The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information,

there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate

professional advice after a thorough examination of the particular situation.

© 2016 KPMG Advisory N.V., registered with the trade register in The Netherlands under number 33263682, is a member firm of the KPMG network of independent member firms affiliated with KPMG

International Cooperative (‘KPMG International’), a Swiss entity. All rights reserved. Printed in The Netherlands.

The KPMG name, logo and ‘cutting through complexity’ are registered trademarks of KPMG International.

Evolving impact of Cybersecurity

NBA session 20 May 2016

Prof.dr. Rob Fijneman RE RA

2

Trends and challenges

Digital

transformati

on

Technology adoption and dramatically expands threat landscape

Future-proofing the omni-connected world

Government

intervention Governments become increasingly interventionist

Laws and regulations in cyber space increase

Beyond

protection Ability to protect is progressively compromised

Moving from protection to detection and response

Source: ISF Threat Horizon 2018, January 2016

3

Virtualisation and cloud

From on premise,

unless… to cloud, unless…

Adoption

gradually

increased Now a true

upswing

4

The next generation’s

CISO

Board level

communication

Business

enablement

From “no”,

to “yes, unless…”

Volatile

landscape

5

Laws and regulations evolve:

Privacy and security

Privacy

classification

EU-US Privacy

Shield

Breach notification

6

Complex tooling landscape

7

From prevention to response

Red teaming

Incident readiness

Changing

mindset

8

• The frequency and severity of cybersecurity attacks are increasing

• Cybersecurity is no longer just an IT issue

• Attacks evolve including their impact on the organization

Evolving impact of cybersecurity

on audits

9

Marketplace response to Cyber

risk

• Stakeholders/regulators asking questions

• PCAOB asking questions on handling Cyber risks by auditors

• SEC continues to highlight impact

• AFM/DNB questions regarding Cyber risks, monitoring thereof and auditing

10

Assessment of Cyber maturity

• Auditors can support in developing tools to access and monitor risks

• IT auditors jointly with other audit disciplines

• Maturity assessment is a good concept to support the journey

• Current tool issued by NBA working group is fit for purpose

• Be aware that developments are huge, highly flexible approach is required

11

A single view on cyber trends and

threats: How to stay relevant

(http://cyber.kpmg.com/#) YOU WANT TO SEE

WHAT’S HAPPENING Be up to date on the latest information

security developments, incidents and

emerging threats. Have situational awareness

in your industry.

YOU WANT TO TAKE

ACTION Don’t miss out on developments. Add value to

your decision making, and enrich your operational

cyber defense processes. Know what can happen

to you, and act upon it.

12