Deze publicatie maakt gebruik van cookies

We gebruiken functionele en analytische cookies om onze website te verbeteren. Daarnaast plaatsen derde partijen tracking cookies om gepersonaliseerde advertenties op social media weer te geven. Door op accepteren te klikken gaat u akkoord met het plaatsen van deze cookies.

Proximus NXT Cybersecurity Survey Report 2024

Cyber attacks frequently made national headlines in 2023. The diverse activities and scale of the organizations targeted indicate that every company is a potential target. How do Belux companies perceive this threat and what means are they deploying to combat it? Together with trading partners Proximus SpearIT, Davinsi Labs and Telindus Luxembourg, Proximus NXT polled CEOs, CIOs and other decision-makers on the topic for the fifth consecutive year.

The impact of cybersecurity on businesses in Belgium and Luxembourg

Chapter 1

Cybersecurity incidents

Due to digital transformation, working from home and the rise of new technologies, the ‘attack surface’ of cybercriminals is increasing year after year. At the same time, hackers are increasingly better organized and employ more sophisticated modes of attack. According to the International Monetary Fund, the number of incidents has more than doubled since the Covid pandemic. It goes without saying that Belux companies are also targets.

One in three

9%
30%
61%

I don't know

Yes

No

Has your company been forced to deal with cybersecurity incidents in the past 12 months?

In 2023, 30% of respondents report having experienced a cybersecurity incident*, a percentage in line with the previous year’s results. That over a third of ‘incident-free’ participants admitted to having little confidence in their ability to detect incidents may indicate an underestimate.

Larger organizations more frequently affected

Of the respondents who were aware of a cyber attack, more than 80% recorded fewer than 6 incidents. Nearly two in 10 of the impacted companies recorded more than 5 attacks. Remarkably, in 22% of cases, those who did not detect incidents did not know whether their organization had neutralized attacks.

Larger organizations (with 250 or more employees) are more likely to fall prey to cybersecurity incidents than small and medium-sized businesses (with 10 to 249 employees). Among very large companies (+ 2,000 employees), 45% reported experiencing an incident in the past 12 months. This could be because very large companies are better able to detect attacks, or because they are more likely to be attacked due to the larger attack area.

Amount of employees

I don't know

No

Yes

Has your company faced one or more cybersecurity incidents in the last 12 months?

Number of detected incidents

How many cybersecurity incidents have been detected within your organization during the last 12 months?

(*) Any event or action such as ransomware, phishing, DDoS attacks, etc., that has affected the confidentiality, integrity and availability of an organization’s information systems, and has resulted in loss of productivity, legal consequences, reputational damage, data loss, etc.

Chapter 2

Types of incidents and their impact

According to Verizon's 2024 Data Breach Investigations Report, 62% of financially motivated incidents involved ransomware or extortion. Verizon calculated the median loss at $46,000 per breach. However, financial losses from incidents also happen due to data corruption and destruction, loss of productivity, and theft of intellectual property or personal data.

Types of incidents

What type of incident(s) did your company experience?

Intentional or not?

Three-quarters of respondents had experienced social engineering attacks, such as phishing, vishing and smishing. In these cases, cybercriminals exploit human psychology to gain unauthorized access or extract sensitive information. This high prevalence underlines the need for robust defenses and ongoing awareness-raising of employees. Note, too, the emergent use of deep fakes with which cybercriminals are attempting to deceive them.

Nearly half the affected companies declared malware incidents. Three-quarters of these cases were combined with ransomware. These proportions remain fairly stable compared to the previous year.

Imperfections in software code or system configurations create vulnerabilities. They compromise data integrity and security and represent 41% of the reported cases.

A quarter of incidents were the result of carelessness or inadvertent mistakes by employees. For example, wrong configurations or unintentional clicks can lead to a security breach. Nearly 30% of incidents were intentionally committed by internal or external parties who purposefully carried out attacks. A combination of both factors was involved in 44% of cases. The results of Verizon’s 2024 Data Breach Investigation Report confirm these figures. They found that inadvertent errors were the root cause in 68% of investigated incidents.

3%
25%
28%
44%

Accidental

I don't know

Intentional

Both accidental and intentional

The incident(s) that occured were:

Consequences of the incidents

Infrastructure and data

Cyber incidents affect devices such as laptops, desktops and/or mobile devices in nearly half of incidents. Cloud infrastructure, servers and network infrastructure are also frequently damaged. Equally disastrous and possibly even more far-reaching is the impact on customer information (22%), operational data (19%), and intellectual property or employee data (both 11%).

What physical assets were impacted?

What digital assets were impacted?

Financial impact

Nearly half of respondents reported decreased productivity resulting from cybersecurity incidents. A similar number reported attack-related costs, including notifying authorities, customers and stakeholders.

Reputational damage, including negative publicity, loss of trust and damage to brand image, also occurs frequently. Surprisingly, about 30% of respondents reported that they had not experienced any direct financial impact or damage. This may be due to effective security measures or incidents that did not directly affect the company profits.

Cyber incidents prevented employees from performing their duties in one in four of the affected targets. This is down from the 2023 cybersecurity report (30%). In most cases, the unavailability was limited to only a few employees for up to one week.

(*) Scam by telephone (voice) in which the criminals trick the victim into passing on private information.

(**) Scammer pretends to be a trusted source (bank, government, etc.) by text message and tries to obtain personal or financial information.

AI and cybersecurity

Artificial intelligence (AI) is finding its way into every business environment. It helps organizations work more efficiently and generates extra insights. A dual picture is emerging in the field of cybersecurity. AI helps to detect threats faster but, at the same time, offers hackers an additional attack weapon. Hence, AI is creating a new dynamic in the field of cybercrime, where the message is more than ever to proactively undertake the necessary actions and take on a strong partner.

Almost half

What was the impact of the cybersecurity incident(s) on your company over the last 12 months?

Chapter 3

Cybersecurity maturity & strategy

Cyber attacks can manifest themselves in any business department. A sophisticated strategy that covers the entire organization is, therefore, essential.

IT leaders show low confidence in their internal and external communications and public relations concerning incidents. They also rate their ability to contain and eradicate threats as weak.

Identify, Protect, Detect, Respond & Recover is a popular framework from NIST to map cybersecurity actions. It shows that among those surveyed, predicting and identifying (Identify) potential risks is the least well established. Prevention and detection are already better, but there is still room for improvement. The average level of practicality lies in taking the necessary actions (Respond) and the recovery process (Recover).

Large companies are more likely to have higher cybersecurity maturity across the five core functions of the framework. On the other hand, there is still room for growth among SMEs, especially in Identify and Respond.

High confidence

Low confidence

external

communication

lessons learned

implementation

Does your company have a cybersecurity incident response process in place and how confident are you in your incident management capabilities?

Yes large enterprises

Yes SMB

Does your company have a cybersecurity strategy in place?

Recovery action

Recovery took one to four weeks for a fifth of the companies. Nearly 28% purchased cybersecurity insurance, while a quarter of respondents consider such a policy unnecessary. Another portion of the companies surveyed are looking into it or are unaware of the current status of their insurance.

Reasons not to purchase insurance:
- Cost-related
- A policy that does not cover the risk
- Management and organizational factors

Has your company subscribed to a cybersecurity insurance policy?

Chapter 4

ICT department
and staff

The ‘war for talent’ rages fiercely within the IT and cybersecurity sectors. For many companies, it is difficult to recruit and retain those possessing the right profiles. An Agoria survey showed that the cybersecurity sector had more than 1,200 job openings, at a rate of 16%, higher than the IT sector. Consequently, given the ever-increasing attack intensity, the gap between desired and available cybersecurity competencies is only widening.

More than half

Internal action or outsourcing?

About four companies in ten rely exclusively on internal IT staff to monitor cyber threats. Over 30% employ a hybrid model, using both internal IT and Managed Security Services Providers (MSSPs). Surprisingly, 13% of companies do not have designated staff or required monitoring tools for cybersecurity alerts.

Who monitors the cybersecurity alerts of your company?

Skill gap

More than half of respondents experienced a shortage of specialized personnel in the security department. That’s significantly higher than the previous year when 36% struggled with a gap in cybersecurity skills. That higher percentage clashes somewhat with the observation that a significant number of companies rely purely on their own IT department. However, a significant portion of decision-makers do intend to close the skills gap through hiring. Surprisingly, a quarter of respondents have no concrete strategy in that regard.

How do you intend to close the skill gap in your security department?

The survey report indicates a growing awareness. Most companies recognize the importance of education and carry out active campaigns. This is never the case for nearly a fifth of organizations. While that percentage is still high, it is the half of the previous year’s cybersecurity survey.

How often does your company organize cybersecurity awareness campaigns (training, phishing test emails, etc.)?

Chapter 5

A look to
the future

In the rapidly changing world of cybersecurity, inaction is not an option. A proactive approach that includes the necessary reactive processes ideally figures high on the agenda of every organization.

More than one in five

For almost all respondents, concerns about incidents were at least as high as the previous year. For most, it had even increased. Technical complexity is increasing due to the growing number of cybersecurity solution providers. More than 80% of respondents engage fewer than 10 security partners to secure their organizations. Half expect stabilization, while more than 20% expect an increase.

1%
45%
54%

May concern has decreased

My concern has increased

My concern stayed the same

Has your concern about the possibility of facing a cybersecurity incident increased or decreased in the last 12 months?

Evolution of cybersecurity budgets

Nearly half of the surveyed organizations plan to maintain current spending levels. However, a significant portion want to boost the cybersecurity budget, despite the overall increased pressure on spending in the business sector. These figures are similar to those of the previous year.

1%
14%
15%
22%
48%

Will strongly decrease (-20%)

I don't know

I cannot disclose this information

Will strongly increase (+20%)

Will stay the same

What is the evolution of your organization's cybersecurity budget for the next 12 months?

The four priorities for the next 12 months

Participants in this survey consider the following four elements to be top priorities for the coming year:

1. Operational readiness

Organizations prioritized asset management, vulnerability management and maintaining robust monitoring systems. The ability to respond appropriately to incidents and backup redundancy are critical.

2. User awareness & training

3. Risk & compliance

4. Security measures

How resilient would your organization be in the event of a cyber incident? Learn how to increase your company’s cyber resilience and cybersecurity maturity in six steps.

Secure your business in six steps

The impact of cybersecurity on businesses in Belgium and Luxembourg

Cyber attacks frequently made national headlines in 2023. The diverse activities and scale of the organizations targeted indicate that every company is a potential target. How do Belux companies perceive this threat and what means are they deploying to combat it? Together with trading partners Proximus SpearIT, Davinsi Labs and Telindus Luxembourg, Proximus NXT polled CEOs, CIOs and other decision-makers on the topic for the fifth consecutive year.

Proximus NXT Cybersecurity Survey Report 2024

How many cybersecurity incidents have been detected within your organization during the last 12 months?

(*) Any event or action such as ransomware, phishing, DDoS attacks, etc., that has affected the confidentiality, integrity and availability of an organization’s information systems, and has resulted in loss of productivity, legal consequences, reputational damage, data loss, etc.

Amount of employees

I don't know

No

Yes

Has your company faced one or more cybersecurity incidents in the last 12 months?

Of the respondents who were aware of a cyber attack, more than 80% recorded fewer than 6 incidents. Nearly two in 10 of the impacted companies recorded more than 5 attacks. Remarkably, in 22% of cases, those who did not detect incidents did not know whether their organization had neutralized attacks.

Number of detected incidents

Larger organizations more frequently affected

Larger organizations (with 250 or more employees) are more likely to fall prey to cybersecurity incidents than small and medium-sized businesses (with 10 to 249 employees). Among very large companies (+ 2,000 employees), 45% reported experiencing an incident in the past 12 months. This could be because very large companies are better able to detect attacks, or because they are more likely to be attacked due to the larger attack area.

In 2023, 30% of respondents report having experienced a cybersecurity incident*, a percentage in line with the previous year’s results. That over a third of ‘incident-free’ participants admitted to having little confidence in their ability to detect incidents may indicate an underestimate.

I don't know

Yes

No

Has your company been forced to deal with cybersecurity incidents in the past 12 months?

9%
30%
61%

One in three

Due to digital transformation, working from home and the rise of new technologies, the ‘attack surface’ of cybercriminals is increasing year after year. At the same time, hackers are increasingly better organized and employ more sophisticated modes of attack. According to the International Monetary Fund, the number of incidents has more than doubled since the Covid pandemic. It goes without saying that Belux companies are also targets.

Cybersecurity incidents

Chapter 1

Three-quarters of respondents had experienced social engineering attacks, such as phishing, vishing and smishing. In these cases, cybercriminals exploit human psychology to gain unauthorized access or extract sensitive information. This high prevalence underlines the need for robust defenses and ongoing awareness-raising of employees. Note, too, the emergent use of deep fakes with which cybercriminals are attempting to deceive them.

Nearly half the affected companies declared malware incidents. Three-quarters of these cases were combined with ransomware. These proportions remain fairly stable compared to the previous year.

Imperfections in software code or system configurations create vulnerabilities. They compromise data integrity and security and represent 41% of the reported cases.

Almost half

(*) Scam by telephone (voice) in which the criminals trick the victim into passing on private information.

(**) Scammer pretends to be a trusted source (bank, government, etc.) by text message and tries to obtain personal or financial information.

AI and cybersecurity

Artificial intelligence (AI) is finding its way into every business environment. It helps organizations work more efficiently and generates extra insights. A dual picture is emerging in the field of cybersecurity. AI helps to detect threats faster but, at the same time, offers hackers an additional attack weapon. Hence, AI is creating a new dynamic in the field of cybercrime, where the message is more than ever to proactively undertake the necessary actions and take on a strong partner.

Reputational damage

No costs, no damage

Other costs or negative impact: re-installation

Reduced productivity

Costs / resources linked to the reporting of the incident(s)

What was the impact of the cybersecurity incident(s) on your company over the last 12 months?

Nearly half of respondents reported decreased productivity resulting from cybersecurity incidents. A similar number reported attack-related costs, including notifying authorities, customers and stakeholders.

Reputational damage, including negative publicity, loss of trust and damage to brand image, also occurs frequently. Surprisingly, about 30% of respondents reported that they had not experienced any direct financial impact or damage. This may be due to effective security measures or incidents that did not directly affect the company profits.

Cyber incidents prevented employees from performing their duties in one in four of the affected targets. This is down from the 2023 cybersecurity report (30%). In most cases, the unavailability was limited to only a few employees for up to one week.

Financial impact

Employee information

Intellectual property

Operational data

Customer information

What digital assets were impacted?

Office equipment

Machines

Network infrastructure

Cloud infrastructure, servers

Laptops, desktops,
mobile devices

What physical assets were impacted?

Infrastructure and data

Cyber incidents affect devices such as laptops, desktops and/or mobile devices in nearly half of incidents. Cloud infrastructure, servers and network infrastructure are also frequently damaged. Equally disastrous and possibly even more far-reaching is the impact on customer information (22%), operational data (19%), and intellectual property or employee data (both 11%).

Consequences of the incidents

25%
3%
28%
44%

Accidental

I don't know

Intentional

Both accidental and intentional

The incident(s) that occured were:

A quarter of incidents were the result of carelessness or inadvertent mistakes by employees. For example, wrong configurations or unintentional clicks can lead to a security breach. Nearly 30% of incidents were intentionally committed by internal or external parties who purposefully carried out attacks. A combination of both factors was involved in 44% of cases. The results of Verizon’s 2024 Data Breach Investigation Report confirm these figures. They found that inadvertent errors were the root cause in 68% of investigated incidents.

Intentional or not?

Social engineering

Malware

Software bug / misconfiguration

Web application attack

Policy violation

Theft / loss of devices

Violation of regulations

Identity theft

Ransomware

Unauthorized activities

Denial of Service attack

Data leak

Zero day, exploit of vulnerabilities

Cyber espionage

Advanced Persistent Threat

What type of incident(s) did your company experience?

Types of incidents

According to Verizon's 2024 Data Breach Investigations Report, 62% of financially motivated incidents involved ransomware or extortion. Verizon calculated the median loss at $46,000 per breach. However, financial losses from incidents also happen due to data corruption and destruction, loss of productivity, and theft of intellectual property or personal data.

Types of incidents and their impact

Chapter 2

IT leaders show low confidence in their internal and external communications and public relations concerning incidents. They also rate their ability to contain and eradicate threats as weak.

No, but currently under assessment

Not yet, but will be done within the next 12 months

No, for other reason namely:

I don't know

Yes

No, we don't need such an insurance

Has your company subscribed to a cybersecurity insurance policy?

Reasons not to purchase insurance:
- Cost-related
- A policy that does not cover the risk
- Management and organizational factors

Yes large enterprises

Yes SMB

Does your company have a cybersecurity strategy in place?

external

communication

lessons learned

implementation

Does your company have a cybersecurity incident response process in place and how confident are you in your incident management capabilities?

High confidence

Low confidence

Recovery action

Recovery took one to four weeks for a fifth of the companies. Nearly 28% purchased cybersecurity insurance, while a quarter of respondents consider such a policy unnecessary. Another portion of the companies surveyed are looking into it or are unaware of the current status of their insurance.

Identify, Protect, Detect, Respond & Recover is a popular framework from NIST to map cybersecurity actions. It shows that among those surveyed, predicting and identifying (Identify) potential risks is the least well established. Prevention and detection are already better, but there is still room for improvement. The average level of practicality lies in taking the necessary actions (Respond) and the recovery process (Recover).

Large companies are more likely to have higher cybersecurity maturity across the five core functions of the framework. On the other hand, there is still room for growth among SMEs, especially in Identify and Respond.

Cyber attacks can manifest themselves in any business department. A sophisticated strategy that covers the entire organization is, therefore, essential.

Cybersecurity maturity & strategy

Chapter 3

Several times a year

Never

Once a year

Continously

How often does your company organize cybersecurity awareness campaigns (training, phishing test emails, etc.)?

The survey report indicates a growing awareness. Most companies recognize the importance of education and carry out active campaigns. This is never the case for nearly a fifth of organizations. While that percentage is still high, it is the half of the previous year’s cybersecurity survey.

Reskilling or internal promotion of internal IT staff

By using freelancers or external consultants

No strategy in place

I don't know

Recruitment

Outsourcing

How do you intend to close the skill gap in your security department?

More than half of respondents experienced a shortage of specialized personnel in the security department. That’s significantly higher than the previous year when 36% struggled with a gap in cybersecurity skills. That higher percentage clashes somewhat with the observation that a significant number of companies rely purely on their own IT department. However, a significant portion of decision-makers do intend to close the skills gap through hiring. Surprisingly, a quarter of respondents have no concrete strategy in that regard.

Skill gap

No one / we don't have monitoring tools

Both internal IT staff and MSSP

Mother / sister company

Other

IT partner / MSSP

Own internal IT staff

Who monitors the cybersecurity alerts of your company?

Internal action or outsourcing?

About four companies in ten rely exclusively on internal IT staff to monitor cyber threats. Over 30% employ a hybrid model, using both internal IT and Managed Security Services Providers (MSSPs). Surprisingly, 13% of companies do not have designated staff or required monitoring tools for cybersecurity alerts.

More than half

The ‘war for talent’ rages fiercely within the IT and cybersecurity sectors. For many companies, it is difficult to recruit and retain those possessing the right profiles. An Agoria survey showed that the cybersecurity sector had more than 1,200 job openings, at a rate of 16%, higher than the IT sector. Consequently, given the ever-increasing attack intensity, the gap between desired and available cybersecurity competencies is only widening.

ICT department
and staff

Chapter 4

How resilient would your organization be in the event of a cyber incident? Learn how to increase your company’s cyber resilience and cybersecurity maturity in six steps.

Secure your business in six steps

Organizations prioritized asset management, vulnerability management and maintaining robust monitoring systems. The ability to respond appropriately to incidents and backup redundancy are critical.

1. Operational readiness

The four priorities for the next 12 months

Participants in this survey consider the following four elements to be top priorities for the coming year:

14%
1%
15%
22%
48%

Will strongly decrease (-20%)

I don't know

I cannot disclose this information

Will strongly increase (+20%)

Will stay the same

What is the evolution of your organization's cybersecurity budget for the next 12 months?

1%
45%
54%

May concern has decreased

My concern has increased

My concern stayed the same

Has your concern about the possibility of facing a cybersecurity incident increased or decreased in the last 12 months?

Evolution of cybersecurity budgets

Nearly half of the surveyed organizations plan to maintain current spending levels. However, a significant portion want to boost the cybersecurity budget, despite the overall increased pressure on spending in the business sector. These figures are similar to those of the previous year.

For almost all respondents, concerns about incidents were at least as high as the previous year. For most, it had even increased. Technical complexity is increasing due to the growing number of cybersecurity solution providers. More than 80% of respondents engage fewer than 10 security partners to secure their organizations. Half expect stabilization, while more than 20% expect an increase.

More than one in five

In the rapidly changing world of cybersecurity, inaction is not an option. A proactive approach that includes the necessary reactive processes ideally figures high on the agenda of every organization.

A look to
the future

Chapter 5