Universiteit Leiden

nl en


How can we increase the financial sector’s resilience to cyber attacks? Get inside the mind of a hacker!

The financial sector is an appealing target for hackers. For that reason, lawmakers and regulators are going to great lengths to make the sector more resilient to cyber attacks. One recent measure was the introduction of the Digital Operational Resilience Act (DORA). This new EU regulation is extremely important, and especially at a time of rising geopolitical tensions. The Hazelhoff Centre for Financial Law therefore held a lecture dedicated to this issue on 25 April 2024. The guest speaker at this event was Ruud Verbij, Global Head of Information Security at Rituals Cosmetics.

Ruud Verbij
25 April 2024

During his lecture, Verbij discussed the various types of threats facing companies’ online infrastructure. Companies are increasingly being targeted by states and criminal organisations attempting to penetrate their online infrastructure using a variety of methods. A common method is sending out phishing emails to employees and there are also cases where IT employees have been pressurised by criminal organisations.

Cyber risks: look at a company's inner workings

In order to identify a company’s potential cyber risks, Verbij feels it’s important to get inside the mind of a hacker and look at the company’s inner workings. Any company can take stock of the valuable information it has – such as details of rates negotiated with suppliers and information about future mergers – and take appropriate measures to protect that information.

A pipe dream

Verbij stressed that at the same time, 100% online safety is a pipe dream. Keeping hackers out completely is simply an unrealistic expectation. After all, it would require online systems to be fully secured and thus no longer workable for anyone. Lawmakers and regulators therefore need to realise – and, in Verbij’s view, they already do to some extent when it comes to the financial sector – that controlling cyber attacks is more important than preventing them.

Issues in the financial sector

During the guest lecture, Verbij also put some questions to the audience about the response to cyber attacks. Suppose a hacker successfully penetrates a company's online infrastructure, for instance. Is it advisable for the company to pay the hacker so that it can recover its data? And should banks even be permitted to facilitate that kind of payment? While there are no simple answers to these questions, the way in which the financial sector addresses these issues is set to become even more important in the future.

This website uses cookies.  More information.