Dutch Companies Unprepared for Cyberattack-Induced Power Outages, Study Finds
A recent study commissioned by the Dutch Ministry of Economic Affairs reveals alarming gaps in emergency preparedness among businesses, with only one in five having taken precautionary measures against prolonged power outages caused by cyberattacks or sabotage. The findings come as mayors warn of escalating threats to the country’s critical infrastructure, including the electricity grid.
Mayor Marianne Schuurmans-Wijdeven of Haarlemmermeer, who chairs the Dutch Society of Mayors and serves on the national Safety Council, emphasized the urgency of the situation. Speaking to AD, she stated that a major power outage is not a matter of if but when, citing daily attempts to disrupt the grid. During a visit to an electricity plant on the Maasvlakte which supplies 8% of the Randstad’s energy she noted the relentless cyber threats faced by operators, increasing the likelihood of a successful attack.
Schuurmans-Wijdeven described a prolonged blackout as the "worst-case scenario" for the Netherlands, given the nation’s dependence on electricity. She stressed that businesses must play a central role in maintaining economic stability and supply chains, yet a Motivaction study found that while 30% of entrepreneurs fear cyberattacks and international tensions, only 20% have implemented precautionary measures or mapped critical processes. A third expect to face an emergency soon, and a quarter report already suffering damage from past disruptions.
The lack of preparation is particularly concerning for high-risk targets like Schiphol Airport and the Port of Rotterdam, which have been identified in threat scenarios including alleged Russian speculation about a tactical nuclear strike on the port. While these locations have heightened security measures, Schuurmans-Wijdeven warned that vigilance is needed nationwide, urging businesses to develop continuity plans addressing key vulnerabilities: communication failures, inaccessible buildings, disrupted transport, and reliance on digital systems.
Entrepreneurs, however, appear skeptical of government support, with only 10% believing authorities are doing enough to build a resilient economy. Schuurmans-Wijdeven countered that businesses must take ownership of their preparedness, framing it as a core responsibility akin to workplace safety. She acknowledged the challenge of shifting mindsets after decades of stability but insisted that proactive planning is essential, as attackers will not wait for the Netherlands to catch up.
Source: https://nltimes.nl/2026/05/11/businesses-far-vulnerable-cyberattacks-data-leaks
Schiphol Airport TPRM report: https://www.rankiteo.com/company/amsterdam-airport-city
Dutch Ministry of Economic Affairs TPRM report: https://www.rankiteo.com/company/ministry-of-economic-affairs-and-finance
"id": "minams1778503631",
"linkid": "ministry-of-economic-affairs-and-finance, amsterdam-airport-city",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Transportation/Aviation',
'location': 'Netherlands',
'name': 'Schiphol Airport',
'type': 'Airport'},
{'industry': 'Maritime/Logistics',
'location': 'Netherlands',
'name': 'Port of Rotterdam',
'type': 'Port'},
{'industry': 'Energy',
'location': 'Maasvlakte, Netherlands',
'name': 'Maasvlakte Electricity Plant',
'size': 'Supplies 8% of the Randstad’s energy',
'type': 'Power Plant'},
{'industry': 'Multiple',
'location': 'Netherlands',
'name': 'Dutch Businesses (General)',
'type': 'Various'}],
'attack_vector': 'Cyberattack/Sabotage',
'description': 'A recent study commissioned by the Dutch Ministry of Economic '
'Affairs reveals alarming gaps in emergency preparedness among '
'businesses, with only one in five having taken precautionary '
'measures against prolonged power outages caused by '
'cyberattacks or sabotage. The findings highlight escalating '
'threats to the country’s critical infrastructure, including '
'the electricity grid.',
'impact': {'downtime': 'Prolonged power outage (unspecified duration)',
'operational_impact': 'Disrupted supply chains, economic '
'instability, communication failures, '
'inaccessible buildings, disrupted '
'transport, reliance on digital systems',
'systems_affected': 'Electricity grid, critical infrastructure'},
'lessons_learned': 'Businesses must take ownership of their preparedness for '
'cyberattack-induced power outages, as only 20% have '
'implemented precautionary measures. Proactive planning is '
'essential to address vulnerabilities in communication, '
'transport, and digital systems.',
'post_incident_analysis': {'corrective_actions': 'Businesses should map '
'critical processes, '
'implement precautionary '
'measures, and develop '
'continuity plans to '
'mitigate risks.',
'root_causes': 'Lack of preparedness among '
'businesses, escalating cyber '
'threats to critical '
'infrastructure, and reliance on '
'digital systems without adequate '
'safeguards.'},
'recommendations': ['Develop continuity plans addressing key vulnerabilities '
'(communication failures, inaccessible buildings, '
'disrupted transport, and reliance on digital systems).',
'Enhance emergency preparedness and resilience, '
'particularly for critical infrastructure.',
'Shift mindsets to treat cybersecurity and power outage '
'preparedness as core business responsibilities.'],
'references': [{'source': 'AD (Dutch News Outlet)'},
{'source': 'Motivaction Study (Commissioned by Dutch Ministry '
'of Economic Affairs)'}],
'response': {'enhanced_monitoring': 'Heightened security measures at '
'high-risk targets'},
'stakeholder_advisories': 'Mayor Marianne Schuurmans-Wijdeven urges '
'businesses to take proactive steps in '
'preparedness, warning that a major power outage is '
"a matter of 'when,' not 'if.'",
'title': 'Dutch Companies Unprepared for Cyberattack-Induced Power Outages',
'type': 'Cyberattack-Induced Power Outage'}