While they're saying it's a protection/security thing .. and there is an element to that .. the more I think about it, the more it really is much more about an image/marketing thing.
Rebranding always gets people talking .. and this is a perfect way to get the same attention without actually re-branding .. but in a way it is a virtual rebranding (they don't have the hassle of changing all their stationary .. and all their buildings ... lol).
Also .. the marketing effect of simply making the "claim" of making things more secure for their clients is a really really big deal for a company in the business(es) of KPMG. Significantly more than it "actually" being more secure (particularly since we don't know if they will even be changing their emails).
In general for large companies email typos probably account for 10x the number of security issues than their domain. Half of that or more likely being internal emails. Mind you, that number is less for shorter simpler company names. While there might be people who put in a wrong letter or wrong order for K P M G, this change from kpmg.com to .kpmg won't really change that part of it. Although I suspect there will be analogue "typo" security issues if they do indeed change their emails without keeping the old format and all new variants as redirects.
Effectively they would need to have a catch all SLD to forward everything ...
IE:
Your new email is
[email protected]
But bob@[anything].kpmg (bob@*.kpmg), bob@kpmg and
[email protected] would all forward to you
There is a reason why huge companies are always a version or two behind on their versions of Windows or other major software. It's because they simply cannot risk any stability issues. They wait for the rest of the world to effectively re-re-re-beta test the software for years .. then they finally take the step once it's almost guaranteed to be stable.
In the same way if it were strictly about security, they would likely be on the tail end of companies going to their .brand .. and in fact, with the recent companies cancelling their .brands, they likely should have waited if it was about security. Although the big difference with those companies is that they got their brandTLD mainly for consumer facing marketing reasons (and like defensive reasons in that they were afraid of the unknown), plus not wanting to regret being left out of the trend if brandTLD's really took off (because who knows when the 2nd round of ngTLD's is going to be at this point .. lol). KPMG is mostly business facing .. so ironically their reliance on their choice of specific domain (in terms of marketing reasons) is less of a factor than a consumer facing company.
Remember that smart companies who plan ahead will always use these types of changes as an excuse to reach out and communicate with their clients .. with an end result of securing sales and tightening their business relationships with their clients.
All that said .. yes indeed this is really bad for domainers
IF it sticks. Particularly for one word .com's targeted by $50+ million/year companies who can easily afford and justify their own brandTLD. But I think that's more longer term .. for at least the next 5 and likely 10-15 years they are still going to want the .com for email functionality .. and at least 10-15++ years for defensive purposes.
But at the end of the day this isn't about KPMG ... this is about all the CEOs and CMOs of hundreds of large corporations all over the world noticing the change and asking their respective CTOs what the heck brandTLD's are all about. If they are smart .. the CEOs and CTOs will also recognise the marketing opportunity .. and if even 5-10% make similar changes in the next 2-3 years then it will have a major affect for ngTLD's .. particularly if the next round of ngTLD's is announced sooner rather than later.
If I was in charge of promoting and growing the ngTLD program overall ... given the choice of having all four .coke, .nike, .mcdonalds and .disney using their brandTLDs .. OR .KPMG ... my choice would be .KPMG because of the implications in the business world. I mean .. has anyone ever even gone to coke.com? No customers rarely ever need to go there .. how many customers ever sent an email to
[email protected]? The numbers are tiny compared to a business like KPMG .. and not only are they smaller volume, but the business clout of those visits are themselves significantly smaller compared to KPMG.
All that said .. the real question is .. is it enough to truly launch to the vital critical mass of use of ngTLD's that the ngTLD program needs to truly be a relevant and viable alternative to .com and ccTLD's? To which the answer is obviously not on it's own ... so the ACTUAL real question is .. what (if anything) will be the domino effect? The answer to that is pretty hard to tell as a large influencing factor will be how KPMG announces the changes to it's customers and how they roll it out ... and .. equally important is how the CEOs of KPMG's clients perceive the potential benefits (particularly if they see this more of a marketing move than a technology/security move).