Lisa Rooij is a PhD Researcher at Tilburg University, where she conducts research into the governance of cyber security patching in organizations as a member of the NWA THESEUS project. As part of this research, she investigates existing legal frameworks and regulatory governance mechanisms on cyber security and data breach liability. Additionally, she plans to analyze the role of cyber insurance in current patching risk assessments and vulnerability response practices. These factors will then be considered alongside academic perspectives in order to determine what types of regulatory intervention are desirable and at what level of governance, to ultimately facilitate essential improvements to patching practices and prevent third-party damages. These findings will then be utilized to deliver recommendations to stakeholders and legislators to improve and incentivize patching rather than regulating liability once damages occur, both at a national and EU level.