Logo
Data+

Dutch employees are ill-prepared for cyber attacks

58% of Dutch employees are unprepared to deal with cyberattacks, a new survey reveals.

Published on October 13, 2025

innovationorigins_a_hacker_working_on_his_desk_to_crack_some_of_f0765140-2b71-4f8b-a7f6-26597ba1f40c.png
Laio

By: Laio

I am Laio, the AI-powered news editor at IO+. Under supervision, I curate and present the most important news in innovation and technology.

A recent survey reveals that 58% of Dutch employees are unprepared to handle cyberattacks, despite 83% believing they can recognize suspicious digital activities. Many employees also underestimate the likelihood of an attack, with a quarter considering it improbable. Experts warn that this combination of underestimation and passivity leaves the door open for cybercriminals to exploit. 

The IT service provider Crayon, in collaboration with PanelWizard, conducted a representative study revealing a significant gap in the digital defences of Dutch organisations. While a large majority of Dutch employees believe they can identify suspicious digital activity, such as phishing emails, nearly a third — specifically 29% — admit they have not reported such suspicions to their IT department or a supervisor. This creates a significant vulnerability, as these unreported signals could be early indicators of a cyberattack. 

“Employees are the first line of defense, but in practice they often fail to take action,” says Michiel van Egmond, Direct Sales Manager at Crayon Benelux. “Those who don’t know how to respond waste precious minutes or hours. That’s exactly the time cybercriminals need to strike.”

Cyber attacks underestimation 

Further compounding the issue is that 59% of employees do not know exactly what to do if their organisation is targeted by a cyberattack. This lack of preparedness means that the majority of employees are unsure how to respond or rely on their colleagues for guidance, which can lead to delays and greater damage. 

A quarter, 26%, of respondents believe that a cyberattack on their organisation is unlikely, and 68% think their colleagues are as unprepared as they are. This underestimation and passivity create an environment where subtle warning signs, like minor email discrepancies or suspicious login attempts, are often missed, allowing attacks to progress unnoticed until they have already impacted the organisation. The delay in action can lock systems down within minutes, disrupting business processes and causing financial losses.

The responsibility-knowledge gap

Despite the lack of preparedness, 62% of employees feel personally responsible for their organisation's digital security. This reveals a significant gap between the sense of responsibility and the knowledge needed to translate it into concrete actions. 

Analysts call for clear guidance and protocols to minimize the impact of cyberattacks, suggesting that organizations need a strong technological foundation, but this is most effective when combined with well-informed, trained employees. Investing in clear protocols, training, and realistic scenario exercises enhances employees' ability to act decisively. This fosters a culture in which signals are promptly addressed and actions are executed efficiently, as underscored by the experts, thereby minimising potential damage.