Rencontre avec Claus Cramon Houmann, CIO de Banque Öhman

Claus-Cramon-HoumannWhat do you think about CIONET Agenda 2015 topics around Digital Lëtzebuerg: Value of IT, e-Skill, Agility & Flexibility, Fintec?

I think the topics are fun, there should also have been a topic around creating a centre for “disruptive tech” since this would long-term help make Luxembourg an IT capital.

In which of these groups do you see your contribution (two is possible)?

I could contribute to Fintech, and maybe 1 more if you’re missing people. Don’t know which other.

Could you develop more on: cost of security where is the line?

a. Some are arguing that all security related expenses should be put on separate budgets, not shared with the rest of the IT or other budgets

b. Security budgets should get a larger share of the overall IT+security budgets combined

c. If possible for individual companies, the overall share of the total budget allocated to IT+Security combined should be increased. This is cheaper than cleaning up after a breach.

d. If none of the above are possible, then you must increase your defensive capabilities within unchanged or maybe even declining budgets. This is also possible, however not recommendable

e. Risk Assessments aligned to business realities must lead the way for security functions. How much risk dare you expose yourself to? How much must you expose yourself to to be able to have a financially viable business case?

f. Doing nothing means exposing your business to hackers who can and will take everything you got, and do who knows what with it.

CCSF: catch up on security where regulations are increasing fast? How important you see this aspects?

CSSF are successfully raising the “bar” meaning the average level of quality for financial institutions in Luxembourg, in many areas. However, in IT, they’ve fallen dreadfully behind and this poses a risk to the whole financial environment in Luxembourg. Most companies will not do much more than they absolutely have to, so we have to raise the bar for what they have to. Long term, we need the level of security to be high to be able to attract both skilled technicians but also to be attractive in the future to new and existing financial institutions. It also has to be done the right way so as to not be an extra unreasonably high compliance burden that companies have to bear. It has to be done exactly right.

Leave a Reply

Your email address will not be published. Required fields are marked *