Disem Institute

a sound and solid security strategy 


Dynamics in Cyber Security


Many organisations have unprotected data and insufficient cyber security measures. Current examples are legion. The Cyber Security Council’s conclusion is no small matter: ‘There’s a lot of low- hanging fruit’. A cynical observation for those who fail to take adequate measures to prevent hacking.  With often far-reaching consequences. Do finance professionals play a relevant role in this?

In this day and age, the cyber security in organisations is often strongly interwoven with the employees, the processes and the technology. Cyber security responsibility is often divided among different people and departments. This makes cost and investment issues regarding digital security hard to fathom. De-cision making is slow and complex. This way, incorrect risk estimations and investment considerations could lead to significant additional costs in order to correct and repair. And in some situations even to a considerable threat to the organisation’s continuity.

There is a reciprocal, complex dynamic relation between the behaviour of the attacker and the defence of the organisation, its business operations and  IT, finances and risk management. These complex dy-namics within this ecosystem make it difficult for finance professionals to carry out adequate cost and investment analyses. Besides this, typical of cyber security is that well-known and common principles of cost allocation are often counterintuitive.

The finance professional is responsible for cost modelling, cost analysis and investment advice regard-ing cyber security. A good and practical understanding of the relation is therefore necessary. In addi-tion, this competence also helps gain the correct and necessary information to support adequate deci-sion making. The central position of the finance professional within an organisation provides excellent opportunities for this.


This classroom course, which is divided into three parts, has the following objectives:

1. To develop the skill of thinking systemically and dynamically.

2. To discover the deep and dynamic relation between the attacker and the defence of the organisation, its business operations, IT, finances and risk management.

3. To understand that improvements in one area can lead to problems in another.

4. To learn, using the existing structures within the ecosystem, to:

a. Develop a sustainable cost model for cyber security,

b. To create qualitative and effective cost forecasts and investment analyses in order to provide adequate management information.

5. To recognize early the build-up of exceptional situations (outliers and game changers) to:

a. Take into account the correct elements in forecast, and cost and investment analysis,

b. Be able to adjust in time.


This course emphasizes that (the costs of) cyber security (are) is a joint responsibility and argues that cyber security should be considered a regular business administration and financial focus area.

This 2-day course is divided into three parts and structured as follows:

• Part 1: Unravelling dynamic complexities.

• Part 2: Forecasting and financial analysis.

• Part 3: Outliers and game changers.

Target audience

The finance professional, either working in business or in the public sector, who wants to make an im-portant contribution to a solid and sustainable cyber security strategy and who therefore wants to know how relevant ecosystems have an influence on the costs and continuity of the organisation. Basic knowledge of cyber security is required. 

Course availability

This course (in Dutch) is regularly available a webinar or in class-session in the Dutch Market through open enrollment by "NBA opleidingen". For more information on this Dutch course go to their website and search for "dynamiek in cyberveiligheid". 

For training in English, other formats, or international offerings, please contact us.

Contact Us