Press release

KPMG’s Cyber Risks Insights receives Leader status

Published on
June 23, 2025
Copy link

KPMG, with its cyber risk product CRI, has been named as a leader in The Forrester Wave™: Cyber Risk Quantification Solutions, Q2 2025.

Cyber Risk Insights (CRI) takes a scenario-driven approach to more accurately assess the likelihood and impact of cyber-attacks. Developed by KPMG’s multi-disciplinary teams, CRI combines more than 10 years of cyber risk quantification expertise with a best-in-class user interface and transparent modelling all in one Cyber Risk Quantification solution.

Forrester’s report evaluated 10 firms, with KPMG cited as the only major professional services firm to offer its own full-featured CRQ solution. It assessed them in three categories: Strategy, Current Offering, and Customer Feedback.

The report notes “[CRI’s] vision of making CRQ more accurate, accessible, and actionable at scale reflects its deep understanding of modern risk management challenges”. The report continues, “[CRI] offers superior user experience, with a highly intuitive interface and some of the most in-depth in-product guidance to help technical and nontechnical users conduct risk analyses from start to finish.”

Martin Tyley, Global Lead Partner for CRI at KPMG, said: “We are very proud to be recognised as a Leader by Forrester in cyber risk quantification solutions. For us, it’s a testament to our commitment to innovation in cyber security and a recognition of the partnership we have with our customers. Together, we have been able to push the boundaries of what CRQ can do – and we’re only just getting started."

“CRI was developed to help provide accurate and in-depth guidance to businesses looking to understand their cyber risk in financial terms. Understanding cyber risk has never been so important for organisations.”

James Hanbury, Co-founder and Global Lead Director for CRI at KPMG, said: “Being named a Leader is more than a recognition – we believe it’s validation of the hard work, the vision, and the belief that cyber risk management can and should be done differently. It’s a credit to the team and the clients who have helped shape this platform into what it is today.

“We’re grateful for the recognition – and even more motivated for what comes next.”

Share this post
Press release
- ENDS -
For media enquires, please contact:
Heather Gilchrist, Media Relations Manager, KPMG UK
Tel: +44 7874 889011
Email: Heather.Gilchrist@kpmg.co.uk
KPMG UK Media Relations
Tel: +44 (0) 207 694 8773
Notes to editors
Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here: https://www.forrester.com/about-us/objectivity/.
About CRI
Starting in 2016 with a single Excel model, CRI is now a one-stop Cyber Risk Quantification (CRQ) SaaS solution to transform how organisations can measure cyber risk, in business terms. Cyber Risk Insights (CRI) takes a scenario-driven approach to more accurately assess the likelihood and impact of cyber-attacks. Developed by KPMG’s multi-disciplinary teams, CRI combines 10+ years of cyber risk quantification expertise with best-in-class native visualisations and modelling all in one CRQ solution.

Today, CRI is used globally by over 100 organisations across 17 industries.
About KPMG in the UK
KPMG LLP, a UK limited liability partnership, operates across the UK with approximately 17,000 partners and staff. The UK firm recorded a revenue of £2.99 billion in the year ended 30 September 2024.  

KPMG is a global organisation of independent professional services firms providing Audit, Legal, Tax and Advisory services. It operates in 143 countries and territories with more than 275,000 partners and employees working in member firms around the world. Each KPMG firm is a legally distinct and separate entity and describes itself as such. KPMG International Limited is a private English company limited by guarantee. KPMG International Limited and its related entities do not provide services to clients. 

Empowering you to make smarter cyber risk decisions.

Discover how we can help you with our scalable cyber risk quantification platform.

Thank you! A member of the team will be in touch shortly.
Oops! Something went wrong while submitting the form. Please try again.