Chapter 8 Treating Cyber Risks

John Hermans, Cyber Lead Partner Europe, Middle East, and Africa at KPMG, The Netherlands Ton Diemont, Senior Manager at KPMG, The Netherlands

CEO Tom challenged his chief risk officer, Nathan. “So give me the right guidelines for how to treat cyber risk and bring cybersecurity back to basics.”

Cybersecurity has been in the spotlight for the past few years. Due to the number and seriousness of cyber incidents, the media’s focus on such incidents, and the importance of tackling cyber issues in the extensive digitization of most organizations, this area requires the attention of directors and managers everywhere. But it needs to be tackled in the appropriate way and with the required subtlety, as a component of integral risk management.


The fact that cybersecurity is important to every organization needs no further explanation. On an almost daily basis, various incidents demonstrate how great the risks are and that individual hackers and professionally organized cybercriminals are extremely active. The heads of organizations need to ensure that their organizations have set the proper priorities. To many, however, this is not a simple task because the world of cybersecurity seems elusive due to its specialist character and the technical jargon used. Generalists have difficulty grasping the complexities. In addition, it is difficult to distinguish between primary and secondary issues, while media coverage contributes to a culture ...

Get The Cyber Risk Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.