Cybercrime costs Dutch businesses €10 billion per year

12 December 2017

A new report has shown that cybercrime causes a loss of value of €10 billion per year in the Dutch business sector, or 1.3% of the GDP. For SMEs, the threats are the greatest and their role as a supplier to large companies also endangers corporates – however this interconnectivity is also a strength, with experts recommending companies work together more and form 'cybersecurity communities'.

A new Deloitte survey has identified the cyber risks for the 2,600 largest companies in the Netherlands and 250,000 SMEs. Making use of the Cyber ​​Value at Risk model developed by the Big Four office together with the World Economic Forum, the report provides insight into the potential loss of value for companies by quantifying the damage of possible future attacks. The companies were divided into fifteen sectors, allowing a comparison to determine the sectors in which companies are most at risk. With the research results, Deloitte wants to help Dutch administrators make better informed decisions about which investments in the field of cyber security are required within their organisation.

The research shows that cybercrime currently causes a loss of value of approximately €10 billion per year. €9 billion of this is accounted for by large companies and corporates, while the entire Dutch SME sector has to deal with a loss of value of €1 billion. The enormous amounts lost each year due to cybercrime are, according to the researchers, an illustration of the high degree to which the Dutch business community has been digitised. The greatest risks of loss of value arise from interruptions of operational continuity (26%), loss of the reliability of communication and IT systems (26%), and loss of confidential information from third parties (25%).

Cybercrime costs Dutch businesses €10 billion per year

Hacks like this can have major implications for even the largest companies. Equifax announced in September that an incident had allowed hackers to gain access to the personal information of about 143 million Americans, along with a large number of Canadian and as many as 400,000 British individuals – spurring the FBI and the US Federal Trade Commission to launch formal investigations. Since then, at least 50 class action lawsuits have been filed against the company – issuing a stark warning for firms in the future to pay better attention to detail when regarding their exact cyber-security measures – while a huge amount of value was wiped from Equifax’s stock following the scandal.

This is rare, however, as large corporates are in general relatively well-positioned to absorb value losses. It is mainly the small and medium-sized enterprises which see their organisation and image lastingly damaged by attacks. Smaller companies cannot obtain economies of scale from their investments in cybersecurity, which means that the returns on investment (ROI) are much lower than for larger organisations.

Maarten van Wieren, a cyber security expert at Deloitte, said, "SMEs often have a less mature cyber security policy or respond only after incidents, while the cyber attacks become more refined and complex at the same time. Because they are more vulnerable to cyber attacks, they become an increasingly attractive victim. At the same time, it is becoming less and less affordable for small and medium-sized businesses to take measures that keep the cyber criminals out, as the attacks on their digital environment become more sophisticated.”

According to the researchers, however, there should be shared responsibility. Van Wieren explained, "On the one hand, small and medium-sized businesses themselves are vulnerable to cyber attacks, on the other hand their vulnerability poses a risk to larger companies given their role as a supplier."

More and more digital information is exchanged between SMEs and corporates, but due to the lower maturity in cyber security, this data can easily be captured by cyber attackers. Van Wieren continued, "Putting the cybersecurity of small and medium-sized businesses in order has become a shared responsibility. Public-private partnerships are becoming increasingly important and only by working together can we achieve a resilient and strong digital economy."

Quote - Maarten van Wieren

Cyber ​​security communities

Given the increased importance of cooperation and shared responsibility, according to Deloitte, stakeholders should collectively organise cyber risk management. By creating so-called "cyber security communities", economies of scale are realised for investments in cybersecurity, which means that the smaller companies can also benefit from improved security of their cyber environment.

According to the researchers, the need for these collective investments is increased because the increasing complexity and sophistication of cyber attacks reduces the ROI of companies on cyber security investments. "As companies become increasingly interconnected on a digital level and there are fewer analogous alternatives to fall back on, organisations are becoming increasingly dependent on each other for their security," the researchers concluded.

To help clients combat cybercrime, Deloitte opened a Cyber ​​Intelligence Center in The Hague in the summer of 2016 . The bureau is also one of the founding partners of the Dutch Cyber ​​Collective and partner of The Hague Security Delta. Deloitte is currently one of the globe’s largest cybersecurity consultancies, but was rocked earlier in 2017 when it revealed it had itself been victim of a major cybersecurity breach. According to sources close to the matter, hackers may have accessed usernames, passwords and personal details of the firm’s clients, in an attack that went unnoticed for months.

Global CEOs are upbeat about growth but weary of cyber risks

02 July 2018

CEOs across the globe remain relatively optimistic about business in the near future, with the majority predicting growth of at least 2% for the year ahead, and even more for the next three-year period. One concern that most executives have is that of cyber-security, as most feel that an attack on their firm is imminent. 

The business world is entering a period of acute uncertainty, brought about by the interplay of several factors. Hype around the industry 4.0 revolution has continues, although the manifestation of its benefits remain unrealised, primarily due to a combination of consumer disengagement and government regulations. Geopolitical developments have been worrying to say the least, as protectionist policies become the new norm. Perhaps the most direct threat to the business world, however, comes in the form of cyber attacks that have the potential to debilitate a firm in a matter of seconds. 

Nevertherless, businesses are relatively positive about their prospects going forward, as is evident from a new survey of 1,300 CEOs conducted by KPMG. The report, titled ‘Growing Pains’, covers a broad array of issues faced by CEOs, from growth to employment.


At a global level, 67% of respondents are confident of growth over the next three years, up by 2% form last year. When it comes to growth prospects for their own businesses, however, CEOs’ expectations for next three years fell from 77% in last year’s survey to 74% this year. Confidence in growth for the industry that they operate in has increased however, up from 69% last year to 78% this year.

Confidence in three-year growth

At an international level, the study shows a mixed bag for confidence in various countries’ three-year growth prospects. Companies in the US, for instance, are the most upbeat this year, with 85% of respondents expecting growth, up from 77% last year. French businesses are similarly optimistic, having witnessed a 3% increase to 80%. India, however, has seen its strong 88% confidence from last year dissolve to 69%, as uncertainties from reforms take effect.

The UK, meanwhile, saw a small decline in confidence, down from 76% last year to 65% this year, due in part to the ongoing Brexit negotiations and the consequent uncertainty. The Netherlands has seen confidence rise slightly to 64%, while their neighbours in Germany saw a decline from 78% to 61% following a year of political wrangling.

The relative confidence is not translating into top line revenue growth, with 55% projecting growth of between 0.01% and 1.99%. The reasons are multifaceted, spanning a return to territorialism as well as the impact of digitalisation, the latter of which is still in the investment stage for several firms, far from generating returns.

Confidence in own company growth changes

Respondents are also considering the possibility of slowing headcount growth, as 37% say that their headcount will increase by more than 6% over the next 3 years, which represents a drop of ten percentage points from last year.

Cyber attacks

The global shift to digital platforms has opened up a new paradigm of threats, one that has seen new kinds of online bandits seeking poorly guarded digital companies to raid. CEOs are increasingly concerned about cyber attacks on their company, as these criminals become increasingly sophisticated, often operating across international borders.

A cyber attack is now seen as a question of when and not if, and has simultaneously shifted from an IT issue to a C-suite one. US companies, in particular, (68%) see an attack as inevitable, followed by Australian companies (62%). In Germany 47% of respondents see it as a dire threat, while UK businesses are slightly less concerned at 39%.

Inevitability of a cyberattack

In terms of being prepared for an attack, there is a mixed bag among firms. Infrastructure companies, for instance are relatively well prepared at 67%, while banking and technology companies – both of which house highly sensitive information on customers – both report low levels of readiness, at 50% and 42% respectively. Meanwhile, 53% of energy companies – which have been in the spotlight due to state actor interest in hacking their systems – say that they are prepared.

Commenting on the global business sentiment, Bill Thomas, Chairman, KPMG International, said, “CEOs are harnessing the headwinds of change to steer their organisations to growth. CEOs I'm talking with recognise that geopolitical uncertainty, disruption and cyber threats are their new normal. The best are looking for the opportunities this creates, changing their systems, and in some cases their entire business. It's clear that driving growth in 2018 and beyond will require CEOs to combine resourcefulness and realism in equal measure.”