When leadership meets cybersecurity
The Vinçotte perspective on building trust and resilience in the digital age
The human response to a digital threat
What happens in your organisation the moment someone clicks on that one wrong link? Who takes the lead? Who reports it? And most importantly: who learns from it?
For Ilse Vanderlocht, Managing Director of Vinçotte, that’s the moment when true leadership becomes visible. “Cybersecurity is not just about technology,” she says. “It’s about behaviour. It’s a shared responsibility that starts with trust and clear leadership.”
That belief isn’t just a slogan. It shapes how Vinçotte manages its own internal security. “For example, we have a programme to raise awareness among employees,” Vanderlocht explains. “We regularly send fake phishing emails. We don’t only look at who clicks; we also look at who reports. That’s even more important.”
That approach is deliberately positive. “People must feel safe to report something, even if they were the one who clicked on the malicious link. Otherwise, the organisation doesn’t learn,” she says. “That’s why we’ve made it as easy as possible to report. A simple click in Outlook is enough to flag a suspicious email. And IT responds to every report coming in, so people see that action is actually being taken.”
Patrick Coomans, Global Product Owner Cybersecurity, calls this approach part of a Just Culture: a culture where people feel safe to report mistakes instead of hiding them. “Sooner or later, someone clicks on the wrong link,” he says. “What matters is that they report it immediately. The faster that happens, the smaller the damage. That’s what turns a potential forest fire into a small smoulder.”
From physical to digital safety
For more than 150 years, Vinçotte has been synonymous with safety through inspections, certification, and training in the physical world of machines, installations, elevators, and pipelines.
But today, that world has changed. Those same systems are now digitally connected, bringing new efficiencies and new vulnerabilities.
“We stand for safety and reliability. Not only for our clients,
but also within our own company,” says Vanderlocht.
“That’s why we invest heavily in cybersecurity ourselves. We’re fortunate to have a CISO who really thinks with the business, not just from an IT perspective.”
For Vinçotte, this digital evolution isn’t a break from the past. It’s a continuation of its original mission.
“A century and a half ago, we gave people trust by making sure their steam boilers didn’t explode,” says Vanderlocht. “Today, those same boilers are full of sensors and software that can be hacked. The principle is the same: we build trust by making sure people, systems, and processes are safe — whether physical or digital.”
For Patrick Coomans, this shift is a natural progression. “Digitalisation has massively expanded the attack surface,” he explains. “Hackers now use generative AI to write perfect emails; it’s almost impossible to tell whether they’re real or fake.” He adds with a wry smile: “I sometimes wonder if hackers took customer service training, they’ve become very convincing.”
Behind the humor lies a serious message.
“A cyberattack today is almost inevitable,” says Coomans. “The
question isn’t if, but when. And when it happens, companies often come to a
complete standstill. Production, IT systems, even certification of production
processes; everything needs to be restarted. And this can take weeks to
months.”
Bridging safety and cybersecurity
While many organisations still see safety and cybersecurity as separate worlds, Vinçotte sees them as deeply connected. Both are about trust, continuity, and behaviour.
“As an organisation, we have a role to play in raising cybersecurity awareness among our clients, the same way we’ve always talked about physical safety,” Coomans explains. “The two belong together.”
That connection is not only conceptual, but also strategic.
“Safety can unlock budgets that cybersecurity alone cannot,” says Coomans. “In many companies, the safety department is better structured and funded than IT. By connecting those two worlds, you create real impact.”
This pragmatic approach reflects Vinçotte’s DNA: focusing not on
technology for its own sake, but on people, organisations, and continuous
learning.
“Awareness doesn’t happen in one way only,” Coomans adds. “E-learning modules are a great foundation, but they work best when they’re brought to life with real examples from your own company. When people recognise situations from their daily work, the lessons really stick.”
Coomans often begins conversations with three simple questions that reveal a lot about a company’s readiness:
- When was the last time you tested whether your backups can be fully restored?
- Do you have an incident-response plan and does everyone know what to do if ransomware strikes today?
- Does your organisation have a formal approach to risk management, and does cybersecurity form part of it?
“If the answer to any of those is unclear,” he says, “there’s work to do.”
Leadership as a lever
Cybersecurity truly takes root only when it’s driven from the top. “Leadership plays a crucial role,” says Vanderlocht. “It’s the leadership team that decides whether the topic gets attention and resources. If it doesn’t come from the top, it doesn’t happen.”
Vanderlocht sees cybersecurity as an essential part of enterprise risk management. “Safety has always been a board topic — fire safety, worker safety, process safety,” she says. “Cyber safety must be on that same list. It’s not just an IT risk; it’s a business continuity risk, a reputational risk, and a customer risk.”
That’s why the Vinçotte Academy now offers dedicated training for Board Members and Top Management. Not to turn them into cybersecurity experts, but to help them ask the right questions and take ownership of the topic.
“The issues leadership focuses on are the ones that come to life within the organisation,” says Vanderlocht. One of those questions is deceptively simple: How long does it take between a click and a report in our company?
Trust as the new currency
Vinçotte’s approach to cybersecurity fits into a broader movement: a shift from compliance to resilience, from rules to culture, from checklists to behaviour.
“You don’t build trust with a single audit,” says Vanderlocht.
“It’s a continuous process of learning, improving, and taking responsibility.”
That philosophy underpins the company’s Trust in Digital initiative:
treating cybersecurity not as control, but as culture. Or as Coomans puts it,
“Cybersecurity is the means, Trust in Digital however is the return on
investment. It’s how you show your clients, investors, and regulators that your
organisation will endure because it’s resilient.”
He compares it to the old Intel Inside sticker on laptops.
“Companies are starting to treat cybersecurity the same way. As something they proudly show,” he says. “Best in class companies even publish a dedicated Trust Page on their websites to explain what they do, which standards they meet, and how they handle incidents. It’s becoming part of their brand.”
Ultimately, says Coomans, the goal is to move from compliance-driven to value-driven cybersecurity.
“When people apply the same awareness at home such as protecting their kids online or helping their parents spot scams, that’s when you know the culture has truly changed. It’s not about ticking boxes. It’s about living trust.”
Vinçotte’s message is clear: cybersecurity is not just a technical challenge. It’s a human one. It’s about leadership, trust, and a healthy dose of distrust. And those are precisely the values Vinçotte has stood for since 1872.