On 15 December 2021, Marcel Krom received the second edition of the Cyber Security Annual Report Index trophy on behalf of PostNL from the founder Bernold Nieuwesteeg, director of the Centre for the Law and Economics of Cyber Security, and Maarten Verbrugh, Vice Dean of master education at Erasmus School of Law. During a festive prizegiving in the Sanders Building of Erasmus School of Law, the multinational has been awarded the highest appreciation for a listed organisation. The award recognises their transparency in cybersecurity and how the concern deals with cybersecurity challenges.
The CSAR Index is a collaboration between the Centre for the Law and Economics of Cyber Security (CLECS) and the International Centre for Financial Law and Governance (ICFG), two research institutes linked to Erasmus School of Law. The CSAR Index aims to paint a picture of the degree of transparency listed companies show in their annual reports.
Whilst analysing the results, Nieuwesteeg noticed significant developments in the field of transparency, compared to his last research: “Companies share more information on cybersecurity and do so more often. It is a good sign that companies share more about their cybersecurity measures. This enables companies to learn from another’s approach and mistakes.” However, this last point also demands a critical comment, according to Nieuwesteeg: “Companies share very little information on being a victim of cybercrime and the costs of cybersecurity.”
On the importance of cybersecurity and transparency, Marcel Krom states the following: “PostNL is continuously working on keeping up their cybersecurity. This would not be possible without partners on a technical level, our customers and logistical partners, with whom we have more and more digital interaction. Talking about cybersecurity becomes more and more a chefsache; that is how we help each other to increase the cybersecurity level. This subject is an ongoing process; every day, the requirements change. We want to improve our transparency year after year. Our goal is to improve cybersecurity in The Netherlands by declaring it a topic of business, on which we do not compete with each other, but work together.”