With cyber threats constantly hitting the headlines, cyber security is obviously a fast-developing discipline. Where do Dutch organisations currently stand? What are CISOs worried about? How do they see the future? And above all, what are their thoughts on making the Dutch digital ecosystem safer? In a survey of the country’s cyber security landscape, published on 18 June by Deloitte Netherlands, you can read the answers to these and other questions, plus comments and recommendations from Deloitte experts.
The survey was conducted from September to December 2020 among 544 C-level executives, CISOs, managers and tech specialists who oversee cyber security at organisations working across six sectors in organisations that range in size from up to 1,000 employees to over 10,000 employees.
Most commonly feared cyber threats
The most commonly feared threats among Dutch organisations are data leakage (40%), phishing, malware, or vulnerability exploits (35%), and extortion or destruction of the organisation's data (25%). In case of a ransomware attack, 30% are sure they would pay to get their data back. But opinions vary widely on this topic: about half of the surveyed CxOs would pay, against 29% of CISOs. Deloitte Partner Frank Groenewegen’s advice: “Focus on basic hygiene, organise regular cyber ‘fire drills’ with ethical hackers and when the inevitable happens, share information and lessons learned.”
Looking at cyber strategy
An impressive 92% of organisations claim to have an up-to-date cyber security strategy, with 82% boasting a separate annual plan with a roadmap. Conversely, 6% of organisations are starting to set up their strategy, while 15% are already working on a next-level mature strategy. The most frequently cited success factors for achieving cyber security goals are increased operational excellence, clear cyber security communication, cyber security awareness training and compliance. Meanwhile, despite a steadily increasing cyber security spend, organisations seem to be struggling to address all cyber threats and invest in every single department.
The evolving CISO role
Today’s Chief Information Security Officers (CISOs) have a direct reporting line to the board through the CIO (49%), CFO (13%) or CEO (9%). The three challenges most felt by CISOs are by no means purely technical: managing too many organisational priorities simultaneously (31%), lack of integration of cyber risk priorities with business priorities (28%) and inadequate governance across organization (26%). Deloitte Partner Martijn Knuiman, who has trained many up-and-coming CISO, sees the ground shifting. “The role of the CISO is changing from being perceived as ‘the department of no’ to being a business advisor and enabler. A CISO no longer needs to rely on a deep technical background. It’s more important to be a people person.”
The ultimate goal of cyber security
According to 25% of respondents, the ultimate goal of cyber security is to protect people and assets from harm, misabuse and abuse. 22% opined that protecting the vital assets of the company is the most important objective. And at least one of ten want to make the digital ecosystem a safer place. Larger organisations can best afford the luxury of fighting for the interests of society as a whole. Deloitte’s Kevin Jonkers, Director Cyber Risk Services, recognises this trend. “The Financial Sector agreed years ago not to compete on cyber security. Instead, banks are sharing information and helping each other with best practices. Other sectors have been following this example. By doing so, all can offer clients, themselves and society the best possible protection.”
Towards a Dutch cyber security ecosystem
Besides corporate responsibility, many respondents commented on the governmental and societal aspects of this shared responsibility in creating a cyber resilient society. The bigger the size of the company the stronger the belief it's the responsibility of both organisations and government(s) to achieve a cyber resilient sector. 72% of the surveyed CISOs (1,000+ employees) share this opinion. These results highlight the call for improved alignment and closer cooperation among all parties that play a part in our society‘s cyber resilience. Deloitte Partner Niels van de Vorle agrees. “Deloitte has taken up the challenge to make this happen here in the Netherlands. Our experts strive to connect government, businesses and citizens in ecosystems and translate security challenges into solutions to future-proof our country’s cyber security. We need to exchange knowledge and collaborate together in order to keep our Dutch digital hub safe, to protect the privacy of our stakeholders and to safeguard the very functioning of our society.”
Sign up here to receive updates about new publications and insights