More than half of employees use generative AI, phishing is still the most common form of cybercrime within the workplace, and most employees feel comfortable enough to report cyber incidents within their organizations. Some of the results of the Alert Online trend survey released today.
On behalf of the Ministry of Economic Affairs, Ipsos I&O conducted research into Dutch people's knowledge and perception of digital security. The Digital Trust Center (DTC) zooms in on some striking findings fromthe Business Sector Sub-report.
The use of AI among employees is significant, with half of employees usinggenerative AI occasionally (35%) or structurally (14%). In addition, the implementation of clear guidelines for the use of generative AI is not yet commonplace everywhere. Approximately a quarter (26%) of employees indicate that there are clear guidelines within their organization to manage potential risks, slightly less than a quarter (23%) indicate that this is not the case, and the rest of the employees (38%) indicate that they are unable to assess this properly.
ICT leaders are more positive about the guidelines for AI within the organization. Almost half of ICT leaders (45%) feel there are good guidelines and about one-fifth (22%) say there are not.
Three in ten (31%) employees receiveda phishing email in the past twelve months. Among IT managers, this figure was as high as four in ten (44%). For both groups, this is the most common form of cybercrime they encounter. The proportion of employees who have experienced a phishing attempt has increased from 25% in 2024 to 31% in 2025. As in 2024, IT managers indicate that they are more likely to encounter various forms of cybercrime than other employees.
Two-step loginis the most common measure taken by companies to promote safe online behavior. Fifty-five percent of employees indicate that this is mandatory within their organization. This measure is also most frequently mentioned by IT managers (64%) and employees of large companies (64%). Large companies take proportionally more measures. At companies where agreements have been made about safe online behavior, most employees (80%) feel comfortable reporting cyber incidents within their organization.
A third (34%) of employees rate their own knowledge of online safety as (very) good. In 2024, this percentage was 27%. ICT managers rate their knowledge higher than other employees. The proportion of ICT managers who rate their knowledge as (very) good is 61%. On the other hand, four in ten (43%) ICT managers worry about their own online security at work. For employees, this percentage is significantly lower: 27% say they are concerned.
Every year, a survey is conducted into the knowledge, attitudes, and behavior of various target groups in the field of online safety. The survey consists of amain reportand sub-reports on thebusiness community and thegovernment. For the Business Community sub-report, the survey was conducted among 734 employees and 754 IT managers.
Small businesses may face financial barriers when taking much-needed basic measures. That is why the Digital Trust Center is temporarily making asubsidyavailable to small businesses that want to increase their cyber resilience. Through Mijn Cyberweerbare Zaak, businesses can receive up to €1,250 in subsidies for the purchase price and/or implementation costs of a number of basic measures. Be quick, because the subsidy can be applied for until October 31, 2025, and will be awarded in order of receipt until the maximum budget is reached.
