CREST Marketplace

KPMG’s cyber incident exercising capability combines structured simulation design with our in-house 4DI platform to create realistic, intelligence-led cyber crisis scenarios. Through tailored exercises, ranging from executive tabletop sessions to full-scale technical simulations, organisations are challenged across strategic, operational, technical, and human dimensions.

Leveraging 4DI ensures scenarios are continuously adapted using current threat intelligence, enabling organisations to test decision-making, response coordination, and resilience under pressure.

Our approach helps you strengthen preparedness, validate incident response capabilities, and improve your cyber resilience.

KPMG provide a full range of CREST & NCSC Enhanced accredited cyber security incident response services all within a sound, forensic wrapper. We handle insider threats, cloud incidents, hacking, ransomware, denial of service and bespoke high-end scenarios. KPMG can help with detection and response as well as provide advice on recovery and implement remediation to restore your environment to a secure state.

KPMG’s cyber incident exercising capability is aligned to the UK National Cyber Security Centre (NCSC) Cyber Incident Exercising (CIE) scheme, combining structured simulation design with our in-house 4DI platform to deliver realistic, intelligence-led cyber crisis scenarios.

Through tailored exercises ranging from CIE-aligned Executive/SCS/Ministerial discussions to immersive, multi-layered simulations organisations and Government Departments/ALB’s are challenged across strategic, operational, technical, and communications dimensions, reflecting NCSC good practice.

Leveraging 4DI ensures scenarios are continuously informed by current threat intelligence and evolving attacker tradecraft to test decision-making, coordination, and response effectiveness under pressure in a controlled but credible environment.

Our approach supports organisations in meeting NCSC CIE objectives, strengthening cyber preparedness, validating incident management arrangements, and enhancing overall resilience against nationally relevant cyber threats.

KPMG have over 15 years’ experience delivering scenario-based simulated attack exercises for global financial services clients. Our assessments focus on demonstrating the impact of realistic threat scenarios; shaped by our collaboration with in-house and external threat intelligence providers, incident responders and SOC teams.

Our goal is to provide you with a truly realistic assessment of your security posture. Post-assessment, we have a global team that can be leveraged to analyse results, define improvements and advise on in-country regulatory matters.

KPMG offer a full range of tailored and issue-led penetration testing services from vulnerability assessments through to advanced red-teaming. Utilising our skilled CREST qualified consultants and our accredited laboratory facilities we deliver penetration tests across the full spectrum of disciplines incl. application, infrastructure, cloud, mobile and products.

As a global consultancy, we are also uniquely placed to provide post-assessment advice and implementation services with a large team of cyber subject matter experts covering areas such as Security Architecture & Design, ISO27001 compliance, SDLC and IAM.

KPMG offer a full end to end vulnerability assessment and management service. From small bespoke environments to large multi-national corporate networks, we are experienced in delivering asset discovery, vulnerability identification, issue triage and tailored remediation plans.

KPMG offer a full range of tailored and issue-led penetration testing services from vulnerability assessments through to advanced red-teaming. Utilising our skilled CREST qualified consultants and our accredited laboratory facilities we deliver penetration tests across the full spectrum of disciplines incl. application, infrastructure, cloud, mobile and products.

As a global consultancy, we are also uniquely placed to provide post-assessment advice and implementation services with a large team of cyber subject matter experts covering areas such as Security Architecture & Design, ISO27001 compliance, SDLC and IAM.

With local experts in the UAE and wider Middle East region, our consultants provide you with local support backed by a global community of specialists.

KPMG LLP is an NCSC approved CHECK company offering penetration testing of IT systems to identify potential vulnerabilities and recommend effective security countermeasures.

With many years of CHECK experience we focus on delivering high-end CHECK engagements to Central Government, Defence and National Security clients.

Our CHECK team is experienced in testing systems operating at the very highest of classifications in the most sensitive locations and has access to appropriate facilities and systems to seamlessly and easily deliver testing results direct to our clients in these environments.

KPMG have over 15 years’ experience delivering scenario-based simulated attack exercises for global financial services clients. Our assessments focus on demonstrating the impact of realistic threat scenarios; shaped by our collaboration with threat intelligence providers, incident responders and SOC teams. Our goal is to provide you with a truly realistic assessment of your security posture. Post-assessment, we have a global team that can be leveraged to analyse results, define improvements, and advise you on navigating regulatory matters.

KPMG have over 15 years’ experience delivering scenario-based penetration tests and simulated attack exercises for the most demanding of global clients across all sectors. Our assessments focus on demonstrating the impact of realistic threat scenarios; shaped by our collaboration with external and in-house threat intelligence providers, incident responders and SOC teams.

Our goal is to provide you with a truly realistic assessment of your security posture. Post-assessment, we have a global specialist team that can be leveraged to help analyse results, assist in defining a tailored roadmap to improvement, implement new security architectures and deliver first class training workshops.

KPMG’s CBEST capability supports financial sector firms in meeting the Bank of England’s intelligence-led testing requirements through the design and delivery of end-to-end, regulator-aligned assessments. Leveraging our deep financial sector expertise, KPMG simulates sophisticated, real-world attacks against critical services to assess your organisation’s cyber resilience.

This includes scenario development, red team operations, and independent oversight, ensuring full alignment with CBEST framework expectations. By combining technical excellence with strong governance and reporting, KPMG enables you to demonstrate resilience to regulators and gain actionable insights to strengthen your defensive posture.

KPMG are an experienced GBEST provider, delivering simulated attack exercises across key central government departments. Our assessments focus on demonstrating the impact of realistic threat scenarios; shaped by our collaboration with in-house and external threat intelligence providers, incident responders and SOC teams.

Our goal is to provide you with a truly realistic assessment of your security posture. Post-assessment, we have a global specialist team that can be leveraged to help analyse results, assist in defining a tailored roadmap to improvement, implement new security architectures and deliver first class training workshops.