Cyber security must be high on the board agenda at every organization, supported by the government
Cyber security must be high on the board agenda at every organization, supported by the government
Friday 17 January 2020 Recent incidents involving ransomware at, among others, the University of Maastricht and Travelex and vulnerabilities in Citrix products that have affected government organizations, companies and hospitals, show once again that attention to safety should not be allowed to deminish and that sharing knowledge about current vulnerabilities and what to do about them, is necessary.
The government has a role to play here. For example when gathering and verifying information about vulnerabilities from various sources and giving advice on how to handle them. The National Cyber Security Center (NCSC), among others, has this role. There is still room for improvement when it comes to disseminating information, certainly to organizations that are not part of the government or organizations with vital processes, although the Digital Trust Center (DTC) is taking steps in that direction. However, due to the size of the group of companies and organizations that fall outside the scope of the NCSC and within that of the DTC, some 1.8 million in the Netherlands, it is unlikely that this will be a comprehensive solution. Not to mention the enormous diversity of digital situations and staff expertise at all those companies and organizations. A government will never be able to solve this on its own, and I think that it should not be expected to either.
So companies and other organizations cannot and should not lean back. Their safety, and that of the products and services that they provide and use, is primarily their responsibility!
That responsibility ultimately lies with the boards of the companies and organizations, regardless of their sector or size. My estimation is that in many of these boards the focus on security measures could be increased, but it is always a trade-off between different interests. Continuity of service, investments in new products, channels and people, compliance with changing laws and regulations and many other interests, opportunities and risks all count. Ultimately, it is up to a board to make the right assessment and to make resources (people and means) available. The weight of cyber security is perhaps more difficult to determine than that of other components in that assessment. For example, because there is less experience with this, or because part of the damage caused by a cyber incident does not lie with one's own company, but elsewhere in the supply chain, or in society.
Something should be done about that. Certainly if supply chain partners or social interests are compromised by incorrect assessment and subsequent (in)action by the board of one company in the chain. For example, when deciding on whether or not to patch software, not only the costs associated with downtime of one's own process should be considered, but also the costs for the company, supply chain partners and society when the organization comes to a halt because of unpatched software. Today's boards of companies and organizations must also take this external effect into account. Whether it is a logistics company, a supplier of software, raw materials, financial services, or any other kind of product or service, that does not matter.
CIO Platform Nederland contributes to the development of this responsibility at companies and organizations by offering them the opportunity to learn from each other and to share knowledge and experience in a familiar setting. We do this by, among other things, sessions at a strategic level for CIOs and CDOs and at an operational level for (chief) information security officers of our members. In addition, we represent the interests of our members in various councils in this area.
Ronald Verbeek
Director CIO Platform Nederland
So companies and other organizations cannot and should not lean back. Their safety, and that of the products and services that they provide and use, is primarily their responsibility!
That responsibility ultimately lies with the boards of the companies and organizations, regardless of their sector or size. My estimation is that in many of these boards the focus on security measures could be increased, but it is always a trade-off between different interests. Continuity of service, investments in new products, channels and people, compliance with changing laws and regulations and many other interests, opportunities and risks all count. Ultimately, it is up to a board to make the right assessment and to make resources (people and means) available. The weight of cyber security is perhaps more difficult to determine than that of other components in that assessment. For example, because there is less experience with this, or because part of the damage caused by a cyber incident does not lie with one's own company, but elsewhere in the supply chain, or in society.
Something should be done about that. Certainly if supply chain partners or social interests are compromised by incorrect assessment and subsequent (in)action by the board of one company in the chain. For example, when deciding on whether or not to patch software, not only the costs associated with downtime of one's own process should be considered, but also the costs for the company, supply chain partners and society when the organization comes to a halt because of unpatched software. Today's boards of companies and organizations must also take this external effect into account. Whether it is a logistics company, a supplier of software, raw materials, financial services, or any other kind of product or service, that does not matter.
CIO Platform Nederland contributes to the development of this responsibility at companies and organizations by offering them the opportunity to learn from each other and to share knowledge and experience in a familiar setting. We do this by, among other things, sessions at a strategic level for CIOs and CDOs and at an operational level for (chief) information security officers of our members. In addition, we represent the interests of our members in various councils in this area.
Ronald Verbeek
Director CIO Platform Nederland
More news
Kick off session CxOs in the Maritime Sector | Data in the Port Ecosystem
Friday 19 July 2024 Knowledge sharing on digitization topics relevant to the maritime sector. Meetings are organized by/in cooperation with CIO Platform Netherlands and are open to organizations wishing to share knowledge on substantive issues. CIO Platform Netherlands reserves the right to deny access to meetings. full storyA quick look back at the first six months of 2024
Friday 12 July 2024 A nice summer blog of our new board member Edward Cox, also General Manager Louwman Group Services. Have a nice summer! full storyAnnual Day 2024 - Aftermovie
Monday 08 July 2024 A record number of CIO Platform Nederland members gathered on June 6th to celebrate our community's valuable and sociable Annual Day together under the banner 'Elevate your Digital Transformation'. Watch the aftermovie here. full storyResearch on labour market shortages, help us reach 100 and help yourself!
Monday 24 June 2024 The shortage of qualified ICT talent is a brake on growth for many organisations. Together with other organisations, we are committed to tackling this challenge. We would like to ask for the help of our members by filling out a survey. full story