The Association of the Luxembourg Fund Industry (Alfi) launched its NextGen podcast series as part of its commitment to attracting young professionals and getting them more involved in the investment fund community. These dialogues, between an experienced professional and someone at the early stages of their career, the “nextgener”, offer insights into the current state of Luxembourg’s financial centre and the changes it has undergone over the last two decades.

Cybercrime damages are anticipated to reach US$10.5trn (around €9.6trn) in 2025, according to a report by eSentire, a cybersecurity firm. With average data breaches costing around $4.35mn (around €4m), today’s financial landscape demands innovative approaches.

The latest Alfi NextGen podcast brings together two individuals to discuss just that. Although PwC Luxembourg Advisory Partner and Cybersecurity Leader, Koen Maris, and Talan Luxembourg Information Security Officer, David Morgan are in different stages of their careers, both express concerns that individuals and companies alike need to take cybersecurity risks seriously.

Maris says that when he started his career over 20 years ago, he was happy if he could speak with a head of IT. These days, the “gamechanger” is the fact that “the board is now scrutinising the executive committee” in terms of whether they are truly making the proper investments into cybersecurity.

Even though the field is getting more and more recognised and taken seriously, it’s still seen as a cost centre.

 David MorganInformation Security Officer Talan Luxembourg

Nevertheless, Morgan adds that there can be resistance when encouraging management to adopt new tools, for example. “Even though the [cybersecurity] field is getting more and more recognised and taken seriously, it’s still seen as a cost centre.”

A more regulated field

From the recent EU AI Act to GDPR, NIS2, DORA and beyond, the regulatory environment has intensified over the past 20 years. As Maris puts it, back then, “there was virtually none. If I look back to 2000, there were a few acts, mostly in the US or UK around information technology, but none really on cyber… the word didn’t even exist.” He applauded when the GDPR took effect, for example, because “it changed the way we looked at things.”

If I look back to 2000, there were a few acts, mostly in the US or UK around information technology, but none really on cyber… the word didn’t even exist

Koen MarisAdvisory Partner and Cybersecurity LeaderPwC Luxembourg

Morgan, who started off as a developer and then gradually began his role as an information security officer, explains that the governance and regulatory aspects of cyber fell on him. “It was a blessing and a curse because it’s really interesting, but it can be tedious and sometimes doesn’t get the recognition it deserves internally.” 

AI as an accelerator

With the advancement of AI comes the increased possibility that the landscape will shift even further. “It will provide us with more tools and insights. The zero-trust part is definitely shaping the way we have to look at things,” Maris says.

Morgan also sees AI as an accelerator. “If both sides have AI, to an extent, I think it’s really to the attackers’ advantage,” he explains. “This accelerator really leads to a situation where their efforts to attack a small part of your network really get sped up, whereas you have to go through all the motions to get things approved… this can be a great challenge.”

Listen to the full episode of The Finance NextGen podcast at the Alfi website

Related articles