Menu

Filter by
content
PONT Data&Privacy
  • PONT home
    • mill

    0

    Information Security
    Informatiebeveiliging betreft het treffen van maatregelen om de beschikbaarheid, exclusiviteit en integriteit van alle vormen van informatie binnen een organisatie of een maatschappij te waarborgen en de eventuele gevolgen van incidenten te beperken tot een acceptabel, vooraf bepaald niveau.

    Yuri Bobbert wins prestigious leadership award: 'Europe must innovate, not deregulate'

    Professor Dr. Yuri Bobbert won the ISACA Leadership Award last month for his "substantial impact as a serial entrepreneur, business executive and professor, excelling in both business and academia." ISACA is the world's largest community of digital specialists and presents the award annually to leaders in this digital field. Bobbert is the first Dutchman in ISACA's 50 years of existence to receive this award. In addition, Bobbert is a professor at the Antwerp Management School, where he guides students to develop their ideas into tangible solutions. PONT | Data & Privacy spoke to him about his nomination, cybersecurity as a societal challenge and the regulatory burden in Europe. On the latter, the professor is clear, "Europe needs to innovate, not deregulate."

    Christian Cordoba Lenis
    March 9, 2025

    Interviews

    Interviews
     

    ISACA Leadership Award

    The International Security and Audit Community (ISACA). plays a crucial role in the information security landscape. Says Bobbert, "This is one of the largest communities for information security, compliance and everything that comes with it, especially in the technical realm." The organization, which has been around for 40 years, has experienced immense growth with the rise of the Internet and increased regulation. "Everyone has to follow rules, continue to gain knowledge and obtain and maintain professional certifications. ISACA has the right to hand out a number of certifications, such as Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA). That provides a huge resource and a sizeable community with 280,000 members worldwide."

    ISACA distinguishes itself not only through certifications, but also through critical knowledge sharing. Bobbert: "The ISACA Journal is perhaps more critical than the average academic publication I know. There is a lot of collaboration with academic institutions to improve the subject matter," the expert emphasizes. ISACA organizes conferences and training sessions, where both the market and professionals are directly presented with opportunities. "They do that very well. The training materials and certificates are invaluable, for example, the Certified Information Systems Auditor (CISA). Which we're going to need a lot of with all these emerging legislations."

    In addition, as academic director at Antwerp Management School, Bobbert plays an important role in the development of academically based frameworks of ISACA. Yuri: "Thirty years ago, we started researching IT Governance frameworks in collaboration with ISACA to add more 'academic rigor' to them. That has led to students today researching ISACA products and those insights being presented at major venues. It's great to see young professionals playing a vital role in the continued development of the field, and ISACA's materials are also further enhanced in this way."

    Regulatory pressure in Europe

    Europe is known for its extensive regulations on cybersecurity and data. Bobbert agrees that the regulatory burden can be detrimental to European companies. Bobbert: "If you look at the timelines of European legislation, it's really huge," the expert notes. "We have implemented, since 2019, three times as many regulations, compared to the U.S.. That has a huge impact on our competitiveness. Mario Draghi said it in his report: 'We are killing our companies.'"

    Yet de Bobbert also sees an opportunity in this. "We as Europe should not deregulate, but innovate. Technology can help enormously in making compliance processes more efficient. For example, we at Anove have incorporated Artificial Intelligence into tools that can analyze where legislation overlaps. Often it comes down to not having to do 10 separate things, but five steps can suffice because they recur in multiple directives. That saves an enormous amount of time and money." At ON2IT, we use AI to anticipate and act on cyber attacks faster, which is a huge leap from if a human would have to do it.

    Trump II denounces everything trans, for example, the U.S. government even opened fire on the Trans-Atlantic Data Privacy Framework. The administration wrote three Democratic members of the Peoples Liberties Oversight Board (PLOB) to demand withdrawal from their positions. Critics argue that this development calls into question the legal validity of the framework and could be challenged in court, making the future of the Trans-Atlantic Data Privacy Framework uncertain.

    With the advent of Trump II, the discussion of Europe's digital sovereignty has gone mainstream. But that discussion immediately shows how complex and competitive the playing field is. Bobbert: "The Americans see data as a currency with which they can make money, while we see privacy as a fundamental right. This leads to conflicts, such as the ongoing legal battle over data transfers between the EU and the U.S. The rulings on Schrems II and the new negotiations on data transfers make it clear how sensitive this issue is. In doing so, it is not certain that the current framework will hold up in light of recent actions by Trump II."

    So regulation can be both a burden and an opportunity, according to Bobbert. "We see companies increasingly investing in compliance tools that make regulatory compliance easier. Organizations, as I often say, need to make sure they are doing 'the right things right. With smart technology, Europe can turn the regulatory burden into a competitive advantage." The "EU Competitiveness Compass" is a spearhead for innovative tech companies like Anove in terms of strategy and development. Heavy commitment to "EU Made Technology"

    Bobbert emphasizes that proper implementation of cybersecurity legislation, such as the NIS2 directive, is indispensable for securing critical infrastructure. "Organizations really need to prioritize cybersecurity now. But practice shows that knowledge and the capability to take action are still often lacking. We know what to do, but we don't do it or don't know how. In certain industries, 80% of the functionalities in cybersecurity tools are not utilized, we speak of under utilization. In other industries, such as automotive or aerospace, security functions are used to the maximum." According to Bobbert, other industries, such as the public sector, need to reach the same level of maturity and commit to technology "utilization." Recent guidelines are going to help with this.

    Rule of Law and Cybersecurity

    The relationship between cybersecurity and the rule of law is more urgent than ever. According to Professor Bobbert, a functioning rule of law is an absolute prerequisite for protecting citizens in the digital age. "Privacy is our greatest asset," he argues. "But where we see privacy as a fundamental right, Americans see data as a form of currency. The idea under American leadership is, 'With data we can prosper.'" Bobbert emphasizes that this fundamental difference in outlook leads to tensions, especially now that the framework of data sharing with the U.S. is under pressure.

    In addition, the digitization of our public infrastructure has led to a heavy reliance on American tech companies such as Microsoft and Amazon. Bobbert: "We are so deep in that American BigTech system that it is essential to think about an exit strategy now. What if we soon want to exit Microsoft Azure as the Dutch government? What is the alternative? I think it is good that the Minister of Digital Affairs is anticipating this." Bobbert points out that countries like France and Germany are already consciously investing in European cloud solutions to ensure digital sovereignty. And that retailers like Lidl are following the American example of retailer Amazon (once started as a bookstore) toward providing EU cloud services.

    Cybersecurity, he believes, is therefore no longer an isolated technical issue, but a legal and international task. Bobbert: "Are we able to legally deal with cyber criminals in rogue states? This is a collective problem," he argues. "The only way to combat it is through a 'zero trust' strategy: no user, service or entity is automatically trusted, even within an organization. Every interaction must be validated. It is not for nothing that the NIS2 executive order talks explicitly about adopting Zero Trust as the right way forward in terms of cybersecurity strategy."

    Thus, the future of cybersecurity within the rule of law depends not only on technological innovation, but above all on international cooperation and appropriate regulation. "We must stop thinking individualistically," he concludes. "Cybersecurity is a global problem that we can only address together by innovating. The worldwide broad inclusion of Zero Trust -in regulations- is one such example of an innovative collective."

    Share article

    Comments

    MORE REACTIONS

    Leave a comment

    You must be logged in to post a comment.

    NEWS

    Standards framework for special information tightened

    News press release

    IGJ starts investigation into Clinical Diagnostics Rijswijk laboratory

    News press release

    New guidance for government mobile apps

    News press release

    Increasing and changing threats to critical infrastructure

    News press release

    Geopolitical tensions, climate change, system failure and human error can lead to disruption or failure of vital processes. This can have major consequences for the functioning...

    Kifid sets limit: personal data from anti-money laundering investigation kept for up to five years

    News/press release
    Banks.com

    Cyber resilience of Dutch companies falls short of threat level

    News/press release

    EU countries want age verification on social media

    News/press release

    Moving safely and responsibly to the cloud: concerns for organizations

    Blog

    "Put the focus on resilience, not the perfect score."

    News press release
    Digital Government

    KENNISPARTNER

    Robert van Vianen

    Contact

    New EU Legislation: Privacy & Data Essentials in 1 Day

    Many new laws and regulations around data, cyber, technology, AI and digital platforms are coming our way from Brussels. Consider, for example, the impact of the Data Act, the AI Act, the CRA and NIS2. Important new legislation: what's the latest? In this course we address the question of how you as a professional can prepare yourself. You will get an overview of the most important laws and regulations and we will discuss the latest developments.

    Learn more

    AI in IT contracts: legally watertight and flexible

    The AI Act is an important European law that will impose requirements on AI, including with respect to test data, transparency and the control of outcomes by natural persons. It is essential to take this legislation into account in contracts to avoid potential legal problems. How do you address this?

    Learn more

    Expert membership

    Expert membership

    Benefit now

    Privacy policies in practice: implement, maintain, persuade

    In one day, you'll learn how to roll out a privacy policy and go home with a practical roadmap for doing it yourself. Do you already have a privacy policy in place? You'll also learn if you have all the elements of your privacy policy in place.

    Learn more

    Cyber resilience in Practice: increase your organization's digital resilience

    Cyber threats are becoming more sophisticated and targeted, making organizations more vulnerable to digital attacks. Cyber resilience is not just about preventing incidents, but more importantly about recognizing risk, assessing cyber threats and structurally improving your organization's digital resilience. This two-day course provides a practical understanding of cyber threats and the tools and methods to better protect your organization. You will learn how to assess public cyber scans, recognize vulnerabilities and effectively implement cyber resilience measures.

    Learn more

    Join PONT | Data & Privacy

  • Access to Knowledge Base
  • Read e-books
  • Contact with peers
  • Own news overview
    • BECOME A MEMBER

    General

    Service

    Navigate

    Berghauser Pont Media Group

    CONTACT

    𝕏

    Copyright 2025 Berghauser Pont | Website created by Buro Zero