Koen Maris, Advisory Partner & Cybersecurity Leader at PwC Luxembourg; Credit: PwC Luxembourg

This year's edition of the PwC Cybersecurity and Privacy Day took place on the Crystal Park premises of PwC Luxembourg on Thursday 13 October 2022; over 250 attendees were present at this in-person event.
 
This year's main focus was on critical infrastructure protection, a timely topic as cyber threats become more sophisticated and increasingly target operators of critical infrastructure, industries and organisations.
 
Closing the event, Koen Maris, Advisory Partner and Cybersecurity Leader at PwC Luxembourg, thanked all the participants and organisers for their time and emphasised that "critical infrastructure suffers the same cyber issues as other organisations, but with one significant difference: if it fails society gets hit".
 
CISOs & DPOs survey
 
One of the highlights this year was the exclusive presentation to attendees of insights from the first edition of the only survey dedicated to chief information security officers (CISOs), information security officers (ISOs), data protection officers (DPOs) and privacy experts in Luxembourg: the "Out of the shadows: CISOs & DPOs in the spotlight!" survey 2022. The session was hosted by Alain Herrmann, Data Protection Commissioner at CNPD (Commission Nationale pour la Protection des Données), Antonin Jakubse, Privacy Senior Manager at PwC Luxembourg, Marc Lemmer, Data Protection Commissioner at CNPD, Cédric Mauny, President of CLUSIL, and Maxime Pallez, Cybersecurity Senior Manager at PwC Luxembourg.
 
With the growing importance of these roles in mind, PwC Luxembourg, CLUSIL and the CNPD collected 90 responses from CISOs (41%) and DPOs (47%) within Luxembourg (the remaining 12% represented respondents with both roles).
 
Home-based working, companies transitioning to digital workspaces or public cloud, an escalating number of cyberattacks and the growing complexity of information systems, evolving legislation and enforcement, better informed data subjects - these and many other factors have further increased the importance of the roles of CISOs/ISOs and DPOs in the last few years.
 
The eight key takeaways from this survey were:
 
- ensure that any potential conflicts of interests in your role(s) have been assessed, evaluated and documented;
- involve CISOs and DPOs at the earliest stages of any project; it can save you time and money if you do this to improve the security and privacy level of the processed data;
- use information security and data protection to empower and facilitate your business-as-usual operations;
- use information security and data protection to further increase the trust and confidence of your staff, customers and other stakeholders by focusing not only on protecting your business, but also the data subjects;
- encourage the sharing of information and practices between DPOs and CISOs through formal and informal sessions;
- assess thoroughly the CISO's position within the company;
- take necessary measures to provide sufficient budget and training to CISOs and DPOs;
- ensure that CISOs' and DPOs' advice on the information security and data protection path is enforced by top management and that the rest of the organisation carries it through consistently and makes it work.
 
Antonin Jakubse, Privacy Senior Manager at PwC Luxembourg said of the survey: "Privacy without cybersecurity doesn't work. The collaboration of CISOs and DPOs is paramount in order to protect data and ensure privacy".
 
 
International and local speakers
 
Speakers at PwC Cybersecurity & Privacy Day 2022 included:
 
- Paul Rhein from the Governmental Computer Emergency Response Team Luxembourg (GOVCERT.LU) within Luxembourg's Ministry of State, which oversees the management of cybersecurity incidents compromising Luxembourg, its citizens or its economy and is responsible for receiving, reviewing and responding to reports of such. Mr Rhein emphasised that there is a need to cooperate and collaborate: "We can't solve issues as a single organisation, we need to do it together";
 
- Eric Kalajzic from Belgian Defence gave a sobering talk on critical infrastructure in an interconnected world, concluding that infrastructure is a top target for intelligence services. He emphasised that permanent risk assessment and checks are necessary on a regular basis and legal frameworks are key in our democracies. 
 
- Christian D'Cunha from DG CONNECT of the European Commission posed the question, "Can you have privacy without cybersecurity?", and concluded that the answer was no. When you are in the cyberworld, you are interfering with personal data, hence privacy is affected;
 
- Dalia Khader from Swiss Life and Donia El Kateb from the European Investment Bank (EIB) delivered a presentation using well-known examples of cyberhacks and security breaches, taking the audience on a journey from the past to the present with lessons learned that could be applied to the future;
 
- Jean de Chillou from the CSSF, Luxembourg's financial regulator, gave a presentation on how the CSSF and the Banque centrale du Luxembourg (BCL) adopted the "Threat intelligence-based ethical red teaming" (Tiber) framework last November. This European system makes it possible to launch real-fake cyberattacks against financial or banking institutions, to test their resilience.
 
Pitching Competition - People's Choice Award
 
After an international call for submissions, PwC Luxembourg selected five cybersecurity companies with relevant solutions for the Luxembourgish market: Exeon Analytics AG  (Switzerland), Filancore GmbH (Germany), Fortinium AG (Switzerland), KeyCaliber (US) and SHAREKEY Swiss AG (Switzerland). During the event, the audience could vote for their favourite solution. The winner of the People's Choice Award was SHAREKEY Swiss AG.
 
The second award, the Cybersecurity & Privacy Solution of the Year Award, will be conferred by the jury to the candidate that demonstrated excellence at all levels, from strategy to execution. The winner will be revealed at the Awards & Gala Night, in the framework of Cybersecurity Week Luxembourg, on 20 October 2022.