Rick van der Kleij

Functie:
Professor at Avans University of Applied Sciences and sr. cybersecurity researcher at TNO

Dr Rick van der Kleij is a psychologist with a keen interest in cybersecurity. In his opinion, cybersecurity must go far beyond implementing new technology. It requires a holistic approach that also considers people, processes, and organizational culture. By focusing on all these critical aspects, organizations can better protect themselves from cyber threats and minimize their potential impact. Hence, cybersecurity is more than just technology and defensive IT support. It’s a holistic and human-centered approach that should empower employees to take the issue seriously and ensure that digital security is built into the fabric of organizations.

Professorship chair

Cyber resilient organizations

Research area: minimizing the imbalance between digital threats and resilience

Digital security is crucial for the safe and uninterrupted functioning of our society. The digital threat for organizations, however, remains as high as ever and changes continuously. In the Cyber Security Assessment Netherlands (CSAN) 2023, the National Coordinator for Counterterrorism and Security (NCTV) warns organizations to expect the unexpected and to adapt their security accordingly (NCTV, 2023).

Hence, all organizations and sectors are inherently attractive to malicious actors. Organizations seemingly uninteresting to attackers may still be appealing as a steppingstone to another primary target. Furthermore, the NCTV continuously warns that cyberattacks compromise the nervous system of society, asserting that cyber resilience in our society is still insufficient, with a notable discrepancy in the level of resilience observed among organizations.

Cyber resilience is a comprehensive term that encompasses various means and methods to counter cybercrime and enhance cybersecurity. It is defined as the ability to prepare for, absorb, recover from, and adapt to adverse effects. For organizations, the ultimate goal is to consistently deliver the intended functions or services.

Reducing the imbalance between digital threats and resilience remains a significant challenge. When organizations fall victim to cyber incidents, they are exposed to financial implications, data losses, and potential damage to their reputation. However, the positive news is that many of these incidents can be avoided or have a reduced impact when protective cyber resilience measures are implemented.

These measures can include simple actions like regularly updating software or implementing multi-factor authentication. Although these actions might seem simple, organizations are not always taking them despite their best intentions. Consequently, there is a gap between organizations that have cyber resilience in order and those that do not.

Organizations that lag behind need assistance in taking the right measures, such as implementing resilience management processes, enabling them to achieve an optimal level of cyber resilience. An optimal level of cyber resilience in this context refers to a level of cyber resilience appropriate for the risks to business operations and continuity of services, based on a sound risk assessment and balanced with the necessary investments to reach that level.

The challenge in closing the gap between the haves and haves-not is acute and requires a broader understanding of cyber resilience. There is little insight into relevant actors, dependencies, and mechanisms of cyber resilience and how they reverberate across cyber-resilience practices. It is also unclear how have-nots can be encouraged to act appropriately to reduce this gap.

Top publications

Van der Kleij, R., van ‘t Hoff—De Goede, S., van de Weijer, S., & Leukfeldt, R. (2023). Social engineering and the disclosure of personal identifiable information: Examining the relationship and moderating factors using a population-based survey experiment. Journal of Criminology, 0(0). https://doi.org/10.1177/26338076231162660

Van der Kleij, R. (2022). From Security-as-a-Hindrance Towards User-Centred Cybersecurity Design. In: Tareq Ahram and Waldemar Karwowski (eds) Human Factors in Cybersecurity. AHFE (2022) International Conference. AHFE Open Access, vol 53. AHFE International, USA. http://doi.org/10.54941/ahfe1002209

Van der Kleij, R., Schraagen, J.M., Cadet, B., & Young, H. (2022). Developing decision support for cybersecurity threat and incident managers. Computers & Security, Vol. 113. 102535. Doi: https://doi.org/10.1016/j.cose.2021.102535

Van der Kleij, R., Van ’t Hoff-De Goede, S., Van de Weijer, S., & Leukfeldt, R. (2021). How Safely Do We Behave Online? An Explanatory Study into the Cybersecurity Behaviors of Dutch Citizens. In: Zallio M., Raymundo Ibañez C., Hernandez J.H. (eds) Advances in Human Factors in Robots, Unmanned Systems and Cybersecurity. AHFE 2021. Lecture Notes in Networks and Systems, vol 268. Springer, Cham. https://doi.org/10.1007/978-3-030-79997-7_30

Van der Kleij, R., Wijn, R., & Hof, T. (2020). An application and empirical test of the Capability Opportunity Motivation-Behaviour model to data leakage prevention in financial organizations. Computers & Security, Vol. 97. 101938. https://doi.org/10.1016/j.cose.2020.101970

Van der Kleij, R., & Leukfeldt, R. (2019). Cyber Resilient Behavior: Integrating Human Behavioral Models and Resilience Engineering Capabilities into Cyber Security. In: Ahram T., Karwowski W. (eds) Advances in Human Factors in Cybersecurity. AHFE 2019. Advances in Intelligent Systems and Computing, vol 960. Springer, Cham. DOI: https://doi.org/10.1007/978-3-030-20488-4_2

Van der Kleij, R. Kleinhuis, G., & Young, H. (2017). Computer Security Incident Response Team Effectiveness: A Needs Assessment. Frontiers in Psychology. doi: 10.3389/fpsyg.2017.02179.

Den Haag - Oude Waalsdorperweg

Oude Waalsdorperweg 63
2597 AK The Hague
The Neterlands

Postal address

P.O. Box 96864
2509 JG The Hague
The Neterlands