One in five Dutch companies harmed by cyberattacks in 2024
;%20}%20.cls-2%20{%20fill:%20url(%23linear-gradient-2);%20}%20.cls-3%20{%20fill:%20url(%23linear-gradient-4);%20}%20.cls-4%20{%20fill:%20url(%23linear-gradient-5);%20}%20.cls-5%20{%20fill:%20url(%23linear-gradient);%20}%20%3c/style%3e%3clinearGradient%20id='linear-gradient'%20x1='8.089'%20y1='-4.628'%20x2='8.089'%20y2='17.703'%20gradientTransform='matrix(1,%200,%200,%201,%200,%200)'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20offset='0'%20stop-color='%23005eff'/%3e%3cstop%20offset='1'%20stop-color='%2300b2ff'/%3e%3c/linearGradient%3e%3clinearGradient%20id='linear-gradient-2'%20x1='12.007'%20x2='12.007'%20xlink:href='%23linear-gradient'/%3e%3clinearGradient%20id='linear-gradient-3'%20x1='12.007'%20x2='12.007'%20xlink:href='%23linear-gradient'/%3e%3clinearGradient%20id='linear-gradient-4'%20x1='15.926'%20x2='15.926'%20xlink:href='%23linear-gradient'/%3e%3clinearGradient%20id='linear-gradient-5'%20x1='12'%20x2='12'%20xlink:href='%23linear-gradient'/%3e%3c/defs%3e%3cpolygon%20class='cls-5'%20points='6.413%209.134%206.413%2015.125%209.765%2012.129%206.413%209.134'/%3e%3cpath%20class='cls-2'%20d='M12.492,13.663c-.302,.255-.747,.248-1.04-.018l-.698-.632-3.062,2.737h8.631l-3.062-2.737-.769,.649Z'/%3e%3cpolygon%20class='cls-1'%20points='16.613%208.25%207.402%208.25%2012.007%2012.366%2016.613%208.25'/%3e%3cpolygon%20class='cls-3'%20points='17.601%2015.125%2017.601%209.134%2014.25%2012.129%2017.601%2015.125'/%3e%3cpath%20class='cls-4'%20d='M19,2H5c-1.66,0-3,1.34-3,3v14c0,1.66,1.34,3,3,3h14c1.66,0,3-1.34,3-3V5c0-1.66-1.34-3-3-3Zm0,14.08c0,.51-.41,.92-.92,.92H5.92c-.51,0-.92-.41-.92-.92V7.92c0-.51,.41-.92,.92-.92h12.16c.51,0,.92,.41,.92,.92v8.16Z'/%3e%3c/svg%3e)
Greatest harm caused by financial loss, loss of data and disrupted operations
Threat of state actors underestimated, despite the digital domain increasingly being used for geopolitical conflicts
Businesses not properly aware of European legislation intended to boost their resilience
Cyber resilience of Dutch companies not keeping pace with the level of threat
One in five Dutch companies suffered harm from cyberattacks in 2024. Among large corporations, that number rises to three in ten. The most common form of harm was financial loss, followed by loss of customer data and disrupted operations.
These are some of the findings from a cybersecurity survey that ABN AMRO and MWM2 conducted among 788 businesses. Almost every one of the organisations surveyed reported having been hit by a cyber incident at one time or another. Nevertheless, they remain confident in their own resilience against digital breaches, particularly smaller businesses. Their focus is chiefly on prevention such as antivirus software and firewalls. However, they fall short on proactive measures to detect cyberattacks and recover from hacks. ABN AMRO describes this as concerning, given how quickly the financial losses can accumulate and the possible strategic risk if the company loses its customers’ trust or if its intellectual property is stolen.
New threats emerging as geopolitical tensions increase
The playing field is becoming even more complex with the emergence of new threats such as generative AI and deepfakes. And geopolitically motivated attacks continue unabated. Even so, there is a wide gap between the risks companies perceive from such attacks and the real danger. This is a concern, explains TMT Sector Banker Julia Krauwer of ABN AMRO. “Geopolitical tensions are triggering cyber incidents, including in the Netherlands. State actors target companies’ digital supply chains, often working together with cybercriminals. Authoritarian regimes are using digital methods to create chaos and weaken Europe. They seek out specific targets – such as critical infrastructure and healthcare – and insinuate themselves through weaker links in the supply chain. That is why it is so important for every organisation to take its share in the responsibility for our collective digital resilience. Despite this, only nine percent of all companies regard state actors as a serious threat.”
Companies not properly prepared for new European rules
The recent NIS2 Directive and the new Cyber Resilience Act are intended, at the European level, to improve the cyber resilience of essential sectors. NIS2 sets out various obligations for companies, including in terms of risk management, incident reporting and supply chain responsibility. However, this Directive is still largely unknown. Krauwer explains, “Only two thirds of large corporations are aware of the NIS2 rules, and fewer than half of all SMEs. Although many SMEs are too small to be in scope for compliance with NIS2, they might be faced with the rules indirectly. For example, they could be unprepared for questions about their cybersecurity from customers that do fall within scope of the rules. Many companies also still have to take the final steps to become compliant. It is vital that they do this, since the legislation will come into effect in the third quarter of this year.”
Financial support and advice for companies
This is confirmed by ABN AMRO Information Security Risk Officer Richard Verbrugge. “With large companies having better security in place, it is becoming increasingly common for cybercriminals to target SMEs. Unfortunately, many of those SMEs are not fully aware of the risks. A cyberattack could affect not only their company, for instance, but also its suppliers and in some cases the entire supply chain.” ABN AMRO supports businesses that want to improve their digital resilience. For example, the bank helps them to protect their data, privacy and transactions so that they can do business safely. The bank also hosts webinars for corporate clients, shares information on its website, offers special insurance and works with its cybersecurity partner MMOX to advise companies about improving their cybersecurity.