the Security Innovation of the Year Award. Our approach to innovation is client-centric, as we prioritise our product roadmap on features which help answer our clients' most prominent cyber risk management questions.
What are you working on this year?
The launch of Cyber Risk Insights as a SaaS product in the risk quantification space is just the beginning. We're already working on the next set of product enhancements and features, all driven by collaboration and feedback from our clients and partners.
Additional benefits coming to the product soon include:
- Assessing impact with less manual effort, enabled through the OSINT database we have developed which looks at the financial impact of historical cyber incidents across industries.
- Get visibility of your cyber risk exposure quickly, through a 2-hour rapid risk quantification assessment, enabled through Cyber Risk Insights and supported by our risk quantification SMEs.
- Understand how your cyber risk exposure compares to other organisations in your industry and contextualise insights, through our benchmarking feature.
Why are events like the UK IT Awards important to the IT industry?
I felt the UK IT Industry Awards' judging process was transparent, allowing participants to understand how decisions are made and provides a clear framework for evaluation. This assured me that we were being assessed objectively and fairly. This principle of integrity enhances perceptions of the credibility of award and no doubt encourages more participation.
I believe events like this play an important role for recognising outstanding and upcoming organisations, people, and products in the technology sector. They provide a platform to showcase innovation, build a community of thought leaders and help shape the industry's future. Together we can make positive change in the tech industry. Congratulations to all the finalists!
The UK IT Industry Awards will take place on 8th November in London. Click here to view the shortlist and here to book your table.
