00-bg-gradient.png

Nowadays, cybersecurity is largely an exercise in risk management. As a business, you have to determine which IT risks you can and are willing to accept, as well as what it will cost your business to maintain that level of risk. The digital revolution (accelerated by COVID-19) has increased cyber risks. Moreover, hackers have access to new technologies, exposing your business to more cyber attacks than ever. All this affects your bottom line.

International research agencies regularly study the cybersecurity landscape. But their statistics do not always reflect the situation for businesses in Belgium and the Netherlands. Which is why Proximus, in partnership with Proximus SpearIT, Davinsi Labs and Telindus Nederland, organized its own research among its customers.

How companies 

manage

cybersecurity

Research report – Belgium and the Netherlands
00-mo-pxs.png
00-ic-mousescroll.png

Proud member of proximusaccelerators.eu

00-lo-davinsi.png 00-lo-telindus.png 00-lo-spearit.png
00-img-laptopwide.jpg

of the respondents were confronted with a cyber incident in 2020

By this we mean any malicious event or action that threatens the reliability, integrity and/or availability of the information systems of a business (the receipt of phishing e-mail, data breaches, unauthorized access, etc. with or without consequences or damage).

50%

The 7 main conclusions of the survey

01-bg.png (copy)
01-number.png

Every organization – big or small – is a potential target

Smaller businesses often think – wrongly – that their data or business is not sufficiently interesting to cybercriminals. SMEs have just as interesting and sensitive data, such as information on customers or companies, intellectual property rights, etc. These data are first and foremost of vital importance to the business itself.

And a data leak or cyber attack is all it takes to damage the relationship of trust with customers, partners or suppliers.

The simple application of a few basic principles in cybersecurity can quickly make a huge difference for small and medium-sized organizations.

Cybersecurity voor bedrijven

1 in 2 respondents were confronted with a cyber incident in 2020.*

*

By this we mean any malicious event or action that threatens the reliability, integrity and/or availability of the information systems of a business (the receipt of phishing e-mail, data breaches, unauthorized access, etc. with or without consequences or damage).

54%

34%

12%

01-graph1.png
2020

54% experienced an incident

00-leg-geel.png

34% experienced no incident

00-leg-rood.png

12% don’t know

00-leg-blauw.png

> 2.000
employees

100 – 250  employees

250 – 2.000
employees

< 100
employees 

Cyber incidents in small-to-large businesses

01-graph2.png

don’t know

00-leg-geel.png (copy)

had an incident

00-leg-rood.png (copy)

had no incident

00-leg-blauw.png (copy)

Conclusion

57%

of the businesses with fewer than 100 personnel stated that they had not experienced an incident.

From our 2019 survey it appears that 19% of SMEs (the Netherlands: mkb) were the victim of a cyber incident. 

That figure rose in 2020 by 23%, meaning that 42% were the victim of a cyber incident.    

*An SME is a company with less than 250 employees. Companies of <100 and 100 - 250 employees fit within this category.

86%

of the businesses with more than 2,000 employees did encounter one or more incidents.

12%

of the businesses surveyed don’t know whether or not they went without incident.

01-graph3.png

19%

42%

01-bg.png (copy)
02-number.png
00-leg-geel.png

Phishing is the most common attack

During the lockdown hackers launched 19% more phishing attacks than ever before. They tried to profit from poorly secured home workstations to steal data or spread malware.

Insider threat

02-graph1.png

7%

34%

16%

16%

7%

4%

9%

Spear-phishing

00-leg-blauw.png (copy)

Web-based

00-leg-geel.png (copy1)

Phishing

00-leg-geel.png (copy)

Malware

00-leg-rood.png (copy)

DDoS

00-leg-geel.png (copy1)

Drive-by

00-leg-rood.png (copy1)

Unintentional data loss

00-leg-blauw.png (copy1)
02-graph1.png (copy)

7%

52%

33%

8%

Other

00-leg-blauw.png (copy1)

Virus

00-leg-geel.png (copy1)

Ransomware

00-leg-rood.png (copy1)

Unknown

00-leg-geel.png (copy2)

Malware

Specific cybersecurity incidents in 2020

75% of the attacks come from outside the business

3 out of 4 respondents had experienced an incident that came from outside the business, while 1 in 5 was confronted with insider threats.

01-graph1.png (copy1)

75%

20%

5%

2020

75% External

00-leg-geel.png (copy1)

20% Internal (insider threat)

00-leg-rood.png (copy1)

5% I don’t know

00-leg-blauw.png (copy1)

Top 3 cyber incidents in 2020

3.    Spear-phising: 16%

01-bg.png (copy)
03-number.png
00-leg-geel.png

An incident is sometimes overlooked

For 7 out of 10 respondents, the incident was discovered internally, while 15% were alerted by a third party. An incident cannot always be identified instantly. It demands continuous monitoring and system analysis.

01-graph1.png (copy)

16%

69%

13%

2%

2020

Discovered internally: 69%

00-leg-geel.png (copy)

Flagged up by third party: 16%

00-leg-rood.png (copy)

I don’t know: 2%

00-leg-blauw.png (copy)

Other: 13%  

00-leg-blauw.png (copy1)
01-bg.png (copy)
04-number.png
00-leg-geel.png

The consequences of an incident are often severe

Take note: 92% of the businesses that had already experienced a cyber incident are concerned to very concerned about being a victim a second time. Of those businesses that hadn’t yet been attacked, 18% indicated not being concerned at all.

technical unemployment

9%
4%

loss of business data

actual cost

€ 136.000

business standstill

38%

Less than a week: 77%

00-leg-geel.png (copy)

Between 1 and 4 weeks: 15%

00-leg-rood.png (copy)

Between 3 and 6 months: 2%

00-leg-blauw.png (copy)

Longer than 6 months: 2%

00-leg-blauw.png (copy1)

The problem is still not resolved: 2%

00-leg-blauw.png (copy2)

I don’t know: 2%

00-leg-blauw.png (copy3)
02-graph1.png (copy)

2%

2%

77%

15%

2%

2%

Time out period elapsed before situation was back under control:

01-bg.png (copy)
05-number.png
00-leg-geel.png

50% of the organizations have no active cybersecurity strategy

1 in 2 businesses in Belgium and the Netherlands has no active cybersecurity strategy or doesn’t know if they have one.

What is zero-trust security?

01-graph1.png (copy1)

27%

49%

9%

15%

15% have no strategy

00-leg-blauw.png (copy1)

49% have an active/developed strategy

00-leg-geel.png (copy1)

27% are developing a strategy

00-leg-rood.png (copy1)

9% don’t know if there is a strategy

00-leg-geel.png (copy2)

3 major motivations for the implementation of cybersecurity measures

3 major obstacles to the implementation of cybersecurity measures

Cybersecurity is a huge cost for businesses and is rarely if ever included in the budget. In many organizations there is still the perception that cybersecurity means huge costs and little to no ROI.

1. Financial

2. Business culture

If a strategy is not supported by management, then employees are not aware of the importance of cybersecurity and no one cares about it.

The IT environment – often in small businesses – is barely or never monitored. Lack of knowledge, capacity and/or personnel is the cause of this.

3. Resources

Business data on mobile devices

01-bg.png (copy)
06-number.png
00-leg-geel.png

Shortage of IT support

Almost 4 in 10 respondents admit to having a shortage of specialist people in the IT department. Of those businesses with more than 2,000 employees, 43% reported a shortage of cybersecurity employees.

22% of respondents said they had no cybersecurity employees at all. Of the businesses with fewer than 100 employees, 40% had no cybersecurity team.

06-graph1.png

68%

22%

5%

11-20: 5%

00-leg-blauw.png (copy)

0 employees: 22%

00-leg-geel.png (copy)

1-10: 68%

00-leg-rood.png (copy)

31-50: 1%

00-leg-geel.png (copy1)

51-100: 2%

00-leg-rood.png (copy1)

>100: 2%

00-leg-blauw.png (copy1)
02-graph1.png (copy)

3%

54%

39%

4%

Nobody: 4%

00-leg-blauw.png (copy1)

Own IT staff: 54%

00-leg-geel.png (copy1)

IT partner: 39%

00-leg-rood.png (copy1)

Other: 3%

00-leg-geel.png (copy2)

Number of cybersecurity employees in the IT department

Who manages and monitors the cybersecurity infrastructure?

01-bg.png (copy)
07-number.png
00-leg-geel.png
01-graph1.png (copy1)

30%

31%

6%

7%

26%

Several times a year: 30%

00-leg-blauw.png (copy1)

None: 26%

00-leg-geel.png (copy1)

Once a year: 31%

00-leg-rood.png (copy1)

Other: 6%

00-leg-geel.png (copy2)

I don’t know: 7%

00-leg-geel.png (copy3)
Number of businesses that give employees cybersecurity awareness training

Cybersecurity priorities for 2021

The study shows that many businesses are still suffering from a shortage of IT support. In addition, there are also businesses that have no strategy or are still developing one. 1 in 4 businesses do not give cybersecurity awareness training to their employees.

Our respondents know that they can and ought to do better. The three top cybersecurity priorities for 2021 are:

1. raising awareness among and training of employees
2. investing in technology
3. developing a cybersecurity strategy 

Organizing small activities a few times a year, like a poster campaign or a stand in a central space in the building, can have a much bigger impact. Cybercrime is evolving at breakneck speed, which is why it is important to devote constant attention to the training of your personnel. With (online) mini-training sessions, your employees will constantly be aware of your business security approach.

The cybersecurity landscape is a constantly moving picture. It is best to prepare your organization for protecting new technologies and possible cyber incidents.

The 13 cybersecurity trends and risks of 2021

Discover the Proximus 360°approach to making your organization secure. Pick and choose what you want: from total outsourcing to specific cybersecurity services.

Secure your business in 4 easy steps

00-bg-gradient.png
Research report – Belgium and the Netherlands

Nowadays, cybersecurity is largely an exercise in risk management. As a business, you have to determine which IT risks you can and are willing to accept, as well as what it will cost your business to maintain that level of risk. The digital revolution (accelerated by COVID-19) has increased cyber risks. Moreover, hackers have access to new technologies, exposing your business to more cyber attacks than ever. All this affects your bottom line.

International research agencies regularly study the cybersecurity landscape. But their statistics do not always reflect the situation for businesses in Belgium and the Netherlands. Which is why Proximus, in partnership with Proximus SpearIT, Davinsi Labs and Telindus Nederland, organized its own research among its customers.

Proud member of proximusaccelerators.eu

00-lo-davinsi.png 00-lo-telindus.png 00-lo-spearit.png

How companies 

cybersecurity

manage

00-lo-color.png (copy)
00-img-laptop.jpg

50%

By this we mean any malicious event or action that threatens the reliability, integrity and/or availability of the information systems of a business (the receipt of phishing e-mail, data breaches, unauthorized access, etc. with or without consequences or damage).

of the respondents were confronted with a cyber incident in 2020

The 7 main conclusions of the survey

Smaller businesses often think – wrongly – that their data or business is not sufficiently interesting to cybercriminals. SMEs have just as interesting and sensitive data, such as information on customers or companies, intellectual property rights, etc. These data are first and foremost of vital importance to the business itself.

And a data leak or cyber attack is all it takes to damage the relationship of trust with customers, partners or suppliers.

The simple application of a few basic principles in cybersecurity can quickly make a huge difference for small and medium-sized organizations.

Cybersecurity voor bedrijven

From our 2019 survey it appears that 19% of SMEs (the Netherlands: mkb) were the victim of a cyber incident. 

That figure rose in 2020 by 23%, meaning that 42% were the victim of a cyber incident.    

*An SME is a company with less than 250 employees. Companies of <100 and 100 - 250 employees fit within this category.

01-bg-mobile.jpg
01-number.png

Every organization – big or small – is a potential target

12%

of the businesses surveyed don’t know whether or not they went without incident.

86%

of the businesses with more than 2,000 employees did encounter one or more incidents.

Conclusion

57%

of the businesses with fewer than 100 personnel stated that they had not experienced an incident.

54%

34%

12%

01-graph1.png
2020

54% experienced an incident

00-leg-geel.png

34% experienced no incident

00-leg-rood.png

12% don’t know

00-leg-blauw.png
*

By this we mean any malicious event or action that threatens the reliability, integrity and/or availability of the information systems of a business (the receipt of phishing e-mail, data breaches, unauthorized access, etc. with or without consequences or damage).

1 in 2 respondents were confronted with a cyber incident in 2020.*

Cyber incidents in small-to-large businesses

don’t know

00-leg-geel.png (copy)

had an incident

00-leg-rood.png (copy)

had no incident

00-leg-blauw.png (copy)

< 100
employees 

250 – 2.000
employees

> 2.000
employees

100 – 250  employees

01-graph2.png
01-graph3.png

19%

42%

02-bg-mobile.jpg
02-number.png

Phishing is the most common attack

Insider threat

During the lockdown hackers launched 19% more phishing attacks than ever before. They tried to profit from poorly secured home workstations to steal data or spread malware.

02-graph1.png

7%

34%

16%

16%

7%

4%

9%

Spear-phishing

00-leg-blauw.png (copy)

Web-based

00-leg-geel.png (copy1)

Phishing

00-leg-geel.png (copy)

Malware

00-leg-rood.png (copy)

DDoS

00-leg-geel.png (copy1)

Drive-by

00-leg-rood.png (copy1)

Unintentional data loss

00-leg-blauw.png (copy1)

Specific cybersecurity incidents in 2020

01-graph1.png (copy1)

75%

20%

5%

2020

75% External

00-leg-geel.png (copy1)

20% Internal (insider threat)

00-leg-rood.png (copy1)

5% I don’t know

00-leg-blauw.png (copy1)

75% of the attacks come from outside the business

3 out of 4 respondents had experienced an incident that came from outside the business, while 1 in 5 was confronted with insider threats.

02-graph1.png (copy)

7%

52%

33%

8%

Other

00-leg-blauw.png (copy1)

Virus

00-leg-geel.png (copy1)

Ransomware

00-leg-rood.png (copy1)

Unknown

00-leg-geel.png (copy2)

Malware

Top 3 cyber incidents in 2020

3.    Spear-phising: 16%

03-bg-mobile.jpg
03-number.png

An incident is not always visible

For 7 out of 10 respondents, the incident was discovered internally, while 15% were alerted by a third party. An incident cannot always be identified instantly. It demands continuous monitoring and system analysis.

Discovered internally: 69%

00-leg-geel.png (copy)

Flagged up by third party: 16%

00-leg-rood.png (copy)

I don’t know: 2%

00-leg-blauw.png (copy)

Other: 13%  

00-leg-blauw.png (copy1)
01-graph1.png (copy)

16%

69%

13%

2%

2020

Take note: 92% of the businesses that had already experienced a cyber incident are concerned to very concerned about being a victim a second time. Of those businesses that hadn’t yet been attacked, 18% indicated not being concerned at all.

04-bg-mobile.jpg

The consequences of an incident are often severe

04-number.png
4%

loss of business data

technical unemployment

9%

business standstill

38%

actual cost

€ 136.000
02-graph1.png (copy)

2%

2%

77%

15%

2%

2%

Time out period elapsed before situation was back under control:

Less than a week: 77%

00-leg-geel.png (copy)

Between 1 and 4 weeks: 15%

00-leg-rood.png (copy)

Between 3 and 6 months: 2%

00-leg-blauw.png (copy)

Longer than 6 months: 2%

00-leg-blauw.png (copy1)

The problem is still not resolved: 2%

00-leg-blauw.png (copy2)

I don’t know: 2%

00-leg-blauw.png (copy3)
05-bg-mobile.jpg
05-number.png

50% of the organizations have no active cybersecurity strategy

1 in 2 businesses in Belgium and the Netherlands has no active cybersecurity strategy or doesn’t know if they have one.

What is zero-trust security?

01-graph1.png (copy1)

27%

49%

9%

15%

15% have no strategy

00-leg-blauw.png (copy1)

49% have an active/developed strategy

00-leg-geel.png (copy1)

27% are developing a strategy

00-leg-rood.png (copy1)

9% don’t know if there is a strategy

00-leg-geel.png (copy2)

Business data on mobile devices

3 major motivations for the implementation of cybersecurity measures

3 major obstacles to the implementation of cybersecurity measures

Cybersecurity is a huge cost for businesses and is rarely if ever included in the budget. In many organizations there is still the perception that cybersecurity means huge costs and little to no ROI.

1. Financial

2. Business culture

If a strategy is not supported by management, then employees are not aware of the importance of cybersecurity and no one cares about it.

The IT environment – often in small businesses – is barely or never monitored. Lack of knowledge, capacity and/or personnel is the cause of this.

3. Resources

Almost 4 in 10 respondents admit to having a shortage of specialist people in the IT department. Of those businesses with more than 2,000 employees, 43% reported a shortage of cybersecurity employees.

22% of respondents said they had no cybersecurity employees at all. Of the businesses with fewer than 100 employees, 40% had no cybersecurity team.

02-graph1.png (copy)

3%

54%

39%

4%

Nobody: 4%

00-leg-blauw.png (copy1)

Own IT staff: 54%

00-leg-geel.png (copy1)

IT partner: 39%

00-leg-rood.png (copy1)

Other: 3%

00-leg-geel.png (copy2)

Number of cybersecurity employees in the IT department

Who manages and monitors the cybersecurity infrastructure?

06-graph1.png

68%

22%

5%

11-20: 5%

00-leg-blauw.png (copy)

0 employees: 22%

00-leg-geel.png (copy)

1-10: 68%

00-leg-rood.png (copy)

31-50: 1%

00-leg-geel.png (copy1)

51-100: 2%

00-leg-rood.png (copy1)

>100: 2%

00-leg-blauw.png (copy1)
06-bg-mobile.jpg

Shortage of IT support

06-number.png
07-bg-mobile.jpg
07-number.png

Cybersecurity priorities for 2021

The study shows that many businesses are still suffering from a shortage of IT support. In addition, there are also businesses that have no strategy or are still developing one. 1 in 4 businesses do not give cybersecurity awareness training to their employees.

Our respondents know that they can and ought to do better. The three top cybersecurity priorities for 2021 are:

raising awareness among and training of employees
investing in technology
developing a cybersecurity strategy

1.

2.
3.

Number of businesses that give employees cybersecurity awareness training

Several times a year: 30%

00-leg-blauw.png (copy1)

None: 26%

00-leg-geel.png (copy1)

Once a year: 31%

00-leg-rood.png (copy1)

Other: 6%

00-leg-geel.png (copy2)

I don’t know: 7%

00-leg-geel.png (copy3)
01-graph1.png (copy1)

30%

31%

6%

7%

26%

Organizing small activities a few times a year, like a poster campaign or a stand in a central space in the building, can have a much bigger impact. Cybercrime is evolving at breakneck speed, which is why it is important to devote constant attention to the training of your personnel. With (online) mini-training sessions, your employees will constantly be aware of your business security approach.

Secure your business in 4 easy steps

Discover the Proximus 360°approach to making your organization secure. Pick and choose what you want: from total outsourcing to specific cybersecurity services.

The 13 cybersecurity trends and risks of 2021

The cybersecurity landscape is a constantly moving picture. It is best to prepare your organization for protecting new technologies and possible cyber incidents.

This publication uses cookies

We use functional and analytical cookies to improve our website. In addition, third parties place tracking cookies to display personalised advertisements on social media. By clicking accept you consent to the placement of these cookies.