A third of small businesses are not taking any action to be safe online. The upcoming NIS2 directive, which aims to strengthen digital and economic resilience, is still unknown to the majority of employees. And phishing is still the most common form of cybercrime within the workplace.
Some of the results of the Alert Online trend survey published today. Commissioned by the Ministry of Economic Affairs, Ipsos I&O conducted research into the knowledge and perception of digital safety among the Dutch. On this page we zoom in on some striking findings from the Sub-report Business.
Over a quarter (27%) of employees rate their own knowledge of online safety as (very) good. In 2023, this percentage was 21%. ICT managers rate their knowledge higher than other employees. The proportion of ICT managers who rate their knowledge as (very) good is 53%. On the other hand, four in ten (40%) ICT managers worry about their own online security at work. For employees, this percentage is significantly lower: 23% say they are concerned.
The NIS2 directive for information security goes into effect from October 2024. One-third (33%) of ICT leaders have heard of the NIS2 Directive or are well aware of it. In industries covered by the NIS2 directive, 45% of ICT executives are familiar with the directive. Employees within all other types of companies are less well informed: 85% have never heard of NIS2. Nine in 10 are unaware that their company is (likely) to be covered by the directive.
Two-step login is the most common action taken on behalf of online safe behavior at companies (employees: 38%). This measure is also mentioned most often by ICT managers (54%) and employees of large companies (50%). For three in five employees, the employer makes automatic backups of all files.
Small businesses take fewer actions. Moreover, one-third of these companies (32%) take no action at all for safe online behavior. In contrast, large companies take proportionately more actions. At companies where agreements have been made about safe online behavior, four out of five employees find it easy to abide by those agreements.
Interestingly, small businesses with fewer than 10 employees were more likely than in 2023 to say they do not take any measures for safe online behavior. In 2023, 19% of companies took no action at all, that percentage has now risen to 32%.
Six in ten (58%) employees received a phishing email. Among ICT managers, this was as high as 72%. In both groups, this is the form of cybercrime most commonly experienced. As in 2023, ICT managers are more likely to experience various presented forms of cybercrime than other employees. Over half of employees would be embarrassed if they clicked on a phishing link, three-quarters would immediately tell others or the ICT department if they accidentally downloaded a virus.
Each year a survey is conducted on the knowledge, attitudes and behaviors of different target groups regarding online safety. The research consists of a main report and sub-reports on business and government. For the Industry sub-report, the survey was conducted among 738 employees and 417 ICT managers. Download the partial report
To read the insights of business workers.
Small businesses may experience a financial barrier to taking much-needed basic measures. This is why the Digital Trust Center is temporarily making available a grant of up to €1,250 for small businesses looking to increase their cyber resilience. Through the free CyberSafe Check for SMEs and self-employed people gives you a picture in a few minutes of which cyber measures you still need to take to put the basics in order.
