Cyber Risk Management & People driven Awareness

Cyber Risk Management & People driven Awareness

2020-06-07 Cyber risk management.jpgFriday 29 May 2020 10:00

May 19, the virtual session for CEG Information Security group took place. For the almost 30 participants in the Teams session, a nice program was presented by Richard Verbrugge, Information Security Awareness Manager at ABN AMRO and Sjaak Schouteren, CIPP-E, Cyber Development Leader at Marsh. The recordings of both presentations has been made available.

The extensive report that has been drawn up after the session can be found in the online Knowledge Base. Here you can also find the presentations of Richard and Sjaak (behind the login on 'myCIO'):
"New awareness Approach ABN AMRO" & "Cyber Risk Management"

“Replace the annual e-learning about information security with a continuous learning program that teaches employees to recognize risks in different situations.”
Cyber ​​Security Awareness is especially important at this time with many colleagues working from home, often on BYOD and a great hunger for information about corona (which criminals like to respond to). ABN AMRO approaches this differently today than it did a few years ago. Namely, the 'one size fits all' approach to an awareness campaign no longer suits their employees. Colleagues who were already aware dropped out, answers to compulsory e-learnings were widely shared and the content was quickly and statically outdated.

The new approach increasingly focuses on addressing and helping people individually. With the help of data you tailor the offer to the individual employees. For example, every ABN AMRO employee is now required to spend 5 minutes per month learning about cyber security - continuous learning. People are trained to recognize risks and to know how to act in different situations. The entire presentation of Richard Verbrugge, Information Security Awareness Manager at ABN AMRO, has been recorded and can be viewed here.

"In order to make a good choice for a cyber insurance, the risks must be qualified, quantified and managed."
Within the community of the CIO Platform Nederland, the subject of cyber security insurance has often been topical. Through the CISO Network, we came across Sjaak Schouteren, CIPP / E Cyber ​​Development Leader Marsh, who acts as a broker between the insured and the insurance company for various members. In his presentation he took us into what he sees happening in this market, both on the side of the insurers and on the side of the organization that want to take out insurance.

The most important lesson Sjaak gave: break through the silos within the organization! Know exactly what is going on throughout the organization. There is too little holistic look at cyber risks, much more needs to be discussed outside departments across ICT about current developments, threats, availability of data, etc., not just by IT or Security or CFO. He gave the CISOs an assignment as a good preparation in the process towards a cyber insurance: Discuss the following points within your organization, perhaps during a virtual day start or drink:
=> What are your crown jewels (different perspectives in different departments, depending on what you are judged on, where can your organization get maximum pain)?
=> What costs an hour down, loss of data, what damage can we have, what risk apetite is there?

You can view the explanation per topic here:

  1. Introduction: Sjaak Schouteren and Cyber Risk management on the agenda
  2. Cyber Risk Management explained in more detail
  3. Insurance coverage form insurers covered by cyber crisis risk management
  4. Reflection from studies and own experiences at the start of closing a cyber insurance
  5. Developments at the insurers
  6. The 1st step: Risk management exercise during the online Friday afternoon drinks

In the course of this week, the other 3 videos will be online.
Would you like to receive a message if this is done? Mail to

CIO Platform Nederland
Information Security

« Back