The increasing cyber threat is a growing challenge for Dutch companies. Unfortunately, the development of the resilience of these companies appears to be lagging behind the speed at which cybercriminals develop new attack methods.
This has led to a resilience gap between the threat and the protection of companies. The fact that digital resilience is not yet in order everywhere is due to the fact that basic measures are not being implemented sufficiently. Consider, for example, logging in in two steps and making and testing backups.
DTC Benchmark Survey
The Digital Trust Center (DTC) has commissioned research into the use of various cyber security measures by Dutch self-employed persons without employees and (small) SMEs with and without an IT service provider. The purpose of this is to map out the current state of affairs regarding the use of cyber security measures and to find out what possible points for improvement are for the resilience of these companies against cyber attacks. A total of 766 self-employed persons and SMEs (up to 25 employees) participated in the survey.
Two-step login is not used enough
The results show that self-employed persons and SMEs are taking measures to protect their companies. For example, 4 out of 5 self-employed persons and SMEs indicate that antivirus software is installed. More than 4 out of 5 self-employed persons and SMEs also think they can recognize phishing well. Not all measures are being taken sufficiently. It is striking, for example, that logging in in 2 steps, also known as two-factor authentication, is one of the least complied with measures among self-employed persons and SMEs. 60% of SMBs say they have two-factor authentication enabled on all business applications. Among the self-employed, this percentage is 44%.
Top 5 of the implemented cybersecurity measures
Freelancers have more insight into cybersecurity measures taken
Although the self-employed group scores lower on average for taking cyber security measures, this group has more insight into the measures taken than the SME group. In the SME group, it is more often unclear whether certain measures have been taken or not. A striking difference between the two groups is that SMEs more often have a call list for digital emergencies, while this is one of the least complied with among self-employed persons. Compared to SMEs, self-employed persons also test less often whether their backup actually works if necessary.
Influence of having an IT service provider on measures taken
9% of the self-employed have engaged an IT service provider. This is 64% for SMEs. If we look at the differences between the two groups with and without an IT service provider, it is striking that self-employed persons without an IT service provider indicate more than twice as often that they have tested whether backup works (57% of the self-employed without an IT service provider versus 26% of the self-employed with an IT service provider). Significantly more self-employed persons without an IT service provider (30%) also carried out a risk analysis than self-employed persons with an IT service provider (8%).
“It is often thought that small companies are not an interesting target for cyber criminals. Wrongly. A cyber attack very often affects systems that are insufficiently protected. Fortunately, there are many things you can arrange yourself today to protect your company. With With the CyberVeilig Check we can ensure that the resilience gap narrows a bit,” says Michel Verhagen, manager of the DTC.
Get started today
As an entrepreneur, it is important to be aware of the importance of cyber security and to protect your business against cyber attacks. Do you have insufficient knowledge in-house? Then call in an IT service provider. To clarify where the responsibilities lie, it is important to enter into and maintain a dialogue with your IT service provider. For example, make agreements about making a risk analysis and pay extra attention to testing your backup. View this handy guideline for an effective conversation with your IT service provider. In addition to calling in an IT service provider, you can also take steps yourself without much technical knowledge to increase the cyber resilience of your company.
Start with the CyberVeilig Check for the self-employed and SMEs
The DTC developed the CyberVeilig Check especially for entrepreneurs who do not yet have much knowledge and experience in terms of cybersecurity. Within 5 minutes you will know what you need to do today to get started with the digital security of your company. You can download your own action list and get started with practical instructions and tips. Anyone who has finished with the action points for today can retrieve the other action points in the second part of the tool to lay a foundation for the digital security of your company.
Campaign ‘Starting with cyber security’
Based on these results, the DTC will start an awareness campaign on 22 May about cyber security measures that entrepreneurs can quickly implement themselves. The aim of this campaign is to encourage self-employed persons and SMEs to take action today to increase their resilience.
Are you planning to start your own campaign on this subject or to bring the CyberVeilig Check to the attention of entrepreneurs in your constituency? View these campaign materials for inspiration and reuse.