Keynote: Glowing in the Dark: A New Cybersecurity Playbook for Executive & Supervisory Boards

Engagement of senior leadership, the executive- and supervisory board, is critical for security functions to establish a supported security strategy, obtain sufficient budget and a perpetuate security-aware organizational culture. But with the average age of the Dutch supervisory board member being above 60, knowledge of the digital realm, let alone cybersecurity, in the boardroom is painfully rare. Board member education is often limited to ‘an afternoon on cybersecurity’ and guidance documents stress ‘top 5 questions to ask your CISO’ with which an understanding of the domain and a fake sense of control can be feigned. With IT increasingly being the backbone of every organisation, shareholders and stakeholders should demand that boards unravel cybersecurity as a black box and properly exercise governance. The stakes are too high; in recognition of this fact new legislation like the NIS2 Directive start putting accountability with the board(s) and senior management. This session lays out the current state of the cybersecurity governance by top management in the Netherlands and puts forward a number of recommendations to improve their ability to exercise governance adequately.