Chantal Vergouw

Could you briefly introduce yourself?
My name is Chantal Vergouw, member of the Executive Board at KPN, and responsible for Business Markets. At KPN, we help entrepreneurs, SMEs, and large organizations in the Netherlands to move forward. From smart connectivity to advanced ICT and IoT solutions, we support businesses in every phase of their digital journey. Whether it’s a self-employed professional or a mission-critical sector, our role is to empower the businesses that form the backbone of our economy. We do this with reliable connectivity, smart digital solutions, and a strong focus on digital resilience — in both Telecom and ICT — because when businesses thrive, our country thrives. And as technologies like the Internet of Things connect more devices across borders, our impact — and responsibility — increasingly extends beyond the Netherlands.
What drives me is the conviction that digital trust is the foundation of our future economy. And trust doesn’t exist in isolation — it’s something we build together. That’s why I see cybersecurity not just as a technical challenge, but as a societal one. I believe in the power of collective resilience. No single organization can defend itself against today’s complex cyber threats alone. We need stronger public-private partnerships, more real-time information sharing, and above all, a shared sense of responsibility. That requires courageous leadership, transparency, and the willingness to act beyond self-interest.
We see it as our duty — and privilege — to contribute to the broader security ecosystem in the Netherlands. Whether it’s working with government agencies, knowledge institutions or other market players, our goal is to raise the bar together. Because in the end, our digital security is only as strong as the most vulnerable link.

How do you see the current geopolitical landscape influencing cybersecurity risks for financial institutions?
The geopolitical landscape is more unstable than ever. Conflicts no longer happen only on physical frontlines — they’re unfolding in digital space too. Financial institutions are critical infrastructure, making them high-value targets in geopolitical conflicts. We’re seeing an increase in state-sponsored threats, cyber espionage, and coordinated disinformation campaigns. Cybersecurity strategies must therefore go beyond traditional risk management — they must account for political context, hybrid warfare, and digital sovereignty.

In an increasingly unstable global environment, how should financial institutions adapt their cybersecurity strategies?
By becoming more adaptive and less reactive. In today’s volatile environment, it’s not enough to have a once-a-year risk review. Institutions need continuous threat intelligence, agile governance, and cross-functional collaboration. Resilience is no longer about avoiding impact — it’s about recovering fast and learning even faster. That means scenario-based planning, stronger crisis readiness, and building cybersecurity into the DNA of decision-making, from the boardroom to the front line.

How do you see the role of AI evolving in cybersecurity defenses?
AI is both a risk and a tool — and we need to treat it as both. On the one hand, attackers are already using AI to scale phishing, manipulate content, and identify vulnerabilities faster. On the other hand, AI helps defenders by enabling early detection, predictive analytics, and rapid response. The challenge is not just in adopting AI, but in doing so responsibly — with transparency, human oversight, and ethical guardrails. AI will amplify both our strengths and our weaknesses, so we need to be deliberate in how we use it.

What are the most effective ways to foster a cybersecurity – aware culture within financial organizations?
Culture starts at the top. When leadership treats cybersecurity as integral to business strategy — not just an IT concern — the rest of the organization follows. Storytelling is also powerful: help people understand the “why” behind policies, and connect cybersecurity to their own roles. Make it practical, relatable, and ongoing — not a one-off training. And celebrate good behavior, not just punish mistakes. A mature cyber culture is built on trust, clarity, and shared responsibility.

How does regulatory pressure influence the way financial institutions approach cybersecurity? Do you see it as a driver of resilience or a burden? Regulations can feel like a burden when they’re seen as a checklist. But when viewed as a framework for building long-term resilience, they’re invaluable. Good regulation creates a baseline, drives investment, and levels the playing field. The key is proportionality and dialogue — engaging regulators early and focusing on outcomes, not just compliance. Institutions that go beyond the minimum and embrace the spirit of regulation tend to be more resilient.

What lessons can the financial sector learn from cybersecurity leaders in other industries?
The tech and defense sectors have long embraced agility, red teaming, and a fail-fast mentality. The financial sector can learn from that — especially in how they simulate attacks, test assumptions, and invest in anticipatory capabilities. Healthcare, on the other hand, has valuable lessons in privacy, data ethics, and public trust. No sector has all the answers, but the ones that collaborate across boundaries and industries tend to be better prepared for the unknown.

If you could give one key piece of advice to financial institutions preparing for the next generation of cyber threats, what would it be?
Don’t wait for certainty — lead through uncertainty. The nature of cyber threats is evolving too fast for perfect foresight. Build the muscle to act with limited information, to collaborate across silos, and to recover gracefully. Cybersecurity is not about eliminating all risk — it’s about creating a culture and system that can absorb shocks and come out stronger. That requires leadership that is not just technically informed, but also purpose-driven, people-oriented, and future-ready.