One in three companies (32 percent) in Belgium, the Netherlands and Luxembourg had to deal with a cybersecurity incident in the past year. This is shown by a survey conducted by telecom company Proximus with 250 CEOs and IT managers. In almost half of the cases, these incidents had financial consequences, and in a third of the cases, it prevented workers from doing their jobs.

About half of the incidents involved a deliberate cyber attack. Most of these attacks involve “social engineering” such as phishing. Ransomware and malware, such as viruses, worms and Trojans, complete the top 3. In the case of unintentional incidents, unauthorized actions and data breaches are most often reported.

Frequency and impact

Nearly half of cybersecurity incidents have a financial impact, such as reporting costs, reduced productivity, or reputational damage. In more than a third of the cases, this cost increases to more than 10,000 euros, for 11 percent to more than 100,000 euros. In 60 percent of incidents, the consequences are resolved in less than a day, but for 9 percent, the impact lingers for more than a month.

The frequency of cyber incidents is significantly higher in large companies with more than 2,000 employees (60 percent), compared to small and medium-sized enterprises (25 percent). This may indicate that large enterprises are a more popular target, but also better detection. In any case, the large companies are paying much more attention to raising awareness about cybersecurity.

Proximus finds that the sense of urgency among business leaders to strengthen resilience against cyber attacks is generally increasing. More and more companies are organizing training courses to raise awareness among their staff. More than one in five increased their cybersecurity budget significantly-by more than 20 percent – last year. Around 80 percent of companies have developed or are preparing a cybersecurity strategy. The sense of urgency is greater in companies that have already faced an incident.

“The human factor is still an underestimated risk in cybersecurity. Most incidents today still arise from a weak spot in the human firewall. The attackers find it much easier to exploit the gullibility of users than to find weaknesses in technical protection measures,” says Wouter Vandenbussche from Proximus.