The increasing cyber threat poses a growing challenge for Dutch companies. Unfortunately, the development of the resilience of these companies appears to lag behind the speed at which cyber criminals are developing new methods of attack. This has led to a resilience gap between the threat and the protection of companies. The fact that digital resilience is not yet in order everywhere is because basic measures are not sufficiently implemented. Examples include two-step login and backup creation and testing.
The Digital Trust Center (DTC) has commissioned research into the use of various cybersecurity measures by Dutch sole traders and (small) SMEs with and without an IT service provider. The aim is to map the current state of affairs regarding the use of cybersecurity measures and to find out what possible points of improvement are for the resilience of these companies against cyber attacks. A total of 766 self-employed individuals and SMEs (up to 25 employees) participated in the survey.
The results show that self-employed people and SMEs are taking measures to protect their businesses. For example, 4 out of 5 self-employed persons and SMEs indicate that antivirus software is installed. Also, more than 4 out of 5 self-employed persons and SMEs think they can recognize phishing well. Not all measures are yet sufficiently taken. It is striking that the 2-step login, also known as two-factor authentication, is among the least complied with by both the self-employed and SMEs. 60% of SMEs say they have two-factor authentication set up on all business applications. Among the self-employed, the percentage is 44%.
Although the self-employed group scores lower on average on taking cybersecurity measures, this group has more insight into the measures taken than the SME group. Among the SME group, it is more often unclear whether or not certain measures have been taken. A notable difference between the two groups is that SMEs more often have a call list for digital emergencies, while among the self-employed this is one of the least complied with measures. Also, compared to SMEs, self-employed people are less likely to test whether their backup actually works when needed.
Among the self-employed, 9% have engaged an IT service provider. Among SMEs, the figure is 64%. Looking at the differences between the two groups with and without an IT service provider, it is striking that self-employed people without an IT service provider are more than twice as likely to say that they have tested whether backup works (57% of self-employed people without an IT service provider versus 26% of self-employed people with an IT service provider). Also, significantly more self-employed individuals without an IT service provider (30%) have conducted a risk analysis than self-employed individuals with IT service providers (8%).
As a business owner, it is important to be aware of the importance of cyber security and to protect your business from cyber attacks. Don't have enough knowledge in-house? Then engage an IT service provider. To get clear where responsibilities lie, it is important to engage and stay in dialogue with your IT service provider. For example, agree on making a risk analysis and pay extra attention to testing your backup. Check out this handy guide to having an effective conversation with your IT service provider. In addition to engaging an IT service provider, even without much technical knowledge, you can take steps yourself today to increase your company's cyber resilience.
"It is often thought that small businesses are not an interesting target for cybercriminals. Wrongly so. A cyberattack very often hits systems that are inadequately protected.
Fortunately, there are many things you can do today to protect your business yourself. With the CyberSafe Check we can make sure that the resilience gap gets a little smaller," said Michel Verhagen, manager of the DTC.
Especially for entrepreneurs who do not yet have much knowledge and experience in terms of cybersecurity, the DTC developed the CyberSafe Check (2). Within 5 minutes you will know what you need to do today to make a start with the digital security of your company. You can download your own action list and get started with practical instructions and tips. If you are done with today's action items, pick up the remaining action items in the second part of the tool to lay a foundation for your company's digital security.
https://www.digitaltrustcenter.nl/gesprek-met-it-dienstverlener
https://tools.digitaltrustcenter.nl/cyberveilig-check/
