Koninklijke KPN NV

10/29/2024 | Press release | Archived content

Quarter of Dutch organizations poorly prepared for cyber threats

29
October
2024
|
09:37
Europe/Amsterdam

Quarter of Dutch organizations poorly prepared for cyber threats

KPN is researching the 'Cybersecurity Headaches' of medium and large organizations

Medium and large organizations in the Netherlands are very concerned about their digital security. Approximately 25% of all organizations say they are poorly prepared for cyber threats. There is a higher level of concern in the health care sector, where 40% of the IT decision-makers surveyed say they are poorly prepared for cyber threats. The financial sector (29%) and the government (27%) also score relatively high compared to the average across all the organizations surveyed. According to the results of a study done by KPN, the transport and logistics sector says it is far better prepared.

The 'Cybersecurity Headaches' research project provides an insight into what keeps IT managers in six different sectors awake at night. Research agency Motivaction surveyed a total of 456 IT managers from various sectors on KPN's behalf.

The following concerns were mentioned most often:

  1. The theft of sensitive personal data
  2. The (partial) shutdown of the company
  3. Reputational damage
  4. Financial damage, e.g. due to loss of revenue
  5. The theft of sensitive company information

Overview of top 3 cybersecurity 'headaches' per sector:

However, concerns vary from one sector to another. The main 'headaches' for six different sectors follow below.

Healthcare and welfare:

The healthcare and welfare sector is most concerned about digital security. Its main concerns include the theft of sensitive patient data, followed by the (partial) shutdown of the organization, reputational damage and social impact. Compared to other sectors, this sector is relatively most concerned about digital security (cybersecurity), and considers itself to be least prepared for a cyber threat. For example, the sector is less aware of the consequences of various cyber risks and of the status of digital security in the organization.

Financial services:

The financial sector is very concerned about cybersecurity in general and about the reputational damage arising from a cyber attack in particular. However, financial organizations do seem to be well informed about cyber risks. According to almost all of this sector's respondents, employees know what to do in the event of an attack. However, the sector relatively often feels that the investment required is too high compared to the risks. It is also of note that IT decision makers in the financial services sector are relatively well aware of the risks of cloud services and working partly or fully from home, among other things. The major challenges for this sector are the (rapid) emergence of new technologies and the presence of older systems (legacy software).

Government:

This sector is the least concerned about cybersecurity and considers itself well prepared relatively often. The government is most concerned about the theft of sensitive personal data. Concerns about the social impact of a cyber attack and non-compliance with laws and regulations are also mentioned frequently. This sector is relatively less concerned about digital security (cybersecurity) and considers itself the most well prepared for a cyber threat compared to other sectors. In general, the sector has a good insight into cyber risks and their (potentially major) consequences for the organization. Major challenges for the sector are a lack of knowledge and qualified staff and also the presence of older systems (legacy software).

Industry:

The main concern in this sector is the interruption to business processes, followed by the theft of business information and financial damage. Respondents' level of concern about digital security (cybersecurity) is relatively average, and how prepared they consider themselves to be is also about average compared to the other sectors. Although the industry sector believes it has a reasonably good insight into cybersecurity, it seems to be underestimating a number of risks. For example, the sector relatively often lacks an integral cybersecurity policy and respondents think that the sector is not of interest to cybercriminals, etc.

Retail:

The main concern in this sector is the financial damage from cyber attacks, followed by the interruption of business activities and the temporary unavailability of webshops and websites. The vast majority of respondents in this sector feel that they are reasonably well prepared or even well-prepared or fully prepared for a cyber threat. However, a majority did say that other things are often prioritized over cybersecurity. Respondents in this sector are also facing a number of challenges, e.g. the complexity of the IT landscape and the need to attract and retain cybersecurity knowledge.

Transport en logistiek:

Like the retail sector, respondents in the transport and logistics sector are most concerned about financial damage, followed by a company shutdown and the theft of sensitive personal data. Compared to other sectors, respondents in this sector believe they are well prepared or even fully prepared for cyber threats. However, less than a quarter of organizations in this sector have a policy in place for reporting security incidents. Among other things, the sector is also struggling with a lack of knowledge, awareness and qualified cybersecurity employees.

Differences between medium and large organizations

The researchers also looked at the similarities and differences between medium and large organizations. Both groups are particularly concerned about the theft of sensitive personal data. After data theft, medium organizations are most concerned about reputational damage and financial damage. A particular, significant concern for large organizations is the risk of a company shutdown, followed by reputational damage.

Medium organizations say they are confronted with cyber risks less often and they underestimate them more often. They are less concerned about cyber threats and believe they are of less interest to criminals as well. By contrast, large organizations are more aware of the risks and encounter challenges - like a high workload in their IT and cybersecurity departments - more often.

Vulnerability concerning

KPN wants to use the insights obtained from this research to further strengthen its role as a security partner in the Netherlands. By gaining a better insight into the specific challenges in each sector, KPN will be able to work with the various organizations on solutions that will more effectively protect them against the increasing threat of cybercrime.

About the study

Motivaction carried out the studyon behalf of KPN. A total of 456 IT managers from medium and large organizations were interviewed via an online questionnaire from August 16-26, 2024. Check kpn.com/securityfor more information.