Cybercrime ceased to be the preserve of clever adolescents or amateur cyber criminals long ago. Cybercrime has become big business. Most worrying is that not only the "criminal elite" have jumped on this bandwagon but states too are becoming high-profile actors in this area and will even act in cahoots with criminal gangs. Technology-wise, ultimately no organisation can compete with these state actors who, on balance, have limitless expertise and resources at their disposal.
Even if organisations are unlikely to be confronted with these adversaries, there’s every reason to take action in the sphere of cyber security. In a recent interview, State Secretary Klaas Dijkhoff emphasised his concerns about digital security. "Cyber attacks by state actors and by criminals are a reality." The damage caused to the economy each year by cybercrime was recently estimated at more than 8 billion euros. This figure chiefly consists of damage caused by the loss of intellectual property, financial fraud and market manipulation using stolen business data.
Cyber security should therefore be a top-level concern within any organisation. To better support our clients in their efforts to protect their digital assets, we have set up the Van Doorne Cyber Response Team. This team pools all the expertise needed to give preventative advice on this subject and take action during a cyber incident, including that regarding communication, privacy, IT sourcing and governance, intellectual property, insurance and liability.
Combating cybercrime is no longer purely a matter of technology; ultimately, a well-prepared organisation that is agile and willing to learn from incidents is the best way of ensuring that the damage caused by cyber criminals is minimised and employees and clients experience the least inconvenience. Cyber attacks present an ever-greater threat: far from merely entailing (limited) data loss, increasingly they jeopardise the continuity of businesses.
The primary responsibility for preparing the organisation for this rests with the directors and the supervisory bodies. Their role is certainly not free of any obligation. Dutch legislation and regulations contain a raft of obligations to secure data, applicable not just to personal data (clients, employees etc.) but to other aspects too. Some examples are obligations to keep proper records and publish annual accounts; these requirements cannot be satisfied without suitable data security. Ensuring the organisation’s continuity is another core obligation of directors and supervisory bodies. The Confederation of Netherlands Industry and Employers (VNO-NCW) and the CIO Platform recently launched an initiative called "Cyber security in the boardroom", to make board members and supervisory directors aware of the huge importance of this subject. Van Doorne was closely involved in this.
Van Doorne has hands-on experience of supporting organisations with preparing for these new challenges, and is also able to provide organisations with practical support and advice if a cyber incident occurs.
If you would like to find out more, please contact Chris in 't Veld or Mariko Kloppenburg.