Roel van Rijsewijk

Roel van Rijsewijk leads Deloitte’s Cyber Risk Services practice in the Netherlands. With more than 12 years' experience in risk consulting, he works for technology-enabled businesses in the field of risk management, compliance, integrity, and corporate responsibility, and is leading one of Deloitte‘s main innovation programs on trust in a digital world.

 

Most of the dialogue on cyber risk focuses on the adversaries and the threats they pose, often highlighting their sophistication, resources, and connections to nation states and organised crime. These are serious threats to society and its citizens, leading to increasing regulatory pressure on organisations to enhance their security posture. While this is an important dimension of the problem, it’s only one side of the coin. It’s all getting more connected and nobody is in charge Businesses are embarking on a big shift to survive and thrive in a world that is changing exponentially by the accelerated development of digital technologies. They know if they do not adapt to this new reality they run the risk that someday their business, or even their entire industry, is disrupted by tech-enabled new competitors, as happened to other industries. This shift means embracing uncertainties, empowering people with user-centric information technology, going into the cloud, being hyper connected and getting the most value out of data. All of which creates exponential cyber risks. In medical technology security, you are dealing with a complicated ecosystem with medical device manufacturers, hospitals and other health care organisations, pharmaceutical companies and US tech firms like Google and Apple entering the arena from the consumer’s angle. And it is all getting more and more connected and nobody is in charge. Health care organisations are increasingly demanding security measures in their RFP’s and are actively lobbying for more regulatory pressure on medtech businesses to keep medical devices and diagnostic instruments safe and secure, leading to longer go-to-market cycles. What is the best strategy to deal with this problem? The first response is usually to just cover your back. Covering your back strategy You carefully limit your responsibilities contractually, make sure you understand the latest legal and industry requirements around security...