Towards an integrated approach

Let’s get rid of the traditional silos in cybersecurity

A change in how we deal with threats

Author: Dirk Jan van den Heuvel, Managing Director at Secura

As a director of a growing cybersecurity company, I see a change in how we deal with threats. The traditional division between for instance ‘awareness’ or ‘goveranance’ or ‘technical measures’ often means a disconnect in managing cyber risks. The solution: a more integrated, multi-disciplinary approach.

Some large enterprises have good measures in place to control their cybersecurity risks. They have a CISO office, a security management system, training and technical measures. They follow the ISO 27k standards or the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover, Govern). They have policies in place to analyze risks, threats, findings and issues, so that they learn and improve. With a big team of security experts they control the cyber risks of such a large enterprise. Kudos!

Image in image block

Credit: N. Hanacek/NIST

Disconnect between different measures

For smaller organizations (up to thousands of employees), however, the challenge is bigger. They need quite a few competencies to handle the cyber risks in a mature way. From the outside their security measures might look good: they might organize training, have security policies and technical measures in place to reduce the cyber risks. But what we see in practice is that these measures are often pretty disconnected:

  • The Awareness and Behavior training is not linked to the specifics of that organization or the sector in which it is active. Often it’s handled as a compliance topic, and not as a way to control the real risks.
  • A Security Management system might be in place, but it may not address the real threats on the technical side, or risks regarding the governance and human factor.
  • The technical and IT measures might be good, but insufficient or unbalanced. For example, if there are proper “Protect” measures in place, but insufficient “Detect” or “Response” measures.

We need a more balanced approach

Today’s cyber challenges require a balanced, integrated approach of cybersecurity measures. Protection, Detection, Response and Governance measures all need to be aligned. People with a background in Awareness and Behavior, Security Management or IT Security need to work together to protect the organization. We need to get rid of the traditional silos and focus more on collaboration and integration. Information security, cybersecurity and the human factor need to melt together, both for bigger and smaller organizations.

NIS2 and DORA: movement towards integration

Fortunately, we see a movement towards this integrated approach in regulations like NIS2 and DORA. They are not about a checklist, or a simple action list, but ultimately about knowledge and training, mindset, responsibility, on-going risk management, evidence or maybe even penalties. These European regulations require many critical and important organizations to implement solid, integrated security management measures. And according to the regulations, their critical suppliers need to do the same.

This is quite a challenge for critical and important organizations in our society. The time that just having an ISMS was sufficient; the time that an annual pentest would address the risks; the time that clients could accept any cyber-incident as ‘bad luck’, is over. We need a more professional, multidisciplinary, program-based approach (with various tracks in parallel). At Secura we like this challenge. That’s why we call 2024 the year of the Integrated Approach.


The cybersecurity world is changing. Subscribe to our Cyber Vision Newsletter to learn more about the changing nature of cybersecurity, and the future of cyber resilience.

About the author

Dirk Jan van den Heuvel, Managing Director at Secura

Experienced Managing Director with a demonstrated history of working in the Information Technology and Cyber Security. In that a focus on expertise, (global) standards, testing and certification. Entrepreneur and strong business developer with Leadership skills with a PhD focused in Physics from University of Leiden.

Services with an Integrated Approach

Secura CyberCare

Your Challenges Secura Cybercare

In the rapidly changing field of cybersecurity, many of our customers ask for a cybersecurity partner. An independent advisor you can count on at any time. With Secura CyberCare you always have a trusted security partner at hand.

NIS2 Services

Your NIS2 Challenges

Need help with NIS2? Discover our expert services to help you meet the NIS2 cybersecurity requirements.

DORA Services

DORA Testing

Need help with DORA? Discover our expert services to help you meet the DORA cybersecurity requirements.

Logo

Contact Us

Would you like to learn more about how Secura's integrated approach to cybersecurity can help your organization? Fill out the form, and we will contact you within one business day.

Why choose Secura | Bureau Veritas

At Secura/Bureau Veritas, we are dedicated to being your trusted partner in cybersecurity. We go beyond quick fixes and isolated services. Our integrated approach makes sure that every aspect of your company or organization is cyber resilient, from your technology to your processes and your people.

Secura is the cybersecurity division of Bureau Veritas, specialized in testing, inspection and certification. Bureau Veritas was founded in 1828, has over 80.000 employees and is active in 140 countries.