New round table for the growing threats in the cyber area
In 2024, the Cyber Risk Round Table began its work under the coordination of Tobias Synak (Cyber FSI Lead Germany, Deloitte) and Daniel Naumilkat (Cyber FSI Senior Manager, Deloitte). The aim of the round table, in which many representatives from the FIRM network participate, is to address the growing threats in the area of cyber risks and to provide impetus for the development of modern security strategies. To this end, three round tables were organized for an exchange between experts from the financial sector, cyber security consultants and representatives of technology providers. Discussions included current technology trends, regulatory requirements and innovative solutions to strengthen cyber resilience.
Technology trends and cyber security landscape
The first session of the year on February 27 focused on key topics such as technology trends and their impact on the cyber security landscape. Tobias Synak and Daniel Naumilkat showed how increasing digitalization is creating new targets for cyber attacks. Martin Kreuzer (Senior Risk Manager Cyber Risks, Munich Re) provided valuable insights into the biggest threat drivers, including ransomware and supply chain attacks in particular. In addition, the ECB Cyber Resilience Stress Test was presented by Max Kaiser (Cyber Senior Manager, Deloitte).
Cyber strategy and ICT risk management approaches
The second session took place on June 17 and focused on cyber strategy and ICT risk management approaches. Delisa Stone (Partner, Deloitte Netherlands) presented a comprehensive benchmark analysis of a global bank’s cyber strategy. Particular attention was paid to crisis preparedness and the security operations required to safeguard critical functions. Peter Heidkamp (Group CISO / ICT Risk Officer, Deutsche Börse) explained how the company has established a robust governance structure for ICT risks. Another focus was cyber risk quantification, presented by Asdrúbal Pichardo (CEO, Squalify) and Stefan Feiniler (Cyber Senior Consultant, Deloitte), who outlined innovative approaches to assessing cyber risks in monetary terms.
Zero Trust and modern security concepts
On September 27, the third session focused on Zero Trust, a modern security concept that is becoming increasingly important. Led by Marius von Spreti (Cyber Practice Lead Germany & Global Zero Trust Lead, Deloitte) and Martijn Maatman (Cyber Senior Manager, Deloitte), the development towards zero trust architectures was explained. It was emphasized that traditional security approaches are no longer sufficient in view of the current threat situation. Dr. Ralf Schneider (Senior Fellow Cybersecurity, former Group CIO, Allianz) shared his experiences from the practical implementation of Zero Trust in a large corporation. Arnd Gille (Solutions Consulting Senior Manager, Palo Alto Networks) supplemented the discussion with concrete case studies and scenarios on cyber defense, which made it clear how Zero Trust can help to significantly improve the security situation.
A common outcome of all events was the realization that adapting to regulatory requirements such as DORA and NIS2 is essential to ensure long-term security. It was also emphasized that new technologies such as artificial intelligence and 5G offer both opportunities and risks for cyber security. It also became clear that a modern security architecture based on principles such as Zero Trust is an important building block for the digital transformation.
Cyberattacks and geopolitical risks
In 2025, the Cyber Risk Round Table will explore these topics in greater depth. For example, the introduction of new regulatory requirements and the handling of technological innovations will be examined from the perspective of financial companies. The focus will be on questions such as: How is the risk potential for cyber attacks changing due to the latest trends (e.g. AI). What specific dangers arise from geopolitical risks? How can the German financial sector learn from other countries and institutions in the expansion of digitalization? How must banks, insurers, asset managers, etc. position themselves for the requirements of DORA? The round table will summarize the results of the discussions and the latest insights in a position paper.