The Netherlands is Facing a Growing Cyber Security Crisis, with a staggering 66% of Dutch Businesses Lacking Adequate Cyber Resilience, According to Accordemic Resilce.
As geopolitical tensions Rise and digital threats escalate, Rick van der kleijA Psychologist and Professor in Cyber Resilient Organizations at Avans University of Applied Sciences, Who ALSO Conducts Resucts Research at TNO, Says That Traditional Applications Have Failed and A Paradigigm shifted is urgently needed.
Van der kleyj sugges that cyber security provides the illusion of safety rather than actual protection for many dutch organisations. His stark assessment is that the Netherlands' Traditional Approach to Cyber Risk is Fundamentally Broken.
“We need to stop thinking in terms of cyber security. It's a model that has demonstrably failed,” he says. “Despite Years of Investment in Cyber Security Measures, The Frequency and Impact of Incidents Continue to Increase Rapidly Across Dutch Businesses.”
This reflects the Central Argument of His Recent Inaugural Lecture “Now that Security is no more”, where he called for a paradigm shift in how Dutch Organizations Approach Cyber Risks.
Digital dilemma
Van Der Kleij DesCribes “The Great Digital Dilemma” of Balancing Openness and Security in a Country with One of Europe's Most Advanced Digital Infrastructure. “How can entrepreneurs remain open and connected without having to complete down their businesses?” He asks.
The statistics are stark. Van der kleij's study Found That 66% of Dutch Businesses are inadequately prepared for cyber threats. Recent Abn amro research Confirms the crisis: one in five businesses suffred Cyber Crime Damage Last Year, Rising to Nearly 30% Among Large Companies. For the first time, smes (80%) are more frequently targeted than large corporations (75%), marking a significant shift in cyber criminal strategy.
Despite the numbers, a perception gap persists. Van Der Kleij Identify 'The overconfident' – Dutch businesses beLieving their cyber security is adequate when it isnys. While Sme Attack Rates Soar, Their Risk Perception Remains Static, Whereas Large Organizations Show Marked Awareness Increases (from 41% to 64%). This creates a “waterbed effect”-as large companies strengthen defense, Cyber Criminals Shift to Less-PREPARED SMES Whoch Are Paradoxically reduced.
From cyber security to cyber resilience
Van Der Kleij Emphasis a Crucial Distinction: While Cyber Security Focuses on Preventing Incidents, Cyber Resilience Acknowledges That Incidents Will Happen. “It's about having the capacity to react approval, Recover from Incidents, and Learn from whats Wrong to Emerge Stronger,” He Says.
This requires four capability – prepare, respond, recover and adapt – Yet Most Dutch Organizations Focus only on preparation. The Abn Amro Findings Confirm This: Many Smes Have Firewalls but Lack INTRUSION Detection or Incident Response Plans. Large Companies take a more balanced approach, Combining Technology with Training, Response Capabilites and Insurance.
Uber's Experience Illustrates The Weakness of Purely Technical Approaches. After A 2016 Hack, they implemented two-factor authentication-YET WHET WERE HACKED Again in 2022 by an 18-hour-hour-just using Whatsapp Social Engineering.
“This shows that investment only in technology without addressing human factories creates Fundamental weight Kleij adds.
Human factor
Van der Kleij Challenges the Persistent Myth That Humans are Cyber Security's Weakest Link. “People are often blamed when things go wrong, but the actual vulnerabilites typically lie elsewhere in the system, often in the design itself,” He Says.
The Misdirection is reflected in Spending: 85% of Cyber Security Investments Go Toward Technology, 14% Toward Processes and just 1% Toward the Human Component. Yet the Abn Amro Research Shows Phishing – Which successes through psychological manipulation rather than sophisticated technology – affects 71% of Dutch businesses.
“We've Known for Decades That People ARN'T Equipped to Remember Complex Passwords Across Dozens Dozens of Accounts, Yet We Continue Demanding This and then Express Surprise when they crerat Workarounds, “Van der kleij says.
“Rather than blaming users, we should design systems that make secure behavior appier. Users. ”
Failing to act
Why do so many dutch smes fail to invest in cyber resilience despite evidence risks? Van der Kleij Believes It's About Behavior, Not Business Size. “It's not primarily about size or industry – it's about behavior and beliefs,” he says.
Common Limiting Beliefs Among Dutch Entrepreneurs Include “I'm Too Small to be a Target” or “I don't have confidential information”. Remarkably, even suffering a Cyber Attack does not change this mindset. Studies show that when businesses are hacked, it does not automatically lead them to better secure their operations afterward, “Van der kleij says.
The challenge is reaching that who need help most. “We have vouchers, we have arranges where entrepreneurs can get help at a significantly reduced fee from cyber security professionals, but uptake remains negligible,” van kleij saying. “It's always the same parties who come to the government's door – the large companies who are alredy mature. The Small Ones, We Just Can't Seem to Reach them.”
Van der Kleij Sees “Relational Capital” – Resources Generated Through Partnerships – As Key to Enhancing Dutch Cyber Resilience. “You can become more cyber resilient by established partnerships,” He Says, Pointing to Government-encountering Initiatives like information sharing and analysis centers.
The Abn Amro Research Reveals bey collaboration matters: 39% of Large Companies Experienced Cyber Incidents Originating with SupPliers or Partners, Compared with 25% of Smaller FIRMS. This Supply Chain Vulnerability Drives Major Dutch Organizations to Demand Higher Standards from Partners Through Initiatives Such as Big Helps Small.
European Regulations Reinforce this trend. The new nis2 Directive will expand coverage from Hinds to Several Thous Dutch Companies, YET only 11% have adequately prepared. Among smes, approximately half have done little preparation – Despite Dutch Police Warnings About Increasingly Frequent Ransomware Attacks where Criminals Threatn to release
Van Der Kleij's Current Research at Avans University Focuses on identifying barriers to cyber resilience investment through focus groups with dutch entrepreneurs. “When we go understand these barriers-which are more likely motivational Than Knowledge-Related-We can design targeted interventions,” He says.
Van der Kleij's Message is stark: “The question isn't your organization will face a cyber increasent, but when – and how effectively you'll respond. Cyber resilience ENSILIENCE ENSILEENCE ENSILEENCE ENSILEET ANDCUBERSES COHILE Adding Crucial Capability for Response, Recovery and Adaptation.