1 in 5 companies suffered damage from cyber attacks in 2024
ABN AMBRO study: cyber resilience of Dutch businesses lags behind threat level.
Published on May 21, 2025
.jpg&w=3840&q=75){kind=small}
Team IO+ selects and features the most important news stories on innovation and technology, carefully curated by our editors.
One in five Dutch companies suffered damage as a result of a cyber attack in 2024. For large companies, this figure rises to three in ten. The most common consequences were financial losses, followed by data loss and operational disruptions. These are the findings of a survey on cybersecurity conducted by ABN AMRO and MWM2 among 788 companies.
Almost all of the organisations surveyed have been victims of cyber incidents at some point. Despite this, confidence in their resilience to digital breaches remains high. This is particularly true for smaller companies. They focus primarily on prevention, such as antivirus programmes and firewalls.
However, they take too few proactive measures to detect cyber attacks, respond to an attack, or recover from a hack. According to ABN AMRO, this is worrying because the financial damage can quickly mount and even pose a strategic risk if customers lose confidence in the company, critical processes are disrupted for long period,s or intellectual property is stolen.
Geopolitical tensions create new threats
New threats, such as generative AI and deepfakes, are making the playing field even more complex. Moreover, geopolitically motivated attacks continue unabated. Yet there is a big difference between companies' perception of risk and the dangers they face from such attacks. This is worrying, says Julia Krauwer, sector banker TMT at ABN AMRO. ‘Geopolitical tensions lead to cyber incidents, even in the Netherlands. State actors are targeting the digital chains of companies and often collaborate with cybercriminals,’ says Krauwer. ‘Authoritarian regimes are using digital channels to create chaos and weaken Europe. They attack specific targets, such as critical infrastructure and the healthcare sector, via weaker links in the chain. It is therefore important that every organisation takes responsibility for its collective digital resilience. Yet only 9% of companies consider state actors to be a serious threat.’
Companies insufficiently prepared for new European regulations
With the introduction of the NIS2 Directive and the Cyber Resilience Act, Brussels wants to strengthen the digital resilience of essential and important sectors. NIS2 obliges companies to implement risk management, report incidents, and take chain responsibility, among other things. However, awareness of this directive is still limited. Krauwer: ‘Only two out of three large companies and less than half of SMEs are familiar with the NIS2 obligations. Although many SMEs do not have to comply with NIS2 directly due to their size, they do run the risk of being indirectly affected by the law. SMEs may be surprised when NIS2-compliant customers ask about their cybersecurity and impose requirements on them. In addition, many companies that must comply with these obligations still have to take the final steps. They must do so, as the law will come into force in the third quarter of this year.’
