Guardian360
Start free trial
← All posts

Cybersecurity

Larry is still in the building

By Jan Martijn Broekhof ·

At CyberForward 2026 in Hilversum, State Secretary Willemijn Aerdts opened with a hook that landed: the story of Leisure Suit Larry. A game, a floppy disk, a virus, and a continent of organisations that had no idea what was running on their systems. She used it to make a point about where we stand now. Digital security, she argued, is about much more than technology. It requires collaboration between disciplines and sectors. She is right. But the Larry story deserves a closer look, because it is more current than it might seem.

If you were working in IT in the late eighties, you probably remember the game. If you were not, here is the short version: nurses in a Dutch hospital were playing an infected copy on the patient status registration system. Banks in Switzerland, Germany, and England lost swathes of data. The virus, known as Jerusalem or Friday the 13th, would silently spread across every executable file it touched, and on every Friday the 13th it would start deleting them.

Nobody in those organisations set out to cause a breach. Someone simply ran something they were not supposed to run, on hardware that was supposed to be doing something else entirely. The organisation paid the price because it had no visibility into what was actually happening inside its own systems.

That was nearly 40 years ago. The question Aerdts implicitly raised at CyberForward, and the one worth sitting with afterwards, is whether we have actually learned anything.

Larry never changed. Only his outfit did.

The Jerusalem virus spread via floppy disks. Today, the mechanism is a browser tab. According to Verizon’s 2026 Data Breach Investigations Report, shadow AI detections in enterprise environments rose fourfold in a single year, with 45% of employees now using AI tools regularly on corporate devices. Two thirds of office professionals admit to using AI tools at work despite believing their use is against company policy. They are not doing it to cause harm. They are doing it because it makes their work faster and easier. The same reason someone slipped a game disk into the office PC in 1988.

The data that leaves through those browser tabs is not nothing. According to IBM’s 2025 Cost of a Data Breach Report, breaches involving shadow AI cost organisations an average of 70,000 more than other incidents, and took an average of 247 days to detect. When an employee pastes a customer file, a financial report, or a draft contract into an unvetted AI tool, that data enters a processing pipeline the organisation knows nothing about.

Larry never left. He just updated his software.

Why is this relevant for boards and management teams?

It would be easy to read the paragraph above and hand it to the IT department. That would be the wrong response.

The reason organisations were surprised by Larry in 1988 was not that their IT teams were incompetent. It was that no one had asked the structural question: what is actually running in this building? That question was not an IT question. It was an organisational one. The answer required authority, policy, and a culture where people felt able to be honest about what tools they were actually using.

The same is true now. IT teams cannot govern what they cannot see, and they cannot see what employees install, connect, or paste data into via their personal accounts and browser-based tools. That gap does not close with another firewall. It closes with leadership.

If you are a board member or manager reading this, you are not the victim in this story. You are the person who can actually change it.

What Aerdts got right: this is a collaboration problem

The framing Aerdts offered at CyberForward was not about technology. It was about how the Netherlands, its organisations, and its sectors work together to build genuine digital resilience. That is the right frame.

The organisations that will handle the modern version of Larry well are not necessarily the ones with the largest security budgets. They are the ones where the board asks uncomfortable questions, where employees can raise concerns without fear, and where someone has taken the time to build a picture of what is actually running across the organisation’s digital environment. That picture is the prerequisite for everything else. You cannot prioritise what you cannot see.

Collaboration here means something specific. It means the CISO and the CFO having the same conversation. It means the IT manager and the HR director agreeing on what counts as an approved tool. It means the MSP or security partner having enough visibility into the environment to do their job properly. None of that is purely a technical problem.

What does ‘seeing Larry’ actually look like in 2026?

The practical question is not whether your organisation has been breached. It is whether you would know if it had. And whether you know what is running in your environment right now.

That means having an up-to-date asset inventory: not just servers and firewalls, but endpoints, cloud services, SaaS applications, and the devices people use to connect. It means knowing which AI tools your teams are using, officially and unofficially. It means running regular scans so that new vulnerabilities surface before attackers find them. And it means making that information visible to the people who need to make decisions, not just to the people who generated it.

A short note on positioning: Guardian360 builds the Lighthouse platform, which helps organisations and their partners do exactly this. I am aware that this is my commercial interest, and I am stating it plainly. The point stands regardless: the organisations that were surprised by Larry in 1988 were not missing more locks. They were missing a window.

The question to take away

Aerdts called for collaboration. That is the right word. But collaboration requires a shared picture of reality, and for most SMEs, that picture is still missing. The threat has not changed in 40 years. A person inside the organisation, doing something that seemed harmless, ran something they should not have, on a machine that was supposed to be doing something else.

Here is the question worth sitting with: when did you last ask your teams what software and AI tools they are actually using? Not what is on the approved list. What is actually running.

If you cannot answer that with confidence, Larry might already be in the building.