Better insight in cybersecurity incidents are important for governance, policy and product development. The Cybersecuritymonitor 2018 that was published by Statistics Netherlands (CBS) shows that IT security incidents occurred at 50% of the businesses in 2016, half of which leading to additional costs. The importance of cyber security is also visible when comparing the number of traditional crimes to the number of cybercrimes. In 2017, the amount of traditional crimes was 27.0 per 100 inhabitants and cybercrime offenses were 18.6 per 100 inhabitants, even though the percentage of reported cybercrimes was 2,6 times lower than of traditional crimes.
In 2017, 81% of the companies with 10 or more employees took three or more IT-security measures in attempt to create resilience to cybercrimes, indicating it is a substantial market. There is a lot to do still. The Dutch Data Protection Authority received 10.009 notifications of data leaks. This is more than double the number of notifications in 2016. Notable is that only 9% of the companies with 10 employees or more reported an ICT-security incident.
Citizens and companies are taking several countermeasures to deal with cyberthreats. In 2016, 34% of the Dutch citizens changed the settings of their browser to avoid or limit cookies. Over half indicated to abandon internet activities due to a lack of trust in 2015. In 2017 89% of computer users over 12 years claim to have security software installed, for mobile phones this is only 52%. Also in 2017, 84% of the companies with 10 employees or more performed software updates (security-patches). In June 2017, 52% of the .nl domain names used DNSSEC, which is a security standard that makes phishing and pharming more difficult. In 2016, 19% of companies did not sell their products or services online due to problems with IT-security or protecting personal data.
The catering industry, construction, commerce and rental of real estate execute less ICT-safety measures in contrast with the information- and communication sector and financial sector.
Companies with 10 employees or more that performed activities concerning ICT-security rely heavily on external suppliers in 67% of the cases. Because of this construction, a shared responsibility arises.
To measure the state of cybersecurity CBS uses twenty indicators, but this is still under development. There is not yet a complete image of threats and incidents and of all the measures that are executed. The ambition is to add more objective sources to make the Cybersecuritymonitor more complete. If you own an objective source to measure cybersecurity in the Netherlands that you want to share, please contact firstname.lastname@example.org.
Read the official press release by CBS.