Cyber security must be high on the board agenda at every organization, supported by the government
Cyber security must be high on the board agenda at every organization, supported by the government

Recent incidents involving ransomware at, among others, the University of Maastricht and Travelex and vulnerabilities in Citrix products that have affected government organizations, companies and hospitals, show once again that attention to safety should not be allowed to deminish and that sharing knowledge about current vulnerabilities and what to do about them, is necessary.
So companies and other organizations cannot and should not lean back. Their safety, and that of the products and services that they provide and use, is primarily their responsibility!
That responsibility ultimately lies with the boards of the companies and organizations, regardless of their sector or size. My estimation is that in many of these boards the focus on security measures could be increased, but it is always a trade-off between different interests. Continuity of service, investments in new products, channels and people, compliance with changing laws and regulations and many other interests, opportunities and risks all count. Ultimately, it is up to a board to make the right assessment and to make resources (people and means) available. The weight of cyber security is perhaps more difficult to determine than that of other components in that assessment. For example, because there is less experience with this, or because part of the damage caused by a cyber incident does not lie with one's own company, but elsewhere in the supply chain, or in society.
Something should be done about that. Certainly if supply chain partners or social interests are compromised by incorrect assessment and subsequent (in)action by the board of one company in the chain. For example, when deciding on whether or not to patch software, not only the costs associated with downtime of one's own process should be considered, but also the costs for the company, supply chain partners and society when the organization comes to a halt because of unpatched software. Today's boards of companies and organizations must also take this external effect into account. Whether it is a logistics company, a supplier of software, raw materials, financial services, or any other kind of product or service, that does not matter.
CIO Platform Nederland contributes to the development of this responsibility at companies and organizations by offering them the opportunity to learn from each other and to share knowledge and experience in a familiar setting. We do this by, among other things, sessions at a strategic level for CIOs and CDOs and at an operational level for (chief) information security officers of our members. In addition, we represent the interests of our members in various councils in this area.
Ronald Verbeek
Director CIO Platform Nederland
- Labels
- CIO Platform Nederland