Cybercrime file image- Credit: Rendering: www.elbpresse.de / Christoph Scholz / Flickr / Wikimedia Commons - License: CC-BY-SA

Hackers having less luck creeping into Dutch company networks; Smaller firms unprepared

Hackers managed to break their way into the networks of fewer Dutch companies last year, and the proportion of organizations that suffered damage also decreased, ABN Amro reported on Tuesday. But the bank’s researchers warned that smaller companies, in particular, remain woefully unprepared for a new generation of digital risks.

ABN Amro and market research firm MWM2 surveyed 777 Dutch organizations on cyber incidents and cybersecurity. They found that the share of companies that experienced a cyber incident in the past 12 months has decreased across the board.

The decrease was most visible in the SME sector, where the share of companies that experienced a hack or other data breach fell from 72 percent in 2024 to 60 percent this year. The share also decreased among freelancers, from 57 to 48 percent. Among larger companies, this percentage dropped from 86 to 76 percent. The share of companies that suffered damage due to cyberattacks decreased from 20 to 15 percent.

The researchers spoke of positive developments, but warned that many companies, particularly smaller ones, are not sufficiently prepared for the new generation of digital risks. AI, for example, increases the cyber threat twofold because hackers make good use of the technology and because data breaches occur due ot the careless use of external AI tools like ChatGPT and Claude.

Almost a third of SMEs said they are concerned about employees sharing sensitive information with AI chatbots. At the same time, 78 percent of these companies use AI to some extent, while only 9 percent have a formal policy for the use of external AI solutions. Among large companies, 32 percent have AI policies in place.

“In the SME sector, there is often a lack of an up-to-date picture of vulnerabilities; barely a third of organizations conducted a risk scan in the past three years,” ABN Amro said. “The foundation of effectively handling cyber incidents is also not yet in place at many SMEs. This is risky, especially now that AI is accelerating attacks and shortening response times for organizations.”

Only 26 percent of SMEs have a formal response plan for cyber attacks, compared to 49 percent of large companies. “Moreover, large companies invest a much higher percentage of their revenue in cybersecurity and have made agreements with supply chain partners regarding digital security much more frequently than SMEs,” the researchers said.

The bank also raised concerns about Dutch companies' reliance on a small number of cloud and AI providers. Almost half of Dutch companies experience a partial to very high dependency on American tech companies. “Geopolitical and legal factors pose a risk to the availability of these foreign digital services.”

The researchers found that many organizations are already exploring alternative solutions. 63 percent of SMEs are already taking measures to reduce dependencies, almost the same as in large enterprises (69 percent). 17 percent of SMEs have already fully or partially switched to European solutions, compared to 12 percent of large enterprises.

“This reveals an interesting contrast: large organizations often possess greater cyber maturity and formal control, but smaller companies are sometimes more agile when they actually need to switch,” ABN Amro said.