Research of the Centre for the Law and Economics of Cybersecurity (CLECS) and the International Centre for Financial Law and Governance (ICFG) of Erasmus School of Law shows that many Dutch exchange companies still disclose too little about their cybersecurity and what steps they take. This information is essential for investors and other interested parties because they should know these companies' cyber risks. Rens Hoogerwaard, researcher at the CLECS, discusses this in het Financieele Dagblad.
In their annual reports, companies listed on the AEX, AMX and the AScX explain little about how much money they spend on protection against cyberattacks, what measures they have taken or the extent to which they risk being hacked. Since 2019, the CLECS has researched the above-mentioned companies. They focus on these companies' internal governance, external communication and risk analysis.
Unity and transparency
One of the problems is that the companies do not use an unambiguous way of reporting their cybersecurity. Hoogerwaard concludes that as well: "We see, for example, that the majority of measures is just mentioned by a single company, probably because every company uses its own terminology. That makes it hard to compare these companies." In addition, there is not a single company that shares how much they spend on security, which should be possible, according to Hoogerwaard: "We do not want to plea for companies to share detailed information about their unsolved vulnerabilities. However, sharing their cybersecurity spending should not be dangerous."
Nonetheless, there are some visible improvements according to the researchers of the CLECS. For example, companies care more and more about cybersecurity and the subject is an essential topic of conversation within top management. Compared to last year, the researchers also see an improvement: 24% of the listed companies have a board member or a commissioner focused on cybersecurity. Last year, this was 20%.
- More information
Click here for the entire article in het Financieele Dagblad (in Dutch).
- Related content