Municipalities need to strengthen digital resilience: ransomware and vendor incidents greatest risks
Municipalities face a complex and structural threat landscape. This is evident from the Information Security Threat Assessment 2025-2026, published by the Information Security Service (IBD). Nausikaä Efstratiades handed the report to Mayor Snijders of the municipality of Zwolle, chair of the VNG Information Society Committee. The main risks: ransomware attacks, data breaches and disruptions due to supplier incidents.
VNG June 10, 2025
These digital threats directly affect the continuity of municipal services and the trust of residents. Municipalities also struggle with limited capacity, knowledge and resources, which makes it difficult to maintain digital security. In light of structural shortages, geopolitical tensions and technological dependencies, a proactive and collective approach is essential.
Mayor Snijders: collective approach essential
According to Mayor Snijders, this joint approach is indispensable: "Digital threats do not stop at municipal borders. It is our joint responsibility to make municipalities resilient. The challenges we face are too big and too complex to tackle alone. The challenges of our time call for an accelerated collective approach to municipal digitization. Only by joining forces will we find the right digital solutions for all of us."
Digital security as a core administrative task
The IBD report contains a clear governance message: risk management is a core task of every executive - including digital. Moreover, new laws and regulations such as the Cyber Security Act (Cbw) make digital security an explicit administrative responsibility. Snijders argues that this calls for clear managerial action: "As managers, we must keep digital security high on the agenda, ask the right questions and ensure sufficient awareness as well as resources. Those who govern, also govern digitally." To help administrators, the VNG has drawn up a number of priorities that serve as concrete action perspectives for the updated Threat Assessment. You can read them
here.
The importance of technical and organizational resilience
Nausikaä Efstratiades, head of the IBD, also emphasizes the importance of technical and organizational resilience: "Ransomware remains the biggest threat. But data breaches and supplier disruptions also cause serious damage. Digital security is not a matter of technology alone, but of good governance, cooperation and clear responsibilities."
150 municipalities involved in incidents
The Threat Assessment identifies that more than 150 municipalities were directly or indirectly involved in ransomware incidents through their vendors in 2023-2024. In addition, the number of data breaches is growing, including through phishing and human error. It also appears that failures of essential processes - such as civil affairs, benefits or licensing - are increasingly caused by incidents at external ICT parties. Because of this chain dependency, it is crucial that municipalities set requirements for suppliers and keep a grip on the continuity and security of services.
Recommendations to strengthen resilience
The report offers municipalities concrete tools to strengthen their organization's resilience, including:
- Basic measures such as multifactor authentication, network segmentation, monitoring and backups;
- Secure contracting to vendors, with explicit agreements on security, incident response and data minimization;
- Collective cooperation among municipalities to pool knowledge, capacity and purchasing power.
Learn more
The 2025-2026 Threat Assessment provides municipalities with direction, insights and action perspective to make risks manageable. Read here
the full report.
