High confidence, high risk: one in five Dutch companies suffered cyber attack damage in 2024
Cyber resilience of Dutch businesses is lagging behind the current threat level: that’s the conclusion of a recent study by ABN AMRO and MWM2. The study reveals that in 2024, one in five organizations faced tangible damage from cyberattacks. Among large enterprises, that figure rose to nearly one in three. The most common consequences were financial losses, followed by data leaks and operational disruption.
Persistent vulnerabilities despite high confidence
Almost all respondents had experienced cyber incidents at some point. Yet, many, and particularly smaller firms, remain confident in their defensive measures, the study showed. This assurance is typically centered on prevention tools such as antivirus software and firewalls. However, proactive capabilities like threat detection, incident response, and recovery seemed to be lacking often.
This is cause for concern, ABN AMRO warns. Financial damage can escalate quickly, but more critically, strategic risk arises when customer trust is lost, critical operations are disrupted, or intellectual property is compromised. These incidents can cause long-term reputational and operational harm.
Geopolitical threats amplify cyber risk
The study also highlights the evolving threat landscape, involving not just cybercriminals but also state-backed actors. The emergence of generative AI and deep fakes adds further complexity. At the same time, cyber offensives connected to geopolitical agendas are increasing.
For example, state actors are targeting supply chains in Europe, often collaborating with cybercriminals. Authoritarian regimes use digital attacks to create chaos, focusing on critical infrastructure and healthcare through weak links in the chain. However, despite these developments, only 9% of companies regard state-sponsored attacks as a serious threat.
Regulatory blind spot: NIS2 and Cyber Resilience Act
The European Union’s NIS2 directive and the upcoming Cyber Resilience Act aim to raise cybersecurity standards across essential and important sectors. These laws will require risk management, incident reporting, and supply chain accountability. However, awareness is still limited, the study revealed.
While two-thirds of large enterprises are preparing for NIS2, less than half of small and medium-sized enterprises (SMEs) weren’t familiar with the new regulation, putting many companies at risk of non-compliance and unprepared for upcoming obligations.
A call to strengthen cyber resilience frameworks
The ABN AMRO research highlights a clear gap: high confidence in resilience is not backed by strong, proactive capabilities. Building resilience through coordinated efforts across people, processes, and technology is essential to minimize financial, reputational, and strategic risks in today's digital environment.
Dutch companies must transition from reliance on basic prevention to actively strengthening detection, response, and regulatory compliance. With state-linked threats on the rise and stricter EU rules approaching, now is the time to invest in resilience or risk serious disruption.
