Best Use of Thought Leadership
KPMG partnered with the Department for Science, Innovation and Technology to deliver industry leading economic analysis that reveals the true cost of cyber attacks, empowering government, critical infrastructure providers and businesses to strengthen strategy, investment decisions and national cyber resilience.
Cyber-attacks are taking a toll on the UK economy, and the UK government is moving quickly to shore up the nation’s cyber security and preparedness, with the Department for Science, Innovation and Technology (DSIT) assuming responsibility for government and public sector cyber security and working to encourage organisations across the UK economy to raise their cyber resilience.
To better assess the materiality of the risk and better design their policy approaches, DSIT commissioned a series of reports aimed at creating a much more holistic view of what the risks are and the economic cost of different scenarios and contexts.
KPMG is one of the country’s leading cyber security firms and we have an exceptional economics team with deep experience conducting economic analysis. We were the right team to help DSIT.
Working closely with academics from University College London, we developed a range of approaches and designed an overall workplan to enable us to best model the costs under each scenario and context. We undertook comprehensive literature reviews to understand the existing evidence. We created impact maps to show how cyber-attacks may affect the provision of goods and services. We engaged with stakeholders to gather data and inform our assumptions. And we used our findings to provide DSIT with quantitative evidence on the cost of cyber-attacks.
The reports have been well received by industry and businesses – particularly those involved in critical national infrastructure or the provision of key services – who are already using the findings to analyse the risks and potential costs of cyber-attacks. This is helping organisations and cyber security leaders to improve their strategies, develop investment business cases and enhance their cyber posture.
The reports have also proven valuable to the government’s analyst community, with around 80 government analysts and cyber policy officials attending our presentation on the findings. Analysts from multiple government departments have also used our methodologies to inform potential future research into other business resilience risks.
Since their publication in November 2025, the reports have been viewed over 3,000 times on GOV.UK. On top of this, the key findings have been frequently cited in ministerial speeches and responses to parliamentarians’ queries regarding the impact of cyber-attacks on the economy, in particular with regards to the introduction to Parliament of the Cyber Security and Resilience Bill.
We are proud of the work we have delivered and believe it will play a key role in the development of policy decisions and frameworks within DSIT and across aligned government departments.
View the profile in the MCA Members Directory.