Dutch Businesses See Fewer Cyberattack Damages, But AI and US Tech Dependence Raise New Risks
A recent study by ABN Amro and MWM2 reveals a decline in cyberattack-related damages among Dutch businesses in 2023, though underlying vulnerabilities persist. The survey of 777 organizations found that 60% of small and medium-sized enterprises (SMEs) experienced malware, phishing, or data breaches down from 72% the previous year. Among the self-employed, incidents fell from 57% to 48%, while large firms saw a slight drop from 79% to 76%. Only 15% of affected companies reported financial or operational harm, compared to 20% in 2022.
Researchers attribute the improvement to stronger basic defenses, including better firewalls, faster threat detection, and improved password practices. However, the number of attacks themselves has not decreased, suggesting that while defenses are holding, risks remain high. The findings come amid a series of high-profile breaches in the Netherlands, including Odido’s February leak of 6.2 million customer records the largest in Dutch history as well as attacks on medical software provider Chipsoft and the town of Epe, where nearly all 32,000 residents’ data was compromised.
Despite the progress, the study highlights critical gaps in preparedness: only 25% of SMEs have a cyberattack response plan, and 43% have never conducted a drill. The rise of AI-driven threats further complicates the landscape, enabling faster attacks, easier exploitation of vulnerabilities, and more convincing impersonation scams. Nearly a third of firms also express concerns about employees inadvertently leaking sensitive data through AI tools like ChatGPT and Claude, yet fewer than 10% of SMEs have policies governing their use.
Another growing risk is the heavy reliance on U.S. tech giants, with nearly half of Dutch firms dependent on providers like Microsoft, Amazon, and Google. The report warns that this concentration poses business risks, including potential government data access demands or service disruptions. Political tensions have already surfaced, such as the Dutch cabinet’s decision to block the sale of DigiD operator Solvinity to U.S. firm Kyndryl on national security grounds.
In response, 64% of SMEs are taking steps to reduce dependence on U.S. providers, with 17% partially shifting to European alternatives such as local cloud services or AI models compared to just 12% of large firms, which face greater challenges in transitioning. The findings underscore a shifting cybersecurity landscape where improved defenses are being tested by emerging threats and geopolitical risks.
Source: https://www.dutchnews.nl/2026/06/fewer-dutch-firms-hit-by-cyberattacks-but-ai-threats-loom/
ChipSoft Nederland cybersecurity rating report: https://www.rankiteo.com/company/chipsoft
"id": "CHI1782225432",
"linkid": "chipsoft",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '6200000',
'industry': 'Telecom',
'location': 'Netherlands',
'name': 'Odido',
'size': 'Large',
'type': 'Telecommunications'},
{'industry': 'Healthcare',
'location': 'Netherlands',
'name': 'Chipsoft',
'size': 'Large',
'type': 'Medical Software Provider'},
{'customers_affected': '32000',
'industry': 'Public Sector',
'location': 'Netherlands',
'name': 'Town of Epe',
'size': 'Small',
'type': 'Government'},
{'industry': 'Various',
'location': 'Netherlands',
'name': 'Dutch SMEs (General)',
'size': 'Small/Medium',
'type': 'Businesses'},
{'industry': 'Various',
'location': 'Netherlands',
'name': 'Dutch Large Firms (General)',
'size': 'Large',
'type': 'Businesses'}],
'data_breach': {'number_of_records_exposed': ['6200000', '32000'],
'personally_identifiable_information': True,
'type_of_data_compromised': ['customer records',
'resident data']},
'description': 'A recent study by ABN Amro and MWM2 reveals a decline in '
'cyberattack-related damages among Dutch businesses in 2023, '
'though underlying vulnerabilities persist. The survey of 777 '
'organizations found that 60% of SMEs experienced malware, '
'phishing, or data breaches, down from 72% the previous year. '
'Large firms saw a slight drop in incidents, and only 15% of '
'affected companies reported financial or operational harm. '
'Despite improved defenses, risks remain high due to AI-driven '
'threats and dependence on US tech providers.',
'impact': {'data_compromised': True, 'operational_impact': True},
'lessons_learned': 'Improved basic defenses (firewalls, threat detection, '
'password practices) have reduced damages, but risks '
'persist due to AI-driven threats and US tech dependence. '
'Only 25% of SMEs have a cyberattack response plan, and '
'43% have never conducted a drill. AI tools like ChatGPT '
'and Claude pose data leakage risks, and reliance on US '
'tech providers introduces geopolitical risks.',
'post_incident_analysis': {'corrective_actions': ['Strengthen basic defenses '
'(firewalls, threat '
'detection, password '
'practices)',
'Develop and test incident '
'response plans',
'Implement AI usage '
'policies',
'Reduce reliance on US tech '
'providers'],
'root_causes': ['Insufficient cybersecurity '
'preparedness (only 25% of SMEs '
'have a response plan)',
'AI-driven threats (faster '
'attacks, easier exploitation, '
'impersonation scams)',
'Dependence on US tech providers '
'(geopolitical and operational '
'risks)']},
'recommendations': ['Develop and test cyberattack response plans',
'Implement policies for AI tool usage',
'Reduce dependence on US tech providers by exploring '
'European alternatives',
'Enhance monitoring for AI-driven threats',
'Conduct regular cybersecurity drills'],
'references': [{'source': 'ABN Amro and MWM2 Study'}],
'title': 'Decline in Cyberattack Damages Among Dutch Businesses, but AI and '
'US Tech Dependence Raise Risks',
'type': ['malware', 'phishing', 'data breach']}