Document

Advancing security and governance across emerging technologies

Suzanne Janse
2 February 2026 | 1 minute read
HRO_Session2_WriteUp.pdf
4 times downloaded
Download

The second session of the Highly Resilient Organisations (HRO) Program addressed the strategic shift CISOs must make: transitioning from a legacy compliance focus toward dynamic governance capable of withstanding the volatility of emerging technologies. Featuring insights from Martin de Vries (CISO at VDL Groep) and Aernout Reijmer (Former CISO at ASML), the discussion highlighted that in a global cyber arms race, resilience must be treated as a foundational pillar for future earning capacity.

The Evolving Role of the CISO

A central theme of the session was the fundamental change in how forward-thinking CISOs approach their mandate:

  • From Enforcer to Enabler: Modern leaders are moving away from enforcing static controls that can "kill the initiative". Instead, the goal is "security innovation", utilizing the speed of new technology to enhance security management and align with business requests.
  • Behaviour through Quality, not Fear: Resilience relies heavily on shifting organizational culture. Rather than driving compliance through fear (FUD), security should be framed as a mark of craftsmanship and professional excellence. This approach respects the belief that most people want to do their work well.
  • Transparency over Collaboration: While collaboration is often a goal, it is ineffective without radical transparency about risks and incidents as an absolute prerequisite.
  • Hybrid Target Operating Models: Successful governance increasingly moves toward a hybrid model. This involves decentralized execution to support innovation speed, while maintaining strict central 'guardrail' conditions and a direct reporting line to the board.
  • Strategic Risk Appetite: CISOs must help organizations explicitly define their risk appetite, choosing whether to be a "laggard" or an "innovator" regarding technologies like Agentic AI, low-code development, and post-quantum cryptography (PQC).
  • Implementing the 'Ultimate Measure': For critical continuity, the role now includes overseeing high-level redundancy, such as "three ways for backup" and multi-cloud strategies to ensure availability under any circumstance.

As we navigate the roadmap toward 2026, the challenge remains to anticipate "Unknown Unknowns" and build the radical transparency necessary for collective national resilience.

Read more about:
CISO
Cybersecurity
DKI
Digital Trust
Governance
HRO
Leadership
innovation
resilience