Fewer Dutch firms hit by cyberattacks, but AI threats loom

Fewer businesses in the Netherlands were hit by a cyberattack last year, and fewer suffered any damage, according to research by bank ABN Amro and agency MWM2. The same study warns, however, that firms are poorly prepared for a new wave of threats driven by AI, and too dependent on US tech companies.

The survey of 777 organisations found that 60% of small and medium-sized firms were hit by malware, phishing or a data breach, down from 72% a year earlier.

Among the self-employed the figure fell from 57% to 48%, and among large firms from 79% to 76%. The share of companies that suffered actual financial or operational damage dropped from 20% to 15%.

Something was clearly working, because the number of attacks itself had not fallen, ABN Amro sector analyst Julia Krauwer told the Financieele Dagblad. She put the improvement down to stronger basic defences – firewalls, faster detection of suspicious activity and better passwords. ABN Amro carries out the survey each year.

Data attacks 
The findings come amid a run of high-profile hacks. Telecoms firm Odido suffered the largest breach in Dutch history in February, exposing data on 6.2 million current and former customers. Medical software supplier Chipsoft had patient records stolen in April, and hackers took the personal data of almost all of the 32,000 residents of the Gelderland town of Epe the same month.

Krauwer said the research showed no sharp rise in data leaks, and that it was a coincidence that several large Dutch companies were hit in quick succession. Such incidents draw heavy media attention, she said, because they touch individuals’ privacy directly.

Preparation and safeguards are insufficient, the research showed – only a quarter of SMEs have a plan ready for a cyberattack and 43% have never rehearsed for one. AI is making attacks faster and weak spots easier to find, Krauwer said, and makes it simple for criminals to impersonate people.

Nearly a third of firms also worry that staff using assistants such as ChatGPT and Claude could leak sensitive data, yet fewer than one in ten SMEs has a policy on it.

Reliance on US tech
Almost half of firms reported a heavy reliance on a few US cloud and tech giants such as Microsoft, Amazon and Google. The report says that is a business risk: the US government could demand access to data, and providers could block or alter services.

Those concerns come amid the political row over DigiD, the login system millions use for government services, whose operator Solvinity the cabinet blocked from sale to US firm Kyndryl on national security grounds.

Nearly two-thirds of SMEs are now taking steps to reduce their dependence, with around 17% having partly switched to European alternatives such as a different cloud, a local AI model or other software, against 12% of large firms – which Krauwer said find it harder to move.