Between 2020 and 2024, KPMG supported the UK’s largest overseas cyber capacity-building project in history. The UK’s Foreign, Commonwealth and Development Office (FCDO) wanted to improve digital access and safety in five key developing markets. One pillar was focused on helping those markets to become more cyber-savvy, safe and resilient. The programme involved a consortium of 21 suppliers across six countries. Coordinated by KPMG, they worked together to address the significant impacts of cyber threats in developing countries and preventing harm to citizens and businesses. Judges were trained to help improve cyber prosecutions, small businesses’ defences were bolstered and a national cybersecurity school curriculum was created. Government staff were trained in cybersecurity and a new Data Protection Commissioner Office was established. In Brazil, the materials reached up to 120 million people. One project in Nigeria reached more than 10% of the population. The programme delivered outsized, sustainable impacts, and the blueprint it created is now being considered for other markets – including Ukraine and India.CASE STUDY 4 How KPMG helped the FCDO create a safer, more accessible digital world Some 72% of organizations state that their cyber risks have increased over the past 12 months, and 63% cited the complex and evolving threat landscape as their greatest challenge to becoming cyber resilient. Organizations must continually prepare to respond to cyberthreats, with the basics of cyber hygiene – including a continued focus on foundational practices and a process to manage vulnerabilities – not being neglected amid rapid technological adoption and change. Public–private partnerships and collaboration have been shown to be of increasing value in addressing the complexity of modern cyberthreats. Of the surveyed organizations, 50% rank information- sharing and threat intelligence as the most effective international cooperation measure – for example, through computer emergency response teams (CERTs) or information-sharing and analysis centres (ISACs). As cybercrime becomes more sophisticated and borderless, defenders are embracing international collaboration through an ecosystem-based approach to allow for collective defence against sophisticated criminal groups. While information- and intelligence-sharing are critical, leaders at the 2024 Annual Meeting on Cybersecurity concluded that such efforts are still fragmented and siloed, hindering effective action.The organizational response to the cyberthreat landscapeCyber resilience – defined as an organization’s ability to minimize the impact of significant cyber incidents on its primary goals and objectives – demands continuous vigilance and planning.41 Accepting that 100% security is unattainable, organizations must develop adaptable strategies that contribute to uplifting not only their own organizational resilience but also that of the wider ecosystem on which their own resilience depends.2.4 The state of cyber resilience The capacity of organizations to orchestrate a timely and effective response to cyber incidents is being tested by the increasingly complex nature of cyberthreats faced today. Essential to effective incident response is a security culture that emphasizes openness and transparency. High-resilience organizations establish incentives for incident reporting through various supportive measures: 76% provide cyber training and awareness, 62% have supporting teams to assist in reporting and 48% operate anonymous reporting channels. Such an environment nurtures collaboration and a collective defence mindset, which is critical for addressing sophisticated and complex threats.Incident response and management63% of organizations cited complex and evolving threat landscape as their greatest challenge to becoming cyber resilient. Global Cybersecurity Outlook 2025 32