More than half of employees use generative AI, phishing is still the most common form of cybercrime within the workplace, and most employees feel comfortable enough to report cyber incidents within their organizations. Some of the results of the Alert Online trend survey released today.
Commissioned by the Ministry of Economic Affairs, Ipsos I&O conducted research into the knowledge and perception of digital security among the Dutch. The Digital Trust Center (DTC) zooms in on some striking findings from the Sub-report Business.
The use of AI among employees is significant, for example, half of employees use either incidental (35%) or structural (14%) generative AI. In addition, the implementation of clear guidelines for the use of generative AI is not yet widespread. About a quarter (26%) of employees indicate that there are clear guidelines within their organization to manage potential risks, slightly less than a quarter (23%) indicate that this is not the case, and the remainder of employees (38%) indicate that they do not have a good handle on this.
ICT leaders are more positive about the guidelines for AI within the organization. Almost half of ICT leaders (45%) feel there are good guidelines and about one-fifth (22%) say there are not.
Three in ten (31%) employees received a phishing email in the past 12 monthsphishing email. Among ICT managers, this was as high as four in ten (44%). In both groups, this is the form of cybercrime most commonly experienced. The proportion of employees who experienced a phishing attempt increased from 25% in 2024 to 31% in 2025. As in 2024, ICT executives report experiencing various presented forms of cybercrime more often than other employees.
Logging in in two steps is the most common action taken on behalf of online safe behavior at companies. 55% of employees indicate that this is an obligation within their organization. This measure is also mentioned most often by ICT managers (64%) and employees of large companies (64%). Large companies take proportionately more actions. At companies where agreements have been made about safe online behavior, most employees (80%) feel comfortable reporting cyber incidents within their organization.
A third (34%) of employees rate their own knowledge of online safety as (very) good. In 2024, this percentage was 27%. ICT managers rate their knowledge higher than other employees. The proportion of ICT managers who rate their knowledge as (very) good is 61%. On the other hand, four in ten (43%) ICT managers worry about their own online security at work. For employees, this percentage is significantly lower: 27% say they are concerned.
Each year, a survey is conducted on the knowledge, attitudes and behaviors of different target groups regarding online safety. The research consists of a main report and sub-reports on the business community and government. For the Enterprise sub-report, the survey was conducted among 734 employees and 754 ICT managers.
Small businesses may experience a financial barrier to taking much-needed basic measures. That's why the Digital Trust Center is temporarily offering a grant available for small businesses looking to increase their cyber resilience. Through My Cyber Resilient Business, companies can receive up to €1,250 in subsidies for the purchase value and/or implementation costs of a good number of basic measures. Be quick because the grant can still be applied for through Oct. 31, 2025 and will be awarded on a first-come, first-served basis until the maximum budget is reached.
