Our website uses cookies to create a better user experience. To optimize the website we ask that you accept the cookies:

I agree I disagree
2021 2022 2023


“We need to delve deeper to examine third-party risks”

Mastercard is undergoing a transformative journey beyond its traditional financial services. In an era rampant with cyberthreats, its approach involves rigorous research and a paradigm shift in how cybersecurity is perceived and managed. Maikel Ninaber, Director of Cyber & Intelligence at Mastercard, reveals its pioneering strategies, illuminating the need for comprehensive risk assessment and innovative tools to navigate the evolving cybersecurity landscape, and to adhere to stringent regulatory frameworks.

Maikel Ninaber

Director of Cyber & Intelligence at Mastercard

While Mastercard has long enjoyed global recognition for its role in payment solutions, its more recent commitment to cybersecurity is less widely acknowledged. “Through our payment cards, we’ve established a strong foundation of trust. This trust is what we aim to replicate in our cybersecurity solutions. As a prominent player in the global financial sphere, we understand that we are among the most targeted companies worldwide, giving us substantial experience with cyberattacks,” explains Maikel Ninaber. 

In pursuit of this objective, the company is dedicated to, among other initiatives, comprehensive research and analysis of the existing cyber landscape. “Our research indicates there will be a significant transformation within the cyber ecosystem in the upcoming years. Approximately 75 percent of employees will interface with technologies operating beyond their traditional IT systems. Consequently, third-party risks will surge, both in quantity and scope. This will inevitably lead to both a substantial escalation in cyber risks and in the repercussions of incidents, with breach costs potentially increasing as much as sevenfold,” Ninaber continues.  

Reimagining security: examining each “ingredient” 

At present, however, effective security measures involve continuous monitoring to mitigate risks that might not be entirely clear. “The truth remains that, for numerous services, we lack comprehensive insight into all the involved entities and systems. And adapting to this reality will require a change in approach. In current day-to-day practices, regrettably, responses are often reactive, occurring only after an incident has taken place - by which time it's too late.”  

This context thus necessitates a paradigm shift in identifying potential risk contributors. Maikel Ninaber: “Our goal should be to create a framework where we don't merely scrutinise and assess products based on associated risks at a surface level. Rather, we must delve deeper into examining the ‘ingredients’ of each product, and apply risk analysis at this granular level. For every product and supplier, an assessment of these ingredients becomes imperative, as they constitute potential layers where vulnerabilities might manifest.” 

Tools tailored to a new reality  

To facilitate this transition, Mastercard itself offers an array of tools. “Our aim is to equip the ecosystem with tools that foster a novel approach towards understanding third-party risks. This symbiotic relationship between our studies, landscape analyses, and tool development underlines their intrinsic coherence. These tools don't merely offer insights into the complex risk landscape; they also contribute by pinpointing critical areas of concern and delineating necessary remedial measures. Additionally, they prioritise actionable steps,” adds Ninaber. 

Legislation takes on a pivotal role in this endeavour. “Our suite of tools is distinguished from others, as it aligns with regulatory initiatives such as NIS2 and the Digital Operational Resilience Act (DORA). Companies can use these tools to effectively chart their compliance with the stringent regulations. This, in turn, furnishes them with comprehensive guidance, enabling international benchmarking without extensive survey efforts,” Maikel Ninaber concludes.