A culture of risk and sharing in cybersecurity

The effectiveness of an entity’s cybersecurity depends on that of its neighbours. Sharing, cooperation, risk governance and the implementation of strategic and operational security measures are key to success.

Testo: Solange Ghernaouti, pubblicato il 13.06.2019

Cybersecurity aims to manage risks associated with using digital technology and affects all infrastructures, information systems, services and data. All corporate activities will henceforth include a computerised processing element, whose effective operation, consistency, safety, reliability, resilience and security must be ensured.


A strategic vision as part of a global security policy is vital to addressing the issue of cybersecurity globally. A cybersecurity policy allows the identification of the values to be protected and defended, the prioritisation of the actions to be taken and the establishment of the measures to be implemented in line with various laws and regulations. The approach thus helps to turn risk and cybersecurity management into an opportunity and a factor in organisations’ performance and competitiveness.

Security isn’t just a matter of technology. Technological performance depends on process quality and expertise in terms of governance and people’s behaviour. Organisational structures like that of SWITCH, which facilitate information-sharing, enable resource pooling and cooperation. Whether through education or research, at a national or international level, the fight against cyber attacks involves the ability to develop a cross-sectional, global and holistic vision of the reality of our interconnected world, which depends on digital technology and has interdependent infrastructures and risks.

No single entity can claim to be able to respond to the challenge of managing systemic cyber risks alone. Circles of trust must develop around players, structures, information exchange procedures, practices, fact analysis and verification to allow collective participation in better individual decision making on protection and defence. Private or public CERT (Computer Emergency Response Team) or CSIRT (Computer Security Incident Response Team) structures, like SWITCH-CERT, have existed for several years. Dedicated to specific industries (academic, military, industry, banking, etc.), they collaborate nationally and internationally to share good practices, build capacity and prevent and respond to incidents. Certification of such structures by umbrella organisations and accreditation of members based on their skill and maturity levels enable networking of circles of trust that are recognised at the European (TF-CSIRT/ TI) and international (FIRST) level.

Teamwork in cybersecurity is about ensuring – at a strategic, tactical or operational level – that actions are more consistent, synergistic, effective and efficient, as long as the level in question has a steering system based on player maturity and real distribution of the value generated by their cooperation.

Having a shared cybermeteorology service enables creation of a very rich governance base and an outlook broader than its scope. We’re stronger together if we learn from others, starting from indicators that don’t reveal everyone’s internal strategy, develop a positivist approach to cyber risks and share and collaborate to predict and respond to crises. Going it alone in the cyber world exposes weaknesses!


SATW Information Sheet


To find out more about information sharing in cybersecurity, please read the SATW information sheet 'Sharing information in cybersecurity' (available in French and German) by Solange Ghernaouti, Laura Crespo and Bastien Wanner.

Information Sheet in German
Information Sheet in French

Altri contributi