Is the cyber security of Dutch companies lagging behind?
Every year, PwC conducts the Digital Trust Survey, a global survey of over 3,500 corporate executives on cyber security challenges and the measures that organisations are taking. The report for 2022 was recently published. One interesting conclusion here caught my eye, specifically that Dutch companies are lagging behind the rest of Western Europe. This is indeed disturbing news at a time when we see headline after headline about hacks and ransomware attacks. And, as former CISO and current CTO of Solvinity, a secure managed IT services provider, security is a constant theme in my life. Time to emigrate?
Among other things, the report states that major cyber risks are far from being fully mitigated in the Netherlands. In Western Europe, about a third of respondents say the risks inherent in enabling people to work from home have been fully addressed. In the Netherlands, only a fifth do.
And about 35% of Dutch companies plan to cut their cyber budget in 2023. That sounds crazy when the number of attacks just keeps increasing. In Western Europe, more than half of companies actually want to increase their cyber budget, and globally the figure is 65%.
If something sounds crazy, then is it?
In many cases, there is a logical explanation. First of all, it isn’t immediately clear which countries are meant by ‘Western Europe’. For example, does this include Spain, the UK and Germany, or not? This is important for interpretation, because different countries have different starting points. In the Netherlands, 80% of the population was using the Internet in 2005, but Western Europe, as a whole (UN definition) didn’t reach 80% until 2014 (Ourworldindata.org, 2023). The Netherlands leads the way and is the second most ‘digitally competitive’ country, after Switzerland (Statista.com, 2022). For a long time now, the Netherlands has also had one of the most digitised governments, financial service providers etc. in the world.
On the one hand, the Netherlands started investing earlier; we saw the urgency in time. With that edge, the opportunity for the Netherlands now lies in further optimising and automating to reduce costs. With this higher maturity, Dutch targets may be more ambitious and the insight into risks more realistic. A ‘percentage point of extra security’ (if this could even be measured) in an IT infrastructure that is more mature in terms of security is also much more expensive than in an IT infrastructure where there is still a whole lot to be improved.
On the other hand, the labour market in the Netherlands is tight – especially in the IT and cyber security fields. This may also lead to lower investments, because projects do need to be feasible. This will certainly be a factor. Keeping up with all the developments around cyber security is increasingly becoming the prerogative of the big boys or specialised companies that have more generous budgets and/or the latest technologies at their disposal. Techies place great importance on their content development, so this must function without a hitch.
Stay on top
All in all, as one of the most digitised countries in the world, it is important for the Netherlands to continue taking cyber security seriously. There is innovation in cybercrime every year – but a lot of incidents are prevented through good, innovative cyber security. I can say without a shadow of a doubt that we at Solvinity do our utmost every day for each and every customer, and we make no concessions. So no, I don’t plan on emigrating any time soon.
When it comes to security, we are keen on staying on top of things. To get an up-to-date picture of the state of affairs regarding security at Dutch organisations, we are currently repeating our security awareness survey from 2020. Keep an eye on our website and/or socials for the publication, or subscribe to our newsletter.
Download our whitepaper Public Cloud Security
Strategic choices for a secure IT environment
This white paper discusses the most important points of attention and pitfalls for a securely set up public cloud environment on the basis of five ‘layers’. Each chapter contains specific handles with which you can give direction to your public cloud strategy.