For a long time, cybersecurity sat comfortably within the IT department. It was approached as a technical matter: firewalls had to be configured, antivirus software needed updates, passwords had to be managed. The responsibility was clear, and so was the mindset: cybersecurity was primarily about fixing technical vulnerabilities. 

That framing no longer holds.

When we spoke with Eric Van Cangh, Senior Business Group Leader Digital at Agoria and one of the driving forces behind the Cyber Made in Belgium initiative (CMiB), it became immediately clear that the conversation around cybersecurity has fundamentally shifted. Today, cyber resilience is no longer just a matter of technology or infrastructure. It has become a strategic concern that touches the very core of how organizations operate, protect their assets, and maintain trust with partners, customers, and society at large.

In other words, cybersecurity has moved from the server room to the boardroom. And organizations that continue to treat it as a purely technical cost center risk underestimating both the scale and the consequences of the challenge.

“Start by making cybersecurity a management conversation, not just an IT topic.” - Eric Van Cangh

Beyond IT: the overlooked risk of operational technology

A large part of the misunderstanding around cybersecurity still stems from how many organizations frame the problem. When executives think about cyber risk, they tend to picture traditional IT systems: laptops, email servers, cloud platforms, and corporate networks.

But as Van Cangh pointed out, the real exposure increasingly lies elsewhere — in operational technology, or OT.

Operational technology refers to the digital systems that control physical processes: production lines in factories, industrial control systems and infrastructure, and building management systems. These environments were historically designed for reliability and efficiency, not necessarily for security. As industries have become more connected and digitized, those systems have also become more exposed.

“People still tend to think of cyberattacks as something that affects data or office systems,” Van Cangh explains, “but when operational technology is compromised, the consequences can be much more immediate. Production stops, supply chains are disrupted, and even physical safety can be at risk.”

For sectors such as manufacturing, energy, logistics, and healthcare, the implications are profound. In other words, cybersecurity is no longer just about protecting information, it’s equally about protecting operations. 

From awareness to structural change

Over the past decade, many organizations have taken their first steps toward improving cybersecurity awareness. Employees are encouraged to recognize phishing emails and password policies are strengthened. Occasionally, internal campaigns remind staff to stay vigilant.

While these initiatives are valuable, Van Cangh stresses that awareness campaigns alone are no longer sufficient. Cyber resilience cannot rely solely on individual vigilance. It requires a structural approach that integrates technology, governance, and human behavior across the entire organization. 

This shift demands a broader perspective from leadership: cybersecurity must be embedded in strategic planning, risk management frameworks, and operational decision-making. It also requires collaboration between departments that historically operated in separate spheres: IT, operations, legal, compliance, and executive leadership. These perspectives need to come together in order for organizations to build a truly resilient defense against evolving threats.

Cybersecurity as a matter of trust

The stakes extend far beyond internal risk management. In an increasingly digital economy, cybersecurity has become a key factor in maintaining trust between organizations and their stakeholders. Customers expect their data to be protected, partners expect secure collaboration environments, and regulators demand compliance with ever-stricter standards.

A single incident can have repercussions that reach far beyond technical damage. It can affect reputation, disrupt business relationships, and erode confidence in the reliability of a company’s operations. That is why Van Cangh increasingly sees cybersecurity framed as a foundation for trust instead of a risk to be mitigated. Organizations that invest in resilience and transparency signal to the market that they take their responsibilities seriously.

The power of ecosystems

Addressing cybersecurity challenges is not something companies can do in isolation. For many organizations, especially smaller ones, keeping up with its complexity can be daunting: the technological landscapes shift constantly, which leads to threats evolving rapidly and attackers to collaborate across borders. 

This is precisely where an ecosystem approach becomes essential. Through initiatives such as Cyber Made in Belgium (CMIB), Agoria brings together a wide range of actors who all play a role in strengthening the country’s cyber resilience. The ecosystem connects cybersecurity solution providers with industry players, but it also involves key institutional stakeholders such as Cyber Command within the Belgian defence structure, the federal police, the Centre for Cybersecurity Belgium (CCB), and other public partners. Regional innovation actors like VLAIO, Agence du Numérique, and hub.brussels are also part of the conversation, helping to ensure that support, expertise, and innovation reach companies across the different regions.

By bringing together expertise from across the technology sector, the ecosystem creates a space where companies can find trusted partners and share knowledge more easily.

Equally important is the diversity of perspectives within that network. Cybersecurity is not only a technological challenge; it is also a societal one. Initiatives such as Women4Cyber illustrate the importance of building a more diverse cybersecurity community, ensuring that new talent, fresh perspectives, and broader expertise continue to strengthen the field.

For Van Cangh, this collaborative dynamic reflects the deeper motivation behind Agoria’s work and why he gets up every morning: “”Technology for a better world” is not just a slogan,” he says. “It’s what drives us every day.”

Through the CMIB ecosystem and its partners, Agoria aims to contribute — even modestly — to something larger: strengthening the resilience of companies, industries, and ultimately society as a whole.

‍

A practical first step

For companies that are still at an early stage of their cybersecurity journey, the scale of the topic can feel overwhelming. Van Cangh’s advice, however, is surprisingly pragmatic.

“Start by making cybersecurity a management conversation,” he says, “Not just an IT topic.”

That means asking simple but essential questions: Where are the organization’s critical vulnerabilities? Which systems would cause the most disruption if they were compromised? And who in the leadership team ultimately owns the risk? Once those questions are on the table, companies can begin to build a roadmap to gradually strengthen their resilience. 

Because in the end, cybersecurity is not about eliminating risk altogether — that’s an impossible goal in a connected world such as ours. It is about understanding that risk, managing it strategically, and ensuring that organizations are prepared to respond when incidents occur.

And that responsibility starts at the top.