The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information,
there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate
professional advice after a thorough examination of the particular situation.
© 2016 KPMG Advisory N.V., registered with the trade register in The Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG
International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in The Netherlands.
The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.
Evolving impact of Cybersecurity
NBA session 20 May 2016
Prof.dr. Rob Fijneman RE RA
2
Trends and challenges
Digital
transformati
on
Technology adoption and dramatically expands threat landscape
Future-proofing the omni-connected world
Government
intervention Governments become increasingly interventionist
Laws and regulations in cyber space increase
Beyond
protection Ability to protect is progressively compromised
Moving from protection to detection and response
Source: ISF Threat Horizon 2018, January 2016
3
Virtualisation and cloud
From on premise,
unless… to cloud, unless…
Adoption
gradually
increased Now a true
upswing
4
The next generation’s
CISO
Board level
communication
Business
enablement
From “no”,
to “yes, unless…”
Volatile
landscape
5
Laws and regulations evolve:
Privacy and security
Privacy
classification
EU-US Privacy
Shield
Breach notification
6
Complex tooling landscape
7
From prevention to response
Red teaming
Incident readiness
Changing
mindset
8
• The frequency and severity of cybersecurity attacks are increasing
• Cybersecurity is no longer just an IT issue
• Attacks evolve including their impact on the organization
Evolving impact of cybersecurity
on audits
9
Marketplace response to Cyber
risk
• Stakeholders/regulators asking questions
• PCAOB asking questions on handling Cyber risks by auditors
• SEC continues to highlight impact
• AFM/DNB questions regarding Cyber risks, monitoring thereof and auditing
10
Assessment of Cyber maturity
• Auditors can support in developing tools to access and monitor risks
• IT auditors jointly with other audit disciplines
• Maturity assessment is a good concept to support the journey
• Current tool issued by NBA working group is fit for purpose
• Be aware that developments are huge, highly flexible approach is required
11
A single view on cyber trends and
threats: How to stay relevant
(http://cyber.kpmg.com/#) YOU WANT TO SEE
WHAT’S HAPPENING Be up to date on the latest information
security developments, incidents and
emerging threats. Have situational awareness
in your industry.
YOU WANT TO TAKE
ACTION Don’t miss out on developments. Add value to
your decision making, and enrich your operational
cyber defense processes. Know what can happen
to you, and act upon it.
12