On 31 October, the third edition of the Cyber Security Annual Report Index prize was awarded to Paul Verhagen, CFO of ASM International. The prize is annually awarded by the Centre for the Law and Economics of Cybersecurity (CLECS) and the International Centre for Financial Law & Governance (ICFG), two research centres linked to Erasmus School of Law. During a festive ceremony, the multinational received the highest honour for a listed company as a recognition of their transparency of cybersecurity and how the concern handles cyber challenges.
The ceremony was taken care of by Bernold Nieuwesteeg, director of CLECS, Hélène Vletter-van Dort, Professor of Financial Law and Governance at Erasmus School of Law, Eva Eijkelenboom, Assistant Professor of Commercial and Corporate Law at Erasmus School of Law, and Rens Hoogerwaard, research assistant of the CLECS.
Transparency in cybersecurity is essential for the improvement of cybersecurity. Not just for investors and interested parties of a listed company but also for other companies that could learn from their cyber policy or incidents. In the past years, transparency on cybersecurity has increased amongst listed companies. In 2020, only four companies shared six or more cybersecurity measures in their annual report. In 2021, 36 companies already did so; in 2022, 97% of companies mentioned at least one measure in their account. However, there is still much to gain, according to Nieuwesteeg: "the biggest gain would be in intelligently translating the governance, cyber risk, and information sharing in the year report."
According to the researchers of the CLECS and the ICFG, Transparency in cybersecurity can be approached from six points of view. Internal transparency could indicate that cybersecurity is Chefsache, it is important to map cybersecurity at suppliers, customers, stakeholders, and regulators. It is also essential to share knowledge externally within the industry and in the year report to optimise legal obligations about transparency, to map possible threats, and to harmonise the definitions of measures.
ASM International received the prize thanks to the proper abstraction level of the measures (which means the mentions were not too specific or generic), the company's variety of measurements, and the critical approach of the supervisory and available board. According to the researchers, there is room for improvement in the extent of external knowledge sharing with ASM's suppliers, customers, shareholders and regulators.
Paul Verhagen is pleased with the prize: "Cybersecurity is crucial to our business and our partners and has the close, ongoing attention of ASM's Management Board. We take a proactive approach to protecting our intellectual property and day-to-day operations against cybersecurity attacks, which are becoming more frequent and sophisticated. Being transparent about the particular and ever-evolving way we deal with cyber risks is important to maintaining our trusted relationships with our partners – including universities, R&D institutions, and suppliers – with whom we share innovative technologies. Winning the CSAR Index trophy is valued recognition for this proactive approach, and we are committed to building on this together with our partners."