Lack of knowledge disastrous for effective security strategy within Dutch companies

Most Dutch companies still haven’t realised that security is an integral part of their IT and company strategy

Large parts of Dutch IT budget are directed at technological measures against cyber incidents, while creating awareness amongst the workforce lacks behind, according to research.  

Not only large companies fall victim to cyber crime, with small and medium-sized enterprises (SMEs) increasingly finding themselves to be targets too.  

Research firm DirectResearch, commissioned by Cisco and Telindus, asked whether Dutch organisations react adequately to threats. One of the most striking findings is that almost two-thirds (62%) of the respondents believe their organisation lacks security knowledge, suggesting the effectiveness of their overall security strategy is at stake. Just over half the people interviewed (56%) said they regard cyber security as a both technical and organisational challenge. 

Not surprisingly, there were major differences between large and smaller companies when it comes to the barriers for a successful security strategy. Large companies tend to point at the complexity of chosen solutions as a constraint, while IT professionals with smaller companies said they are limited by their minor budget for cyber security.

Organisations of all sizes stated that lack of awareness is also a constraint, with too little knowledge among the workforce, and that they find it hard to grasp the severity of cyber crime. Or, as one of the respondent, put it: “Everyone thinks that the danger is not so bad.”  

Another bottleneck Dutch companies face is finding high-quality resources. Around half of the IT managers and architects that were surveyed said their infrastructure provides them with too little insight as they are struggling to find the right resources.

This means that they have difficulty compiling reports about cyber security, as well as timely detection of and response to cyber incidents. Larger companies have less difficulty dealing with threats such as phishing, DDoS, viruses, ransomware, botnets and malware, but this is where the smaller organisations struggle.  

Outsourcing 

Although there are plenty of cyber security managed service providers in The Netherlands, around half of the organisations still prefer to do it themselves, especially the larger ones – likely as they have the resources to do so. 

The larger the company, the more likely it will carry out cyber security themselves, the Cisco/Telindus report found. One in five SME companies look to outsource their cyber security, and an equal number already has. A large part of the respondents (66%) found that their companies spent enough time on cyber security, but those respondents mostly come from larger organisations and spent more time on the subject themselves.  

Priorities for the coming year are mainly budget raises for smaller companies, while larger organisations specify more distinct cyber priorities, such as creating awareness among the workforce and a better protection from ransomware. 

Jeroen Hentschke, proposition lead security at Telindus, said: “A lot of organisations find themselves in the midst of their digital transformation. It is crucial the security growths with the changing IT environment. Companies should not forget to educate and inform their workforce in order to be able to raise the cyber security awareness within their organisation.” 

Read more about cyber security in the Netherlands

Read more on Web application security