One in five businesses fall victim to cybercrime
Half of the Dutch private sector encounter ICT incidents from time to time. External cyber attacks are not as common as unintentional cyber incidents; for example, failure of ICT systems as a result of disruptions in hardware or software occurs most frequently. Approximately 43 percent of businesses were affected by this in 2016.
| Incidents | Costs due to incidents | |
|---|---|---|
| ICT incident(s) total | 50 | 24 |
| ICT incident(s) due to cyber attack | 21 | 11 |
| Failure due to cyber attack | 13 | 7 |
| Data loss/corruption due to cyber attack | 13 | 6 |
| Data disclosure due to cyber attack | 3 | 1 |
| Failure due to disruption | 43 | 19 |
| Data loss/corruption due to disruption | 8 | 4 |
| Data disclosure by staff | 4 | 1 |
Half of businesses with ICT incidents incur costs
External cyber attacks lead to costs just as often as disruptions in ICT systems; in around 50 percent of the cases. For example, costs are incurred due to repair activities or additional protection of ICT systems. Businesses also suffer loss of turnover. Cyber attacks can lead to failure of systems, loss or corruption of data as well as data theft.
Internal disclosure of data, whether or not intentional, involves costs in a significantly smaller number of cases. This type of incident occurs far less often and apparently requires other - often less expensive - types of measures.
Differences vary per industry
Around half of enterprises in most branches of industry encountered an ICT incident in 2016, but there are wide variations. The sector hotels and restaurants suffers little from ICT problems (33 percent of businesses) while the health and care sector is affected relatively often (57 percent).
External cyber attacks occur relatively often in the financial sector and at energy companies. In the financial sector, these attacks often lead to failure of ICT systems, whereas energy companies experience more loss or corruption of data. ICT incidents also occur relatively often in the health and care sector, but they are more frequently related to hardware and software failure and intentional or unintentional disclosure of data by staff.
Share of enterprises (≥10 employed persons) with ICT incidents, 2016 ICT incident(s) ICT incident(s) due to cyber attack Manufacturing industry 52 22 Energy & water 54 29 Construction 50 21 Trade 54 25 Transport and storage 48 22 Hotels and restaurants 33 9 Information and communication 48 20 Financial sector 53 28 Real estate activities 53 22 Specialist business services 55 22 Other business services 45 18 Health care 57 19
| ICT incident(s) | ICT incident(s) due to cyber attack | |
|---|---|---|
| Manufacturing industry | 52 | 22 |
| Energy & water | 54 | 29 |
| Construction | 50 | 21 |
| Trade | 54 | 25 |
| Transport and storage | 48 | 22 |
| Hotels and restaurants | 33 | 9 |
| Information and communication | 48 | 20 |
| Financial sector | 53 | 28 |
| Real estate activities | 53 | 22 |
| Specialist business services | 55 | 22 |
| Other business services | 45 | 18 |
| Health care | 57 | 19 |
ICT incidents more often seen in large enterprises
Large enterprises are affected by ICT incidents more frequently than smaller businesses. For example, three-quarters of firms with 500 employed persons encountered one or more ICT incidents in 2016. This applied to 43 percent of businesses with 10 to 20 employed persons. ICT incidents as a result of external cyber attacks occur in 41 percent and 15 percent of these businesses respectively.