The Dutch government is stepping up the fight against cybercrime. In a progress letter to the Lower House, the Ministry of Justice and Security underlines that an integrated approach is necessary to deal with increasingly complex and cross-border digital threats. According to the ministry, cybercrime poses a direct threat to society, the economy and national security.
CBS figures show that last year 16 percent of the Dutch became victims of online crime, some 2.4 million people. In 600,000 cases it involved hacking. Although this number is slightly lower than in 2023, according to the NCTV, the professionalism of attacks in particular is increasing. Ransomware remains an important revenue model for criminals using stolen data for extortion.
The deployment of artificial intelligence (AI) adds urgency to the threat picture. Criminals are increasingly using AI to automate attacks, bypass security systems and set up convincing phishing campaigns. At the same time, access to cybercrime has become easier. Through the dark web and platforms like Telegram, ready-to-use tools and manuals are widely available. Technical knowledge is hardly required anymore.
To make citizens and businesses more resilient, the government is investing heavily in prevention. Campaigns such as "Don't get duped" and "Double the security is double the security" are intended to raise awareness. There will also be a pilot with a so-called Anti Phishing Shield (APS) in cooperation with KPN this summer. The system is inspired by a Belgian model that has already managed to block millions of phishing attempts.
Tracking down cybercriminals remains complicated, in part because of the international nature of many networks. Nevertheless, there have been significant successes, according to the ministry. For example, Operation Endgame led to the dismantling of hundreds of criminal servers and the arrest of several prime suspects. During a follow-up operation in May, another 300 servers were shut down and millions in cryptocurrency were seized.
Operation Magnus, targeting so-called infostealers - malware that steals passwords and bank data - also yielded results. Through international cooperation, police managed to take down both the technical infrastructure and associated Telegram accounts.
In addition to classical detection, efforts are made to disrupt criminal networks. An important tool here is the European sanctions list. On a Dutch initiative, for the first time in 2024, cyber criminals have been sanctioned with travel bans and asset freezes. At the same time, cooperation with private parties is being intensified, such as in Project Melissa and the new Cyclotron program to strengthen the digital resilience of organizations.
The financial side of cybercrime is also receiving attention. Thanks to cooperation with the FIOD and the US, among others, millions in cryptocurrencies have been traced and two rogue crypto services dismantled. The EU Transfer of Funds Regulation in force since December 2024 now requires crypto service providers to register identity and transaction data.
The government is looking further into abuses in the Dutch hosting industry. Despite its good reputation, the Netherlands is sometimes used for so-called bulletproof hosting. Measures under consideration include a legal Know Your Customer duty for hosting providers, stricter classifications through SBI codes and more international cooperation around combating abuse.
On the legislative front, work is underway to evaluate the Computer Crime Act III that gives police and judicial hacking powers. There is also a bill to implement the European e-evidence package that requires digital service providers to provide cross-border digital evidence.
Finally, the platform Telegram is also being tackled following Parliamentary questions about the distribution of illegal content such as so-called bangalists. Thanks to mediation by regulator ACM, these have since been removed. Telegram has agreed to work more closely with hotline Offlimits for faster removal of punishable content.
The fight against cybercrime remains dynamic, according to the ministry. By continuing to invest in prevention, detection and international cooperation, the Netherlands aims to remain digitally secure in an increasingly complex playing field.
