After seeing the number of cyberattacks grow from 38,000 to 44,000 incidents in just a year, the Dutch authorities want companies to take these urgent steps.
-
Dutch privacy regulator demands 3 urgent steps after data breaches jumped from 38,000 to 44,000 in one year – says companies aren't taking cybersecurity seriously.
-
Companies must ensure high security levels by mapping risks and aligning security measures – "general level has remained too low for years."
-
Another step companies can take is limiting breach impact through data minimization, compliance with retention periods, and adequate victim notification – businesses failing basic measures.
According to the regulator, numerous businesses and organizations in the Netherlands aren’t taking cybersecurity seriously.
The number of data breaches that are reported to the supervisor clearly shows this. In 2024, the DPA received approximately 38,000 reports. In 2025, this number rose to roughly 44,000 incidents.
When an unauthorized person gains access to a company’s or organization’s IT network, it can have significant consequences for both entrepreneurs and citizens.
To boost cyber resilience and enhance cybersecurity in the Netherlands, the DPA argues that 3 improvements are urgently needed.
For starters, companies and organizations have to ensure a high level of security.
“The general level of security at companies, organizations, and ICT suppliers has remained too low for years. These organizations must take action themselves. This starts with mapping out risks and aligning security measures accordingly,” the regulator states.
Secondly, the impact of a data breach must be limited by focusing on data minimization, compliance with retention periods, and adequate information provision to victims. Too often, businesses and organizations don’t comply with these basic security measures, the privacy watchdog observes.
Lastly, politicians must ensure adequate oversight to keep the Netherlands digitally resilient and enable the DPA to conduct more preventive supervision. Therefore, it must be clear to the market and society that inadequate data security can have serious consequences.
“The solid foundation outlined in this paper is a prerequisite for making and keeping the Netherlands cyber-secure and resilient. Ensuring this foundation is essential for public trust in the digital world and for the development of our digital economy,” the DPA concludes in a position paper.
The paper serves as the basis for a roundtable discussion in the House of Representatives scheduled for Wednesday, May 20th.
On that date, the House of Representatives’ Committee on Digital Affairs will discuss the current state of cybersecurity and information security in the Netherlands with various organizations, including the DPA, GGD GHOR, Z-CERT, the Centre for Population Screening, the Health and Youth Care Inspectorate (CJI), and the National Cyber Security Centre (NCSC).
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked