Statistics Netherlands releases Cyber Security Monitor 2022

The latest annual Cyber ​​Security Monitor report by Statistics Netherlands reveals the scale of cyber incidents experienced by Dutch businesses. The report encompasses the Dutch economy and shows how it has impacted organizations with different industries and headcounts. Proportionally, large businesses are the most targeted with 20% experiencing an incident due to an outside attack. Despite this, large businesses only make up a fraction of the reported incidents.

The Cyber Security Monitor report

For the past 6 years, Statistics Netherlands has published the Cyber ​​Security Monitor report to share how companies in the Netherlands are impacted by cyber-attacks. The latest figures and findings rely on survey data from 2021. The report comprises two sections, the first summarising measures taken to prevent incidents, and the second about the incidents themselves. For the first time ever the report contains a section about ransomware attacks. 

Key findings

• In 2021 there were total of 6,300 reported ransomware attacks against companies. Self-employed people reported approximately 4,000 of these.
• The number of companies reporting data disclosure has increased for the fourth year in a row.
• In percentage terms, large companies are more often affected by ransomware (4% compared to 0.3% of the self-employed)
• Companies (excluding the self-employed) paid a ransom on average of 11%, and 38 percent incurred other costs.
• In about half of the cases, the ransom amounts to more than 50% of the turnover. This number is due to small companies, which have a relatively low turnover. 
• For large companies (+250 employees), more than 4 percent paid a ransom. For 1 in 4 large companies that pay a ransom, the amount is between 1 to 2 percent of the turnover.
• For companies with between 50 and 250 employees, over 10 percent of the ransoms paid were 5-10% of turnover.

The cost of attacks

Some sectors suffer more than others in terms of the attacks and the costs incurred, which are not evenly distributed. Attacks against the Financial sector increased, with the number of businesses impacted growing from 2.2% to 3.4%. Furthermore, in over half of these incidents, the cost was between 1-5% of turnover. 

The Trade sector also suffered a disproportionate impact. In 70 percent of ransomware incidents, the victims paid more than 50% of their turnover as ransom.

In nearly half of ransomware attacks, there were additional costs to the ransomware. 48% of businesses had expenses for replacing ICT, hiring external specialists, and experiencing a decrease in production. The variance of these costs is high, however they can be significant. 5% of companies with 50-250 employees had extra costs of 10-50% of their turnover.

To mitigate costs 17% of businesses reported to have taken out insurance against security incidents. The rate increases with the company size, and approximately 44% of businesses over 250 employees had taken out insurance in 2021. 

Moving from reactive to proactive

Cyber insurance helps reduce damage from incidents, but it may not always give the best return on investment. As a proactive measure, we base it on the certainty that an attack will take place. In many cases, investing in proactive measures to prevent an attack will provide a better business outcome. 

Proactive measures can reduce the likelihood of an attack dramatically. Continuous monitoring can incorporate mitigating threats before threat actors have the chance to exploit them. To learn how to become proactive from Hadrian’s experts get in touch today.