During his lecture, Verbij discussed the various types of threats facing companies’ online infrastructure. Companies are increasingly being targeted by states and criminal organisations attempting to penetrate their online infrastructure using a variety of methods. A common method is sending out phishing emails to employees and there are also cases where IT employees have been pressurised by criminal organisations.

Cyber risks: look at a company's inner workings

In order to identify a company’s potential cyber risks, Verbij feels it’s important to get inside the mind of a hacker and look at the company’s inner workings. Any company can take stock of the valuable information it has – such as details of rates negotiated with suppliers and information about future mergers – and take appropriate measures to protect that information.

A pipe dream

Verbij stressed that at the same time, 100% online safety is a pipe dream. Keeping hackers out completely is simply an unrealistic expectation. After all, it would require online systems to be fully secured and thus no longer workable for anyone. Lawmakers and regulators therefore need to realise – and, in Verbij’s view, they already do to some extent when it comes to the financial sector – that controlling cyber attacks is more important than preventing them.

Issues in the financial sector

During the guest lecture, Verbij also put some questions to the audience about the response to cyber attacks. Suppose a hacker successfully penetrates a company's online infrastructure, for instance. Is it advisable for the company to pay the hacker so that it can recover its data? And should banks even be permitted to facilitate that kind of payment? While there are no simple answers to these questions, the way in which the financial sector addresses these issues is set to become even more important in the future.